This release of ART 1.12.0 introduces the first black-box adversarial patch attack, overlapping shadow datasets for membership inference, certified adversarial training, and more.
Added
- Added Sleeper Agent poisoning attack in TensorFlow in `art.attacks.poisoning.SleeperAgentAttack` (1769)
- Added support for overlapping shadow models and black-box model predictions as input in membership inference attacks (1778)
- Added adversarial accuracy as a metric (1779)
- Added function `art.utils.uniform_sample_from_sphere_or_ball` to sample uniformly from either the ball or the sphere with a given norm and radii (1804)
- Added GRAPHITE, black- and white-box evasion attacks generating adversarial patches (1828)
- Added certified adversarial training (1841)
Changed
- Changed `art.attacks.evasion.DPatch` to accept true labels (1780)
- Changed `art.utils.random_sphere` to use a different, faster algorithm for norm=1 based on exponential distribution (1805)
Removed
[None]
Fixed
[None]