Releases: pralab/secml
Releases · pralab/secml
v0.15.3
v0.15.2
v0.15.1
v0.15
CHANGELOG
- Migration to github.com
v0.14.1
See full release here: https://gitlab.com/secml/secml/-/releases/v0.14.1
CHANGELOG
- This version brings fixes for a few issues with the optimizers and related classes, along with improvements to documentation for all attacks, optimizers, and related classes.
Fixed (3 changes)
- #923 Fixed
COptimizerPGDLS
andCOptimizerPGDLS
not working properly if the classifier's gradient has multiple components with the same (max) value. - #919 Fixed
CConstraintL1
crashing when projecting sparse data using default center value (scalar 0). - #920 Fixed inconsistent results between dense and sparse data for
CConstraintL1
projection caused by type casting.
Removed & Deprecated (1 change)
- #922 Removed unnecessary parameter
discrete
fromCOptimizerPGDLS
andCOptimizerPGDExp
.
Documentation (2 changes)
- #100017 Improved documentation of
CAttackEvasion
,COptimizer
,CLineSearch
, and corresponding subclasses. - #918 Installing the latest stable version of RobustBench instead of the master version.
v0.14
See full release here: https://gitlab.com/secml/secml/-/releases/v0.14
CHANGELOG
- #795 Added new package
adv.attacks.evasion.foolbox
with a wrapper for Foolbox. - #623
secml
is now tested for compatibility with Python 3.8. - #861 N-Dimensional input is now accepted by
CArray
. - #853 Added new notebook tutorial with an application on Android Malware Detection.
- #859 Add a new tutorial notebook containing example usage and attack against RobustBench models.
- #898 Added “Open in Colab” button to all tutorial notebooks.
- #845 Static Application Security Testing (SAST) using bandit is now executed during testing process.
Requirements (5 changes)
- #623
secml
is now tested for compatibility with Python 3.8. - #623 The following dependencies are now required:
scipy >= 1.3.2
,scikit-learn >= 0.22
,matplotlib >= 3
. - #623 The
pytorch
extra component now installs:torch >= 1.4
,torchvision >= 0.5
. - #623 The
cleverhans
extra component is now available on Python < 3.8 only, due totensorflow 1
compatibility. - #822 Dropped official support of Python 3.5, which reached End Of Life on 13 Sep 2020. SecML may still be usable in the near future on Python 3.5 but we stopped running dedicated tests on this interpreter.
Added (3 changes)
- #795 Added new package
adv.attacks.evasion.foolbox
with a wrapper for Foolbox. - #880 Added new
shape
parameter to the followingCArray
methods:get_data
,tondarray
,tocsr
,tocoo
,tocsc
,todia
,todok
,tolil
,tolist
. The reshaping operation is performed after casting the array to the desired output data format. - #855 Added new ROC-related performance metrics:
CMetricFNRatFPR
,CMetricTHatFPR
,CMetricTPRatTH
,CMetricFNRatTH
.
Improved (3 changes)
- #861 N-Dimensional input is now accepted by
CArray
. If the number of dimensions of input data is higher than 2, the data is reshaped to 2 dims, and the original shape is stored in the new attributeinput_shape
. - #910 The MNIST dataset loader
CDataLoaderMNIST
now downloads the files from our model-zoo mirror (https://gitlab.com/secml/secml-zoo/-/tree/datasets/MNIST). - #886 Torch datasets now stored by
CDataLoaderTorchDataset
in a "pytorch" subfolder ofSECML_DS_DIR
to avoid naming collisions.
Fixed (8 changes)
- #897 Fixed crash in
CAttackPoisoning
wheny_target != None
due to missing broadcasting to expected shape. - #873 Use equality instead of identity to compare literals (fixing related SyntaxWarning in Python 3.8).
- #867 Now calling
StandardScaler
,CScalerNorm
,CScalerMinMax
arguments using keywords to fix scikit futurewarning in version 0.23 or later. - #870 Filtering "DeprecationWarning: tostring() is deprecated. Use tobytes() instead." raised by tensorflow 1.15 if numpy 1.19 is installed.
