Welcome to the Adversarial Robustness Toolbox

This is a library dedicated to adversarial machine learning. Its purpose is to allow rapid crafting and analysis of attacks and defense methods for machine learning models. The Adversarial Robustness Toolbox provides an implementation for many state-of-the-art methods for attacking and defending classifiers. The code can be found on GitHub.

The library is still under development. Feedback, bug reports and extensions are highly appreciated.

Supported Attacks, Defences and Metrics

The Adversarial Robustness Toolbox contains implementations of the following evasion attacks:

The following defense methods are also supported:

ART also implements detection methods of adversarial samples:

  • Basic detector based on inputs

  • Detector trained on the activations of a specific layer

  • Detector based on Fast Generalized Subset Scan (Speakman et al., 2018)

The following detector of poisoning attacks is also supported: * Detector based on activations analysis (Chen et al., 2018)

Robustness metrics:

Indices and tables