ART 1.11.0

[beat-buesser]

This release of ART 1.11.0 introduces estimators for YOLO object detection and regression models, the first audio poisoning attack, new quey-efficient black-box evasion attacks, certified defenses against adversarial patch attacks, metrics quantifying membership inference and more.

Added

• Added Momentum-Iterative FGSM evasion attack in MomentumIterativeMethod and added optional momentum to loss gradients in ProjectedGradientDescent* attacks. (Add MIFGSM #1614)
• Added metrics measuring worst-case scores of membership inference attacks. (MIA worst case score  #1709)
• Added estimator for YOLO v3 models in PyTorch in PyTorchYolo. (Add Estimator for YOLO object detection models in PyTorch #1715)
• Added estimators for de-randomized smoothing certification against patch attacks in PyTorchDeRandomizedSmoothing and TensorFlowV2DeRandomizedSmoothing. (Derandomized smoothing #1729)
• Added query-efficient hard-label black-box evasion attack Sign-Opt in SignOPTAttack. (Implement SIGN-OPT: A Query-Efficient Hard-label Black-box Attack #1730)
• Added Sleeper Agent poisoning attack PyTorch in SleeperAgentAttack. (Implement sleeper agent hidden trigger backdoor attack in PyTorch #1736)
• Added exclusionary reclassification to ActivationDefence. (Exclusionary Reclassification #1738)
• Added dirty-label backdoor poisoning attack on audio classification in art.attacks.poisoning.perturbations.audio_perturbations. (Dirty-Label Backdoor Poisoning Attack for Audio #1740)
• Added estimators for regression in PyTorchRegressor and KerasRegressor for PyTorch and Keras. (Regression support for pytorch and keras #1651)
• Added option for targeted attacks to AdversarialPatch and AdversarialPatchNumpy. (Add targeted option to AdversarialPatch and AdversarialPatchNumpy #1759)

Changed

• Changed check_and_transform_label_format for nb_classes=None to automatically determine the number of classes in the provided labels. (Label fixes #1747)
• Added additional documentation to ZOOAttack and cleaned up the code of method compare. (Zoo documentation #1648)
• Changed default value for number of epochs nb_epochs in AdversarialTrainerMadryPGD to match 80'000 training steps of Madry et al. (Update default value for nb_epochs in AdversarialTrainerMadryPGD #1758)

Removed

[None]

Fixed

• Fixed PyTorchClassifier.clone_fore_refitting by deleting optimizer from parameters before calling set_param() to avoid creating the cloned model with the old optimizer. (PyTorchClassifier: delete optimizer before calling set_param() #1742)
• Fixed missing propagation of nb_classes to method check_and_transform_label_format in inference attacks. (Send nb_classes to check_and_transform_label_format in inference attacks #1713)

---

This discussion was created from the release ART 1.11.0.