Showing preview only (2,077K chars total). Download the full file or copy to clipboard to get everything.
Repository: mindspore-ai/mindarmour
Branch: master
Commit: 16fe8fa8edb2
Files: 357
Total size: 40.9 MB
Directory structure:
gitextract_ionqowz0/
├── .gitee/
│ └── PULL_REQUEST_TEMPLATE.md
├── .github/
│ ├── ISSUE_TEMPLATE/
│ │ ├── RFC.md
│ │ ├── bug-report.md
│ │ └── task-tracking.md
│ └── PULL_REQUEST_TEMPLATE.md
├── .gitignore
├── .jenkins/
│ ├── check/
│ │ └── config/
│ │ ├── filter_cppcheck.txt
│ │ ├── filter_cpplint.txt
│ │ ├── filter_pylint.txt
│ │ └── whitelizard.txt
│ └── test/
│ └── config/
│ └── dependent_packages.yaml
├── .vscode/
│ └── settings.json
├── LICENSE
├── NOTICE
├── OWNERS
├── README.md
├── README_CN.md
├── RELEASE.md
├── RELEASE_CN.md
├── docs/
│ ├── README.md
│ └── api/
│ ├── api_python/
│ │ ├── mindarmour.adv_robustness.attacks.rst
│ │ ├── mindarmour.adv_robustness.defenses.rst
│ │ ├── mindarmour.adv_robustness.detectors.rst
│ │ ├── mindarmour.adv_robustness.evaluations.rst
│ │ ├── mindarmour.fuzz_testing.rst
│ │ ├── mindarmour.natural_robustness.transform.image.rst
│ │ ├── mindarmour.privacy.diff_privacy.rst
│ │ ├── mindarmour.privacy.evaluation.rst
│ │ ├── mindarmour.privacy.sup_privacy.rst
│ │ ├── mindarmour.reliability.rst
│ │ ├── mindarmour.rst
│ │ └── mindarmour.utils.rst
│ └── api_python_en/
│ ├── mindarmour.adv_robustness.attacks.rst
│ ├── mindarmour.adv_robustness.defenses.rst
│ ├── mindarmour.adv_robustness.detectors.rst
│ ├── mindarmour.adv_robustness.evaluations.rst
│ ├── mindarmour.fuzz_testing.rst
│ ├── mindarmour.natural_robustness.transform.image.rst
│ ├── mindarmour.privacy.diff_privacy.rst
│ ├── mindarmour.privacy.evaluation.rst
│ ├── mindarmour.privacy.sup_privacy.rst
│ ├── mindarmour.reliability.rst
│ ├── mindarmour.rst
│ └── mindarmour.utils.rst
├── examples/
│ ├── README.md
│ ├── __init__.py
│ ├── ai_fuzzer/
│ │ ├── README.md
│ │ ├── __init__.py
│ │ ├── fuzz_testing_and_model_enhense.py
│ │ ├── lenet5_mnist_coverage.py
│ │ ├── lenet5_mnist_fuzzing.py
│ │ └── lenet5_mnist_scc.py
│ ├── common/
│ │ ├── __init__.py
│ │ ├── dataset/
│ │ │ ├── __init__.py
│ │ │ └── data_processing.py
│ │ └── networks/
│ │ ├── __init__.py
│ │ ├── cifar10cnn/
│ │ │ ├── __init__.py
│ │ │ ├── cifar10cnn_net.py
│ │ │ └── cifar_train.py
│ │ ├── lenet5/
│ │ │ ├── __init__.py
│ │ │ ├── lenet5_net.py
│ │ │ ├── lenet5_net_for_fuzzing.py
│ │ │ └── mnist_train.py
│ │ ├── resnet/
│ │ │ ├── __init__.py
│ │ │ └── resnet.py
│ │ └── vgg/
│ │ ├── __init__.py
│ │ ├── config.py
│ │ ├── crossentropy.py
│ │ ├── linear_warmup.py
│ │ ├── utils/
│ │ │ ├── __init__.py
│ │ │ ├── util.py
│ │ │ └── var_init.py
│ │ ├── vgg.py
│ │ ├── warmup_cosine_annealing_lr.py
│ │ └── warmup_step_lr.py
│ ├── community/
│ │ ├── __init__.py
│ │ ├── face_adversarial_attack/
│ │ │ ├── README.md
│ │ │ ├── adversarial_attack.py
│ │ │ ├── example_non_target_attack.py
