December 11, 2019

994 words 5 mins read



Python library for adversarial machine learning (evasion, extraction, poisoning, verification, certification) with attacks and defences for neural networks, logistic regression, decision trees, SVM, gradient boosted trees, Gaussian processes and more with multiple framework support

repo name IBM/adversarial-robustness-toolbox
repo link
language Python
size (curr.) 104060 kB
stars (curr.) 1307
created 2018-03-15
license MIT License

Adversarial Robustness Toolbox (ART) v1.2

Build Status Documentation Status GitHub version Language grade: Python Total alerts codecov Code style: black License: MIT PyPI - Python Version slack-img


Adversarial Robustness Toolbox (ART) is a Python library supporting developers and researchers in defending Machine Learning models (Deep Neural Networks, Gradient Boosted Decision Trees, Support Vector Machines, Random Forests, Logistic Regression, Gaussian Processes, Decision Trees, Scikit-learn Pipelines, etc.) against adversarial threats (including evasion, extraction and poisoning) and helps making AI systems more secure and trustworthy. Machine Learning models are vulnerable to adversarial examples, which are inputs (images, texts, tabular data, etc.) deliberately crafted to produce a desired response by the Machine Learning model. ART provides the tools to build and deploy defences and test them with adversarial attacks.

Defending Machine Learning models involves certifying and verifying model robustness and model hardening with approaches such as pre-processing inputs, augmenting training data with adversarial examples, and leveraging runtime detection methods to flag any inputs that might have been modified by an adversary. ART includes attacks for testing defenses with state-of-the-art threat models.

Documentation of ART:

Get started with examples and tutorials

The library is under continuous development. Feedback, bug reports and contributions are very welcome. Get in touch with us on Slack (invite here)!

Supported Machine Learning Libraries and Applications

Implemented Attacks, Defences, Detections, Metrics, Certifications and Verifications

Evasion Attacks:

Extraction Attacks:

Poisoning Attacks:

Defences - Preprocessor:

Defences - Postprocessor:

Defences - Trainer:

Defences - Transformer:

Robustness Metrics, Certifications and Verifications:

Detection of Adversarial Examples:

  • Basic detector based on inputs
  • Detector trained on the activations of a specific layer
  • Detector based on Fast Generalized Subset Scan (Speakman et al., 2018)

Detection of Poisoning Attacks:


Installation with pip

The toolbox is designed and tested to run with Python 3. ART can be installed from the PyPi repository using pip:

pip install adversarial-robustness-toolbox

Manual installation

The most recent version of ART can be downloaded or cloned from this repository:

git clone

Install ART with the following command from the project folder adversarial-robustness-toolbox:

pip install .

ART provides unit tests that can be run with the following command:


Get Started with ART

Examples of using ART can be found in examples and examples/ provides an overview and additional information. It contains a minimal example for each machine learning framework. All examples can be run with the following command:

python examples/<example_name>.py

More detailed examples and tutorials are located in notebooks and notebooks/ provides and overview and more information.


Adding new features, improving documentation, fixing bugs, or writing tutorials are all examples of helpful contributions. Furthermore, if you are publishing a new attack or defense, we strongly encourage you to add it to the Adversarial Robustness Toolbox so that others may evaluate it fairly in their own work.

Bug fixes can be initiated through GitHub pull requests. When making code contributions to the Adversarial Robustness Toolbox, we ask that you follow the PEP 8 coding standard and that you provide unit tests for the new features.

This project uses DCO. Be sure to sign off your commits using the -s flag or adding Signed-off-By: Name<Email> in the commit message.


git commit -s -m 'Add new feature'

Citing ART

If you use ART for research, please consider citing the following reference paper:

    title = {Adversarial Robustness Toolbox v1.2.0},
    author = {Nicolae, Maria-Irina and Sinn, Mathieu and Tran, Minh~Ngoc and Buesser, Beat and Rawat, Ambrish and Wistuba, Martin and Zantedeschi, Valentina and Baracaldo, Nathalie and Chen, Bryant and Ludwig, Heiko and Molloy, Ian and Edwards, Ben},
    journal = {CoRR},
    volume = {1807.01069},
    year = {2018},
    url = {}
comments powered by Disqus