- #868 Correctly escaping latex commands in docstrings to avoid "DeprecationWarning: invalid escape sequence \s".
- #871 Fixed
ValueError: k exceeds matrix dimensions
not raised by scipy v1.5 if ak
outside the array dimensions is used to extract a diagonal. - #872 Fixed scipy 1.5 not always keeping the dtype of the original array during getitem (especially if the result is an empty array).
- #888 Filter warning raised by torchvision mnist loader first time you download.
Removed & Deprecated (2 changes)
- #875 Removed parameter
frameon
fromCFigure.savefig
as it is deprecated in matplotlib >= 3.1. - #875 Removed parameter
papertype
fromCFigure.savefig
as it is deprecated in matplotlib >= 3.3.
Documentation (10 changes)
- #853 Added new notebook tutorial with an application on Android Malware Detection.
- #859 Add a new tutorial notebook containing example usage and attack against RobustBench models.
- #898 Added "Open in Colab" button to all tutorial notebooks.
- #899 Added "Edit on Gitlab" button to doc pages.
- #900 Moved notebook 11 "Evasion Attacks on ImageNet (Computer Vision)" to "Applications" section.
- #905 Changed image used by notebook 8, as the previous one is no more available.
- #903 Updated roadmap page in documentation.
- #890 Fixed multiple typos and improved language in the README.
- #878 Updated intersphinx mapping for numpy's documentation.
- #850 Fixed
MNIST
typo in notebook 10.
v0.13
See full release here: https://gitlab.com/secml/secml/-/releases/v0.13
CHANGELOG
- #814 Added new evasion attack
CAttackEvasionPGDExp
. - #780 Added new classifier
CClassifierDNR
implementing Deep Neural Rejection (DNR). See Sotgiu et al. “Deep neural rejection against adversarial examples”, EURASIP J. on Info. Security (2020). - #47 Added new classifier
CClassifierMulticlassOVO
implementing One-vs-One multiclass classification scheme. - #765 Extended
CModule
to support trainable modules viafit
andfit_forward
functions. - #800 Security evaluation can now be run using Cleverhans attacks. The name of the parameter to check should be specified as
attack_params.<param_name>
as an input argument for the constructor ofCSecEval
. - #839 Experimental support of Windows operating system (version 7 or later).
Requirements (1 change)
- #768 Removed temporary pin of Pillow to v6 which used to break torch and torchvision packages.
Added (4 changes)
- #100007 Added new experimental package
ml.scalers
with a different implementation ofml.features.normalization
classes directly based Scikit-Learn's scalers. Included classes are:CScalerMinMax
,CScalerStd
,CScalerNorm
. - #770 Added new methods to convert a
CArray
to specificscipy.sparse
array formats:tocoo
,tocsc
,todia
,todok
,tolil
. - #812
CAttackPoisoning
now exposes:x0
,xc
,yc
,objective_function
andobjective_function_gradient
. - #776
n_jobs
is now a init parameter ofCModule
and subclasses and not passed viafit
anymore.
Improved (12 changes)
- #817 Added
CClassifierSVM
native support to OVA multiclass scheme, without replicating the kernel in each one-vs-all classifier. - #574 Added
_clear_cache
mechanism toCModule
and classes that require caching data in the forward pass before backward (e.g., exponential kernels do that to avoid re-computing the kernel matrix in the backward pass). - #820 Add parallel execution of
forward
method forCClassifierMulticlassOVA
andCClassifierMulticlassOVO
. - #815 Simplified
CAttack
interface (now only requires implementingrun
as required byCSecEval
). - #574 Modified kernel and classifier interfaces to allow their use as preprocessing modules.
- #775 Improved efficiency in gradient computation of SVMs, by back-propagating the alpha values to the kernel.