│ │ │ ├── example_target_attack.py
│ │ │ ├── loss_design.py
│ │ │ └── test.py
│ │ ├── query_attack_detector/
│ │ │ ├── README.md
│ │ │ └── query_detector.py
│ │ └── speech_adversarial_attack/
│ │ ├── README.md
│ │ ├── attack.py
│ │ ├── checkpoints/
│ │ │ └── .gitkeep
│ │ ├── data/
│ │ │ └── .gitkeep
│ │ ├── dataset.py
│ │ ├── labels.json
│ │ ├── requirements.txt
│ │ ├── src/
│ │ │ ├── __init__.py
│ │ │ ├── config.py
│ │ │ ├── deepspeech2.py
│ │ │ └── greedydecoder.py
│ │ └── stft.py
│ ├── model_protection/
│ │ └── qwen2_5/
│ │ ├── README.md
│ │ ├── infer/
│ │ │ ├── network_patch/
│ │ │ │ ├── __init__.py
│ │ │ │ ├── qwen2_5_7b_instruct_ms_network_obfuscate.py
│ │ │ │ └── qwen2_5_7b_instruct_ms_network_obfuscate_emb.py
│ │ │ └── qwen2_5_7b_instruct_obfuscate_inference.py
│ │ └── obfuscation/
│ │ ├── config/
│ │ │ ├── qwen2_5_7b_instruct_obf_config.yaml
│ │ │ └── qwen2_5_7b_instruct_obf_config_emb.yaml
│ │ └── qwen2_5_7b_instruct_weight_obfuscate.py
│ ├── model_security/
│ │ ├── README.md
│ │ ├── __init__.py
│ │ ├── model_attacks/
│ │ │ ├── __init__.py
│ │ │ ├── black_box/
│ │ │ │ ├── __init__.py
│ │ │ │ ├── mnist_attack_genetic.py
│ │ │ │ ├── mnist_attack_hsja.py
│ │ │ │ ├── mnist_attack_nes.py
│ │ │ │ ├── mnist_attack_pointwise.py
│ │ │ │ ├── mnist_attack_pso.py
│ │ │ │ └── mnist_attack_salt_and_pepper.py
│ │ │ ├── cv/
│ │ │ │ ├── faster_rcnn/
│ │ │ │ │ ├── README.md
│ │ │ │ │ ├── coco_attack_genetic.py
│ │ │ │ │ ├── coco_attack_pgd.py
│ │ │ │ │ ├── coco_attack_pso.py
│ │ │ │ │ └── src/
│ │ │ │ │ ├── FasterRcnn/
│ │ │ │ │ │ ├── __init__.py
│ │ │ │ │ │ ├── anchor_generator.py
│ │ │ │ │ │ ├── bbox_assign_sample.py
│ │ │ │ │ │ ├── bbox_assign_sample_stage2.py
│ │ │ │ │ │ ├── faster_rcnn_r50.py
│ │ │ │ │ │ ├── fpn_neck.py
│ │ │ │ │ │ ├── proposal_generator.py
│ │ │ │ │ │ ├── rcnn.py
│ │ │ │ │ │ ├── resnet50.py
│ │ │ │ │ │ ├── roi_align.py
│ │ │ │ │ │ └── rpn.py
│ │ │ │ │ ├── config.py
│ │ │ │ │ ├── dataset.py
│ │ │ │ │ ├── lr_schedule.py
│ │ │ │ │ ├── network_define.py
│ │ │ │ │ └── util.py
│ │ │ │ └── yolov3_darknet53/
│ │ │ │ ├── coco_attack_deepfool.py
│ │ │ │ └── src/
│ │ │ │ ├── __init__.py
│ │ │ │ ├── config.py
│ │ │ │ ├── convert_weight.py
│ │ │ │ ├── darknet.py
│ │ │ │ ├── distributed_sampler.py
│ │ │ │ ├── initializer.py
│ │ │ │ ├── logger.py
│ │ │ │ ├── loss.py
│ │ │ │ ├── lr_scheduler.py
│ │ │ │ ├── transforms.py
│ │ │ │ ├── util.py
│ │ │ │ ├── yolo.py
│ │ │ │ └── yolo_dataset.py
│ │ │ └── white_box/
│ │ │ ├── __init__.py
│ │ │ ├── mnist_attack_cw.py
│ │ │ ├── mnist_attack_deepfool.py
│ │ │ ├── mnist_attack_fgsm.py
│ │ │ ├── mnist_attack_jsma.py
│ │ │ ├── mnist_attack_lbfgs.py
│ │ │ ├── mnist_attack_mdi2fgsm.py
│ │ │ ├── mnist_attack_pgd.py
│ │ │ └── mnist_attack_vmifgsm.py
│ │ ├── model_defenses/
│ │ │ ├── __init__.py
│ │ │ ├── mnist_defense_nad.py
│ │ │ ├── mnist_evaluation.py
│ │ │ └── mnist_similarity_detector.py
│ │ └── neuron_sensitivity/
│ │ └── mnist_neuron_sensitivity.py
