v0.15.3

Changelog

• Fixed TensorFlow requirement when importing attacks

v0.15.2

Changelog

• #13 Fixed bug in ridge classifier default parameter
• #13 Fixed bug in influence function due to deprecation of pinv2 function
• #13 Removed tests for cleverhans extra (future deprecation)

v0.15.1

Changelog

• #11 Fixed install instructions in tutorial notebooks
• #8 Fixed bug with foolbox CW Attack

v0.15

CHANGELOG

• Migration to www.github.com

v0.14.1

See full release here: https://gitlab.com/secml/secml/-/releases/v0.14.1

CHANGELOG

• This version brings fixes for a few issues with the optimizers and related classes, along with improvements to documentation for all attacks, optimizers, and related classes.

Fixed (3 changes)

• #923 Fixed COptimizerPGDLS and COptimizerPGDLS not working properly if the classifier's gradient has multiple components with the same (max) value.
• #919 Fixed CConstraintL1 crashing when projecting sparse data using default center value (scalar 0).
• #920 Fixed inconsistent results between dense and sparse data for CConstraintL1 projection caused by type casting.

Removed & Deprecated (1 change)

• #922 Removed unnecessary parameter discrete from COptimizerPGDLS and COptimizerPGDExp.

Documentation (2 changes)

• #100017 Improved documentation of CAttackEvasion, COptimizer, CLineSearch, and corresponding subclasses.
• #918 Installing the latest stable version of RobustBench instead of the master version.

v0.14

See full release here: https://gitlab.com/secml/secml/-/releases/v0.14

CHANGELOG

• #795 Added new package adv.attacks.evasion.foolbox with a wrapper for Foolbox.
• #623 secml is now tested for compatibility with Python 3.8.
• #861 N-Dimensional input is now accepted by CArray.
• #853 Added new notebook tutorial with an application on Android Malware Detection.
• #859 Add a new tutorial notebook containing example usage and attack against RobustBench models.
• #898 Added “Open in Colab” button to all tutorial notebooks.
• #845 Static Application Security Testing (SAST) using bandit is now executed during testing process.

Requirements (5 changes)

• #623 secml is now tested for compatibility with Python 3.8.
• #623 The following dependencies are now required: scipy >= 1.3.2, scikit-learn >= 0.22, matplotlib >= 3.
• #623 The pytorch extra component now installs: torch >= 1.4, torchvision >= 0.5.
• #623 The cleverhans extra component is now available on Python < 3.8 only, due to tensorflow 1 compatibility.
• #822 Dropped official support of Python 3.5, which reached End Of Life on 13 Sep 2020. SecML may still be usable in the near future on Python 3.5 but we stopped running dedicated tests on this interpreter.

Added (3 changes)

• #795 Added new package adv.attacks.evasion.foolbox with a wrapper for Foolbox.
• #880 Added new shape parameter to the following CArray methods: get_data, tondarray, tocsr, tocoo, tocsc, todia, todok, tolil, tolist. The reshaping operation is performed after casting the array to the desired output data format.
• #855 Added new ROC-related performance metrics: CMetricFNRatFPR, CMetricTHatFPR, CMetricTPRatTH, CMetricFNRatTH.

Improved (3 changes)

• #861 N-Dimensional input is now accepted by CArray. If the number of dimensions of input data is higher than 2, the data is reshaped to 2 dims, and the original shape is stored in the new attribute input_shape.
• #910 The MNIST dataset loader CDataLoaderMNIST now downloads the files from our model-zoo mirror (https://gitlab.com/secml/secml-zoo/-/tree/datasets/MNIST).
• #886 Torch datasets now stored by CDataLoaderTorchDataset in a "pytorch" subfolder of SECML_DS_DIR to avoid naming collisions.

