ART 1.1.0
This release of ART v1.1.0 introduces a new class of attacks and defences for model extraction threats in addition to the existing attacks and defences for evasion and poisoning, enables top level package import of ART, and includes a Kubeflow component demonstrating an example application of ART for robustness evaluation of machine learning models.
Added
- Added separate base classes for evasion, extraction, and poisoning attacks (#250)
- Added the Functionally Equivalent Extraction attack for neural networks with two dense layers and ReLU activation (#231)
- Added the Copycat CNN extraction attack (#232)
- Added defences against model extraction attacks including output modification with reverse sigmoid, random noise, class labels, and high confidence (#234)
- Added support for top level package import to enable
import art(#240) - Added references to current limitations of defences (#228)
- Added version to the ART package (#239)
- Added a Kubeflow component using ART to run a robustness evaluation of PyTorch models with FGSM. This is a simple example and does not intend to represent a comprehensive robustness evaluation. (#206)
- Added class gradients to
art.classifiers.ScikitlearnSVCto enable targeted white-box attacks on SVM (#215) - Added checks to all classifiers raising an exception if the input data is of format
np.uint8,np.uint16,np.uint32, ornp.uint64to avoid unexpected outcomes during input preprocessing (#226) - Added support for Keras 2.3 and later with TensorFlow v2 as backend (#200)
Changed
- Changed the Fast Gradient Sign Method attack minimal perturbation implementation to prevent it from modifying the original input data (#213)
- Changed the reporting of attack success rates to always report percentages across all attacks (#202)
- Changed and improved the detection of the loss function in
KerasClassifier(#212)
Removed
[None]