│ ├── natural_robustness/
│ │ ├── __init__.py
│ │ ├── natural_robustness_example.py
│ │ └── serving/
│ │ ├── README.md
│ │ ├── client/
│ │ │ ├── perturb_config.py
│ │ │ └── serving_client.py
│ │ └── server/
│ │ ├── perturbation/
│ │ │ └── servable_config.py
│ │ └── serving_server.py
│ ├── privacy/
│ │ ├── README.md
│ │ ├── __init__.py
│ │ ├── diff_privacy/
│ │ │ ├── __init__.py
│ │ │ ├── dp_ada_gaussian_config.py
│ │ │ ├── dp_ada_sgd_graph_config.py
│ │ │ ├── lenet5_config.py
│ │ │ ├── lenet5_dp.py
│ │ │ ├── lenet5_dp_ada_gaussian.py
│ │ │ ├── lenet5_dp_ada_sgd_graph.py
│ │ │ └── lenet5_dp_optimizer.py
│ │ ├── inversion_attack/
│ │ │ ├── README.md
│ │ │ ├── __init__.py
│ │ │ ├── cifar_black_box.py
│ │ │ ├── cifar_shadow_attack.py
│ │ │ ├── inversion_net.py
│ │ │ ├── mnist_inversion_attack.py
│ │ │ └── shadow_net.py
│ │ ├── membership_inference/
│ │ │ ├── __init__.py
│ │ │ ├── eval.py
│ │ │ ├── example_vgg_cifar.py
│ │ │ └── train.py
│ │ └── sup_privacy/
│ │ ├── __init__.py
│ │ ├── sup_privacy.py
│ │ └── sup_privacy_config.py
│ └── reliability/
│ ├── concept_drift_check_images_lenet.py
│ ├── concept_drift_check_images_resnet.py
│ ├── concept_drift_time_series.py
│ └── model_fault_injection.py
├── mindarmour/
│ ├── __init__.py
│ ├── adv_robustness/
│ │ ├── __init__.py
│ │ ├── attacks/
│ │ │ ├── __init__.py
│ │ │ ├── attack.py
│ │ │ ├── black/
│ │ │ │ ├── __init__.py
│ │ │ │ ├── black_model.py
│ │ │ │ ├── genetic_attack.py
│ │ │ │ ├── hop_skip_jump_attack.py
│ │ │ │ ├── natural_evolutionary_strategy.py
│ │ │ │ ├── pointwise_attack.py
│ │ │ │ ├── pso_attack.py
│ │ │ │ └── salt_and_pepper_attack.py
│ │ │ ├── carlini_wagner.py
│ │ │ ├── deep_fool.py
│ │ │ ├── gradient_method.py
│ │ │ ├── iterative_gradient_method.py
│ │ │ ├── jsma.py
│ │ │ └── lbfgs.py
│ │ ├── defenses/
│ │ │ ├── __init__.py
│ │ │ ├── adversarial_defense.py
│ │ │ ├── defense.py
│ │ │ ├── natural_adversarial_defense.py
│ │ │ └── projected_adversarial_defense.py
│ │ ├── detectors/
│ │ │ ├── __init__.py
│ │ │ ├── black/
│ │ │ │ ├── __init__.py
│ │ │ │ └── similarity_detector.py
│ │ │ ├── detector.py
│ │ │ ├── ensemble_detector.py
│ │ │ ├── mag_net.py
│ │ │ ├── region_based_detector.py
│ │ │ └── spatial_smoothing.py
│ │ └── evaluations/
│ │ ├── __init__.py
│ │ ├── attack_evaluation.py
│ │ ├── black/
│ │ │ ├── __init__.py
│ │ │ └── defense_evaluation.py
│ │ ├── defense_evaluation.py
│ │ ├── neuron_metrics.py
│ │ └── visual_metrics.py
│ ├── fuzz_testing/
│ │ ├── __init__.py
│ │ ├── fuzzing.py
│ │ ├── model_coverage_metrics.py
│ │ ├── scc_readme.md
│ │ └── sensitivity_convergence_coverage.py
│ ├── model_protection/
│ │ ├── __init__.py
│ │ └── obfuscation.py
│ ├── natural_robustness/
│ │ ├── __init__.py
│ │ └── transform/
│ │ ├── __init__.py
│ │ └── image/
│ │ ├── __init__.py
│ │ ├── blur.py
│ │ ├── corruption.py
│ │ ├── luminance.py
│ │ ├── natural_perturb.py
│ │ └── transformation.py
│ ├── privacy/