Fixed (8 changes)

• #897 Fixed crash in CAttackPoisoning when y_target != None due to missing broadcasting to expected shape.
• #873 Use equality instead of identity to compare literals (fixing related SyntaxWarning in Python 3.8).
• #867 Now calling StandardScaler, CScalerNorm, CScalerMinMax arguments using keywords to fix scikit futurewarning in version 0.23 or later.
• #870 Filtering "DeprecationWarning: tostring() is deprecated. Use tobytes() instead." raised by tensorflow 1.15 if numpy 1.19 is installed.
• #868 Correctly escaping latex commands in docstrings to avoid "DeprecationWarning: invalid escape sequence \s".
• #871 Fixed ValueError: k exceeds matrix dimensions not raised by scipy v1.5 if a k outside the array dimensions is used to extract a diagonal.
• #872 Fixed scipy 1.5 not always keeping the dtype of the original array during getitem (especially if the result is an empty array).
• #888 Filter warning raised by torchvision mnist loader first time you download.

Removed & Deprecated (2 changes)

• #875 Removed parameter frameon from CFigure.savefig as it is deprecated in matplotlib >= 3.1.
• #875 Removed parameter papertype from CFigure.savefig as it is deprecated in matplotlib >= 3.3.

Documentation (10 changes)

• #853 Added new notebook tutorial with an application on Android Malware Detection.
• #859 Add a new tutorial notebook containing example usage and attack against RobustBench models.
• #898 Added "Open in Colab" button to all tutorial notebooks.
• #899 Added "Edit on Gitlab" button to doc pages.
• #900 Moved notebook 11 "Evasion Attacks on ImageNet (Computer Vision)" to "Applications" section.
• #905 Changed image used by notebook 8, as the previous one is no more available.
• #903 Updated roadmap page in documentation.
• #890 Fixed multiple typos and improved language in the README.
• #878 Updated intersphinx mapping for numpy's documentation.
• #850 Fixed MNIST typo in notebook 10.

v0.13

See full release here: https://gitlab.com/secml/secml/-/releases/v0.13

CHANGELOG

• #814 Added new evasion attack CAttackEvasionPGDExp.
• #780 Added new classifier CClassifierDNR implementing Deep Neural Rejection (DNR). See Sotgiu et al. “Deep neural rejection against adversarial examples”, EURASIP J. on Info. Security (2020).
• #47 Added new classifier CClassifierMulticlassOVO implementing One-vs-One multiclass classification scheme.
• #765 Extended CModule to support trainable modules via fit and fit_forward functions.
• #800 Security evaluation can now be run using Cleverhans attacks. The name of the parameter to check should be specified as attack_params.<param_name> as an input argument for the constructor of CSecEval.
• #839 Experimental support of Windows operating system (version 7 or later).

Requirements (1 change)

• #768 Removed temporary pin of Pillow to v6 which used to break torch and torchvision packages.

Added (4 changes)

• #100007 Added new experimental package ml.scalers with a different implementation of ml.features.normalization classes directly based Scikit-Learn's scalers. Included classes are: CScalerMinMax, CScalerStd, CScalerNorm.
• #770 Added new methods to convert a CArray to specific scipy.sparse array formats: tocoo, tocsc, todia, todok, tolil.
• #812 CAttackPoisoning now exposes: x0, xc, yc, objective_function and objective_function_gradient.
• #776 n_jobs is now a init parameter of CModule and subclasses and not passed via fit anymore.

Improved (12 changes)

• #817 Added CClassifierSVM native support to OVA multiclass scheme, without replicating the kernel in each one-vs-all classifier.
• #574 Added _clear_cache mechanism to CModule and classes that require caching data in the forward pass before backward (e.g., exponential kernels do that to avoid re-computing the kernel matrix in the backward pass).
• #820 Add parallel execution of forward method for CClassifierMulticlassOVA and CClassifierMulticlassOVO.
• #815 Simplified CAttack interface (now only requires implementing run as required by CSecEval).
• #574 Modified kernel and classifier interfaces to allow their use as preprocessing modules.
• #775 Improved efficiency in gradient computation of SVMs, by back-propagating the alpha values to the kernel.
• #773 Improved efficiency in the computation of gradients of evasion attacks (CAttackEvasionPGDLS). Now gradient is called once rather than twice to compute the gradient of the objective function.
• #801 CSecEval will now check that the param_name input argument can be found in the attack class used in the evaluation.
• #695 COptimizerPGD now exits optimization if constraint radius is 0. COptimizerPGD , COptimizerPGDLS and COptimizerPGDExp will now raise a warning if the 0-radius constraint is defined outside the given bounds.
• #828 CClassifierSVM now uses n_jobs parameter for parallel execution of training in case of multiclass datasets.
• #767 Using scipy.sparse .hstack and .vstack instead of a custom implementation in CSparse.concatenate.
• #772 Using scipy.sparse .argmin and .argmax instead of a custom implementation in CSparse.argmin and CSparse.argmax.

