Welcome to the Adversarial Robustness 360 Toolbox

Adversarial Robustness 360 Toolbox (ART) is a Python library supporting developers and researchers in defending Machine Learning models (Deep Neural Networks, Gradient Boosted Decision Trees, Support Vector Machines, Random Forests, Logistic Regression, Gaussian Processes, Decision Trees, Scikit-learn Pipelines, etc.) against adversarial threats and helps making AI systems more secure and trustworthy. Machine Learning models are vulnerable to adversarial examples, which are inputs (images, texts, tabular data, etc.) deliberately modified to produce a desired response by the Machine Learning model. ART provides the tools to build and deploy defences and test them with adversarial attacks.

Defending Machine Learning models involves certifying and verifying model robustness and model hardening with approaches such as pre-processing inputs, augmenting training data with adversarial samples, and leveraging runtime detection methods to flag any inputs that might have been modified by an adversary. The attacks implemented in ART allow creating adversarial attacks against Machine Learning models which is required to test defenses with state-of-the-art threat models.

The code of ART is on GitHub.

The library is under continuous development and feedback, bug reports and contributions are very welcome.

Implemented Attacks, Defences, Detections, Metrics, Certifications and Verifications

Evasion Attacks:


Robustness metrics, certifications and verifications:

Detection of adversarial samples:

  • Basic detector based on inputs

  • Detector trained on the activations of a specific layer

  • Detector based on Fast Generalized Subset Scan (Speakman et al., 2018)

Detection of poisoning attacks:


Indices and tables