│ │ ├── __init__.py
│ │ ├── diff_privacy/
│ │ │ ├── __init__.py
│ │ │ ├── mechanisms/
│ │ │ │ ├── __init__.py
│ │ │ │ └── mechanisms.py
│ │ │ ├── monitor/
│ │ │ │ ├── __init__.py
│ │ │ │ └── monitor.py
│ │ │ ├── optimizer/
│ │ │ │ ├── __init__.py
│ │ │ │ └── optimizer.py
│ │ │ └── train/
│ │ │ ├── __init__.py
│ │ │ └── model.py
│ │ ├── evaluation/
│ │ │ ├── __init__.py
│ │ │ ├── _check_config.py
│ │ │ ├── attacker.py
│ │ │ ├── inversion_attack.py
│ │ │ ├── membership_inference.py
│ │ │ ├── model_inversion_attack.py
│ │ │ └── shadow_model_attack.py
│ │ └── sup_privacy/
│ │ ├── __init__.py
│ │ ├── mask_monitor/
│ │ │ ├── __init__.py
│ │ │ └── masker.py
│ │ ├── sup_ctrl/
│ │ │ ├── __init__.py
│ │ │ └── conctrl.py
│ │ └── train/
│ │ ├── __init__.py
│ │ └── model.py
│ ├── reliability/
│ │ ├── __init__.py
│ │ ├── concept_drift/
│ │ │ ├── README.md
│ │ │ ├── __init__.py
│ │ │ ├── concept_drift_check_images.py
│ │ │ └── concept_drift_check_time_series.py
│ │ └── model_fault_injection/
│ │ ├── README.md
│ │ ├── __init__.py
│ │ ├── fault_injection.py
│ │ └── fault_type.py
│ ├── utils/
│ │ ├── __init__.py
│ │ ├── _check_param.py
│ │ ├── logger.py
│ │ └── util.py
│ └── version.py
├── package.sh
├── requirements.txt
├── setup.py
└── tests/
├── __init__.py
└── ut/
├── __init__.py
└── python/
├── __init__.py
├── adv_robustness/
│ ├── __init__.py
│ ├── attacks/
│ │ ├── __init__.py
│ │ ├── black/
│ │ │ ├── __init__.py
│ │ │ ├── test_genetic_attack.py
│ │ │ ├── test_hsja.py
│ │ │ ├── test_nes.py
│ │ │ ├── test_pointwise_attack.py
│ │ │ ├── test_pso_attack.py
│ │ │ └── test_salt_and_pepper_attack.py
│ │ ├── test_batch_generate_attack.py
│ │ ├── test_cw.py
│ │ ├── test_deep_fool.py
│ │ ├── test_gradient_method.py
│ │ ├── test_iterative_gradient_method.py
│ │ ├── test_jsma.py
│ │ └── test_lbfgs.py
│ ├── defenses/
│ │ ├── __init__.py
│ │ ├── test_ad.py
│ │ ├── test_ead.py
│ │ ├── test_nad.py
│ │ └── test_pad.py
│ ├── detectors/
│ │ ├── __init__.py
│ │ ├── black/
│ │ │ ├── __init__.py
│ │ │ └── test_similarity_detector.py
│ │ ├── test_ensemble_detector.py
│ │ ├── test_mag_net.py
│ │ ├── test_region_based_detector.py
│ │ └── test_spatial_smoothing.py
│ └── evaluations/
│ ├── __init__.py
│ ├── black/
│ │ ├── __init__.py
│ │ └── test_black_defense_eval.py
│ ├── test_attack_eval.py
│ ├── test_defense_eval.py
│ └── test_radar_metric.py
├── dataset/
│ ├── concept_test_lenet.npy
│ ├── concept_test_lenet1.npy
│ ├── concept_test_lenet2.npy
│ ├── concept_train_lenet.npy
│ ├── test_images.npy
│ ├── test_labels.npy
│ └── trained_ckpt_file/
│ └── checkpoint_lenet-10_1875.ckpt
├── fuzzing/
│ ├── __init__.py
│ ├── test_coverage_metrics.py
│ └── test_fuzzer.py
├── natural_robustness/
│ └── test_natural_robustness.py
├── privacy/
│ ├── __init__.py
│ ├── diff_privacy/
│ │ ├── __init__.py
│ │ ├── test_mechanisms.py
│ │ ├── test_model_train.py
│ │ ├── test_monitor.py
│ │ └── test_optimizer.py