- #773 Improved efficiency in the computation of gradients of evasion attacks (
CAttackEvasionPGDLS
). Now gradient is called once rather than twice to compute the gradient of the objective function. - #801
CSecEval
will now check that theparam_name
input argument can be found in the attack class used in the evaluation. - #695
COptimizerPGD
now exits optimization if constraint radius is 0.COptimizerPGD
,COptimizerPGDLS
andCOptimizerPGDExp
will now raise a warning if the 0-radius constraint is defined outside the given bounds. - #828
CClassifierSVM
now usesn_jobs
parameter for parallel execution of training in case of multiclass datasets. - #767 Using
scipy.sparse
.hstack
and.vstack
instead of a custom implementation inCSparse.concatenate
. - #772 Using
scipy.sparse
.argmin
and.argmax
instead of a custom implementation inCSparse.argmin
andCSparse.argmax
.
Changed (6 changes)
- #817 Kernel is now used as preprocess in
CClassifierSVM
. - #817 Removed
store_dual_vars
andkernel.setter
fromCClassifierSVM
. Now a linear SVM is trained in the primal (w,b) ifkernel=None
, otherwise it is trained in the dual (alpha and b), on the precomputed training kernel matrix. - #765 Unified
fit
interface fromfit(ds)
tofit(x,y)
to be consistent across normalizers and classifiers. - #574 Removed redundant definitions of
gradient(x, w)
fromCKernelRBF
,CKernelLaplacian
,CKernelEuclidean
,CClassifierDNN
,CNormalizerUnitNorm
. The protected propertygrad_requires_forward
now specifies if gradient has to compute an explicit forward pass or only propagate the inputx
through the pre-processing chain before callingbackward
. - #823 Removed
surrogate_data
parameter fromCAttackPoisoning
and renamed it todouble_init_ds
inCAttackEvasion
subclasses. - #829
CClassifierRejectThreshold
now returns wrapped classifier classes plus the reject class (-1).
Fixed (10 changes)
- #816 Fixed stop condition of
COptimizerPGD
which was missing indexi
. - #825 Infer the number of attacked classifier classes directly from it (instead of inferring it from surrogate data) in
CAttackEvasionPGDLS
to fix a crash when the class index of data points is greater or equal than the number of alternative data points. - #810 Fixed
CClassifierPyTorch.backward
not working properly due to a miscalculation of the number of input features of the model when aCNormalizeDNN
is used as preprocessor. - #803 Fixed checks on the inner classifier in
CClassifierRejectThreshold
which can be bypassed by using the clf attribute setter, now removed. - #818 Fixed
CCreator.set
not allowing to set writable attributes of level-0 readable-only attributes. - #819 Fixed
CCreator.get_params
not returning level-0 not-writable attributes having one or more writable attributes. - #785 Fixed constant override of matplotlib backend in
CFigure
on Windows systems. - #783 Fixed
model_zoo.load_model
improperly building download urls depending on the system default url separator. - #771 Fixed the following methods of
CSparse
to ensure they properly work independently from the sparse array format:save
,load
,__pow__
,round
,nan_to_num
,logical_and
,unique
,bincount
,prod
,all
,any
,min
,max
. - #769
CArray.tocsr()
now always returns ascipy.sparse.csr_matrix
array as expected.
Removed & Deprecated (2 changes)
- #540 Removed
discrete
andsurrogate_classifier
parameter fromCAttack
. - #777 Deprecated attribute
kernel
is now removed fromCClassifierSGD
,CClassifierRidge
andCClassifierLogistic
classifiers.
Documentation (10 changes)
- #839 Windows is now displayed as a supported Operating System in README and setup.
- #806 Documented pytorch extra component installation requirements under Windows.
- #834 Temporarily pinned
numpydoc
to< 1.1
to avoid compatibility issues of the newest version. - #807 Documentation is now built using Sphinx https://readthedocs.org/ theme v0.5 or higher.
- #830 Fixed links to repository pages by adding a dash after project name.
- #758 Added a direct link to the gitlab.com repository in README.
- #788 Notebooks now include a warning about the required extra components (if any).
- #787 Fixed argmin -> argmax typo in docstring of
CClassifierRejectThreshold.predict
method. - #789 Fixed notebook 4 not correctly generating a separate dataset for training the target classifiers.
- #791 Fixed
random_state
not set forCClassifierDecisionTree
in notebook 4.