Changed (6 changes)

• #817 Kernel is now used as preprocess in CClassifierSVM.
• #817 Removed store_dual_vars and kernel.setter from CClassifierSVM. Now a linear SVM is trained in the primal (w,b) if kernel=None, otherwise it is trained in the dual (alpha and b), on the precomputed training kernel matrix.
• #765 Unified fit interface from fit(ds) to fit(x,y) to be consistent across normalizers and classifiers.
• #574 Removed redundant definitions of gradient(x, w) from CKernelRBF, CKernelLaplacian, CKernelEuclidean, CClassifierDNN, CNormalizerUnitNorm. The protected property grad_requires_forward now specifies if gradient has to compute an explicit forward pass or only propagate the input x through the pre-processing chain before calling backward.
• #823 Removed surrogate_data parameter from CAttackPoisoning and renamed it to double_init_ds in CAttackEvasion subclasses.
• #829 CClassifierRejectThreshold now returns wrapped classifier classes plus the reject class (-1).

Fixed (10 changes)

• #816 Fixed stop condition of COptimizerPGD which was missing index i.
• #825 Infer the number of attacked classifier classes directly from it (instead of inferring it from surrogate data) in CAttackEvasionPGDLS to fix a crash when the class index of data points is greater or equal than the number of alternative data points.
• #810 Fixed CClassifierPyTorch.backward not working properly due to a miscalculation of the number of input features of the model when a CNormalizeDNN is used as preprocessor.
• #803 Fixed checks on the inner classifier in CClassifierRejectThreshold which can be bypassed by using the clf attribute setter, now removed.
• #818 Fixed CCreator.set not allowing to set writable attributes of level-0 readable-only attributes.
• #819 Fixed CCreator.get_params not returning level-0 not-writable attributes having one or more writable attributes.
• #785 Fixed constant override of matplotlib backend in CFigure on Windows systems.
• #783 Fixed model_zoo.load_model improperly building download urls depending on the system default url separator.
• #771 Fixed the following methods of CSparse to ensure they properly work independently from the sparse array format: save, load, __pow__, round, nan_to_num, logical_and, unique, bincount, prod, all, any, min, max.
• #769 CArray.tocsr() now always returns a scipy.sparse.csr_matrix array as expected.

Removed & Deprecated (2 changes)

• #540 Removed discrete and surrogate_classifier parameter from CAttack.
• #777 Deprecated attribute kernel is now removed from CClassifierSGD, CClassifierRidge and CClassifierLogistic classifiers.

Documentation (10 changes)

• #839 Windows is now displayed as a supported Operating System in README and setup.
• #806 Documented pytorch extra component installation requirements under Windows.
• #834 Temporarily pinned numpydoc to < 1.1 to avoid compatibility issues of the newest version.
• #807 Documentation is now built using Sphinx https://readthedocs.org/ theme v0.5 or higher.
• #830 Fixed links to repository pages by adding a dash after project name.
• #758 Added a direct link to the gitlab.com repository in README.
• #788 Notebooks now include a warning about the required extra components (if any).
• #787 Fixed argmin -> argmax typo in docstring of CClassifierRejectThreshold.predict method.
• #789 Fixed notebook 4 not correctly generating a separate dataset for training the target classifiers.
• #791 Fixed random_state not set for CClassifierDecisionTree in notebook 4.