│ ├── evaluation/
│ │ ├── __init__.py
│ │ ├── test_attacker.py
│ │ ├── test_inversion_attack.py
│ │ └── test_membership_inference.py
│ └── sup_privacy/
│ ├── __init__.py
│ └── test_model_train.py
├── reliability/
│ ├── concept_drift/
│ │ ├── test_concept_drift_images.py
│ │ └── test_concept_drift_time_series.py
│ └── model_fault_injection/
│ └── test_fault_injection.py
└── utils/
├── __init__.py
├── mock_net.py
└── test_log_util.py
================================================
FILE CONTENTS
================================================
================================================
FILE: .gitee/PULL_REQUEST_TEMPLATE.md
================================================
<!-- Thanks for sending a pull request! Here are some tips for you:
If this is your first time, please read our contributor guidelines: https://gitee.com/mindspore/mindspore/blob/master/CONTRIBUTING.md
-->
**What type of PR is this?**
> Uncomment only one ` /kind <>` line, hit enter to put that in a new line, and remove leading whitespaces from that line:
>
> /kind bug
> /kind task
> /kind feature
**What does this PR do / why do we need it**:
**Which issue(s) this PR fixes**:
<!--
*Automatically closes linked issue when PR is merged.
Usage: `Fixes #<issue number>`, or `Fixes (paste link of issue)`.
-->
Fixes #
**Special notes for your reviewers**:
================================================
FILE: .github/ISSUE_TEMPLATE/RFC.md
================================================
---
name: RFC
about: Use this template for the new feature or enhancement
labels: kind/feature or kind/enhancement
---
## Background
- Describe the status of the problem you wish to solve
- Attach the relevant issue if have
## Introduction
- Describe the general solution, design and/or pseudo-code
## Trail
| No. | Task Description | Related Issue(URL) |
| --- | ---------------- | ------------------ |
| 1 | | |
| 2 | | |
================================================
FILE: .github/ISSUE_TEMPLATE/bug-report.md
================================================
---
name: Bug Report
about: Use this template for reporting a bug
labels: kind/bug
---
<!-- Thanks for sending an issue! Here are some tips for you:
If this is your first time, please read our contributor guidelines: https://github.com/mindspore-ai/mindspore/blob/master/CONTRIBUTING.md
-->
## Environment
### Hardware Environment(`Ascend`/`GPU`/`CPU`):
> Uncomment only one ` /device <>` line, hit enter to put that in a new line, and remove leading whitespaces from that line:
>
> `/device ascend`</br>
> `/device gpu`</br>
> `/device cpu`</br>
### Software Environment:
- **MindSpore version (source or binary)**:
- **Python version (e.g., Python 3.7.5)**:
- **OS platform and distribution (e.g., Linux Ubuntu 16.04)**:
- **GCC/Compiler version (if compiled from source)**:
## Describe the current behavior
## Describe the expected behavior
## Steps to reproduce the issue
1.
2.
3.
## Related log / screenshot
## Special notes for this issue
================================================
FILE: .github/ISSUE_TEMPLATE/task-tracking.md
================================================
---
name: Task
about: Use this template for task tracking
labels: kind/task
---
## Task Description
## Task Goal
## Sub Task
| No. | Task Description | Issue ID |
| --- | ---------------- | -------- |
| 1 | | |
| 2 | | |
================================================
FILE: .github/PULL_REQUEST_TEMPLATE.md
================================================
<!-- Thanks for sending a pull request! Here are some tips for you:
If this is your first time, please read our contributor guidelines: https://github.com/mindspore-ai/mindspore/blob/master/CONTRIBUTING.md
-->
**What type of PR is this?**
> Uncomment only one ` /kind <>` line, hit enter to put that in a new line, and remove leading whitespaces from that line:
>
> `/kind bug`</br>
> `/kind task`</br>
> `/kind feature`</br>
**What does this PR do / why do we need it**:
**Which issue(s) this PR fixes**:
<!--
*Automatically closes linked issue when PR is merged.
Usage: `Fixes #<issue number>`, or `Fixes (paste link of issue)`.
-->
Fixes #
**Special notes for your reviewers**:
================================================
FILE: .gitignore
================================================
*.dot
*.ir
*.dat
*.pyc
*.csv
*.gz
*.tar
*.zip
*.rar
*.ipynb
.idea/
build/
dist/
local_script/
example/dataset/
example/mnist_demo/MNIST/
example/mnist_demo/trained_ckpt_file/
example/mnist_demo/model/
example/cifar_demo/model/
example/dog_cat_demo/model/
mindarmour.egg-info/
*model/
*MNIST/
*out.data/
*defensed_model/
*pre_trained_model/
*__pycache__/
*kernel_meta
.DS_Store
================================================
FILE: .jenkins/check/config/filter_cppcheck.txt
================================================
# MindArmour
================================================
FILE: .jenkins/check/config/filter_cpplint.txt
================================================
# MindArmour
================================================
FILE: .jenkins/check/config/filter_pylint.txt
================================================
# MindArmour
"mindarmour/mindarmour/privacy/diff_privacy" "protected-access"
"mindarmour/mindarmour/fuzz_testing/fuzzing.py" "missing-docstring"
"mindarmour/mindarmour/fuzz_testing/fuzzing.py" "protected-access"
"mindarmour/mindarmour/fuzz_testing/fuzzing.py" "consider-using-enumerate"
"mindarmour/setup.py" "missing-docstring"
"mindarmour/setup.py" "invalid-name"
"mindarmour/mindarmour/reliability/model_fault_injection/fault_injection.py" "protected-access"
"mindarmour/setup.py" "unused-argument"
# Tests
"mindarmour/tests/st" "missing-docstring"
"mindarmour/tests/ut" "missing-docstring"
"mindarmour/tests/st/resnet50/resnet_cifar10.py" "unused-argument"
"mindarmour/tests/ut/python/fuzzing/test_fuzzing.py" "invalid-name"
"mindarmour/tests/ut/python/attacks/test_lbfgs.py" "wrong-import-position"
"mindarmour/tests/ut/python/attacks/black/test_nes.py" "wrong-import-position"
"mindarmour/tests/ut/python/attacks/black/test_nes.py" "consider-using-enumerate"
"mindarmour/tests/ut/python/attacks/black/test_hsja.py" "wrong-import-position"
"mindarmour/tests/ut/python/attacks/black/test_hsja.py" "consider-using-enumerate"
"mindarmour/tests/ut/python/attacks/black/test_salt_and_pepper_attack.py" "unused-variable"
"mindarmour/tests/ut/python/attacks/black/test_pointwise_attack.py" "wrong-import-position"
"mindarmour/tests/ut/python/evaluations/test_radar_metric.py" "bad-continuation"
"mindarmour/tests/ut/python/diff_privacy/test_membership_inference.py" "wrong-import-position"
# Example
"mindarmour/examples/ai_fuzzer/lenet5_mnist_coverage.py" "missing-docstring"
"mindarmour/examples/ai_fuzzer/lenet5_mnist_fuzzing.py" "missing-docstring"
"mindarmour/examples/ai_fuzzer/fuzz_testing_and_model_enhense.py" "missing-docstring"
"mindarmour/examples/common/dataset/data_processing.py" "missing-docstring"
"mindarmour/examples/common/networks/lenet5/lenet5_net.py" "missing-docstring"
"mindarmour/examples/common/networks/lenet5/mnist_train.py" "missing-docstring"
"mindarmour/examples/model_security/model_attacks/black_box/mnist_attack_genetic.py" "missing-docstring"
"mindarmour/examples/model_security/model_attacks/black_box/mnist_attack_hsja.py" "missing-docstring"
"mindarmour/examples/model_security/model_attacks/black_box/mnist_attack_nes.py" "missing-docstring"
"mindarmour/examples/model_security/model_attacks/black_box/mnist_attack_pointwise.py" "missing-docstring"
"mindarmour/examples/model_security/model_attacks/black_box/mnist_attack_pso.py" "missing-docstring"
"mindarmour/examples/model_security/model_attacks/black_box/mnist_attack_salt_and_pepper.py" "missing-docstring"
"mindarmour/examples/model_security/model_attacks/white_box/mnist_attack_cw.py" "missing-docstring"
"mindarmour/examples/model_security/model_attacks/white_box/mnist_attack_deepfool.py" "missing-docstring"
"mindarmour/examples/model_security/model_attacks/white_box/mnist_attack_fgsm.py" "missing-docstring"
"mindarmour/examples/model_security/model_attacks/white_box/mnist_attack_jsma.py" "missing-docstring"
"mindarmour/examples/model_security/model_attacks/white_box/mnist_attack_lbfgs.py" "missing-docstring"
"mindarmour/examples/model_security/model_attacks/white_box/mnist_attack_mdi2fgsm.py" "missing-docstring"
"mindarmour/examples/model_security/model_attacks/white_box/mnist_attack_pgd.py" "missing-docstring"
"mindarmour/examples/model_security/model_attacks/white_box/mnist_attack_vmifgsm.py" "missing-docstring"
"mindarmour/examples/model_security/model_defenses/mnist_defense_nad.py" "missing-docstring"
"mindarmour/examples/model_security/model_defenses/mnist_evaluation.py" "missing-docstring"
"mindarmour/examples/model_security/model_defenses/mnist_similarity_detector.py" "missing-docstring"
"mindarmour/examples/community/speech_adversarial_attack/src/deepspeech2.py" "invalid-name"
================================================
FILE: .jenkins/check/config/whitelizard.txt
================================================
# Scene1:
# function_name1, function_name2
# Scene2:
# file_path:function_name1, function_name2
#
mindarmour/examples/model_security/model_defenses/mnist_evaluation.py:test_defense_evaluation
================================================
FILE: .jenkins/test/config/dependent_packages.yaml
================================================
mindspore:
'https://repo.mindspore.cn/mindspore/mindspore/version/202404/20240425/r2.3_20240425165819_2c3402f4e9fffe15827411e9ae7e83095ce21a32/'
================================================
FILE: .vscode/settings.json
================================================
{
"esbonio.sphinx.confDir": ""
}
================================================
FILE: LICENSE
================================================
Apache License
Version 2.0, January 2004
http://www.apache.org/licenses/
TERMS AND CONDITIONS FOR USE, REPRODUCTION, AND DISTRIBUTION
1. Definitions.
"License" shall mean the terms and conditions for use, reproduction,
and distribution as defined by Sections 1 through 9 of this document.
"Licensor" shall mean the copyright owner or entity authorized by
the copyright owner that is granting the License.
"Legal Entity" shall mean the union of the acting entity and all
other entities that control, are controlled by, or are under common
control with that entity. For the purposes of this definition,
"control" means (i) the power, direct or indirect, to cause the
direction or management of such entity, whether by contract or
otherwise, or (ii) ownership of fifty percent (50%) or more of the
outstanding shares, or (iii) beneficial ownership of such entity.
"You" (or "Your") shall mean an individual or Legal Entity
exercising permissions granted by this License.
"Source" form shall mean the preferred form for making modifications,
including but not limited to software source code, documentation
source, and configuration files.
"Object" form shall mean any form resulting from mechanical
transformation or translation of a Source form, including but
not limited to compiled object code, generated documentation,
and conversions to other media types.
"Work" shall mean the work of authorship, whether in Source or
Object form, made available under the License, as indicated by a
copyright notice that is included in or attached to the work
(an example is provided in the Appendix below).
"Derivative Works" shall mean any work, whether in Source or Object
form, that is based on (or derived from) the Work and for which the
editorial revisions, annotations, elaborations, or other modifications
represent, as a whole, an original work of authorship. For the purposes
of this License, Derivative Works shall not include works that remain
separable from, or merely link (or bind by name) to the interfaces of,
the Work and Derivative Works thereof.
"Contribution" shall mean any work of authorship, including
the original version of the Work and any modifications or additions
to that Work or Derivative Works thereof, that is intentionally
submitted to Licensor for inclusion in the Work by the copyright owner
or by an individual or Legal Entity authorized to submit on behalf of
the copyright owner. For the purposes of this definition, "submitted"
means any form of electronic, verbal, or written communication sent
to the Licensor or its representatives, including but not limited to
communication on electronic mailing lists, source code control systems,
and issue tracking systems that are managed by, or on behalf of, the
Licensor for the purpose of discussing and improving the Work, but
excluding communication that is conspicuously marked or otherwise
designated in writing by the copyright owner as "Not a Contribution."
"Contributor" shall mean Licensor and any individual or Legal Entity
on behalf of whom a Contribution has been received by Licensor and
subsequently incorporated within the Work.
2. Grant of Copyright License. Subject to the terms and conditions of
this License, each Contributor hereby grants to You a perpetual,
worldwide, non-exclusive, no-charge, royalty-free, irrevocable
copyright license to reproduce, prepare Derivative Works of,
publicly display, publicly perform, sublicense, and distribute the
Work and such Derivative Works in Source or Object form.
3. Grant of Patent License. Subject to the terms and conditions of
this License, each Contributor hereby grants to You a perpetual,
worldwide, non-exclusive, no-charge, royalty-free, irrevocable
(except as stated in this section) patent license to make, have made,
use, offer to sell, sell, import, and otherwise transfer the Work,
where such license applies only to those patent claims licensable
by such Contributor that are necessarily infringed by their
Contribution(s) alone or by combination of their Contribution(s)
with the Work to which such Contribution(s) was submitted. If You
institute patent litigation against any entity (including a
cross-claim or counterclaim in a lawsuit) alleging that the Work
or a Contribution incorporated within the Work constitutes direct
or contributory patent infringement, then any patent licenses
granted to You under this License for that Work shall terminate
as of the date such litigation is filed.
4. Redistribution. You may reproduce and distribute copies of the
Work or Derivative Works thereof in any medium, with or without
modifications, and in Source or Object form, provided that You
meet the following conditions:
(a) You must give any other recipients of the Work or
Derivative Works a copy of this License; and
(b) You must cause any modified files to carry prominent notices
stating that You changed the files; and
(c) You must retain, in the Source form of any Derivative Works
that You distribute, all copyright, patent, trademark, and
attribution notices from the Source form of the Work,
excluding those notices that do not pertain to any part of
the Derivative Works; and
(d) If the Work includes a "NOTICE" text file as part of its
distribution, then any Derivative Works that You distribute must
include a readable copy of the attribution notices contained
within such NOTICE file, excluding those notices that do not
pertain to any part of the Derivative Works, in at least one
of the following places: within a NOTICE text file distributed
as part of the Derivative Works; within the Source form or
documentation, if provided along with the Derivative Works; or,
within a display generated by the Derivative Works, if and
wherever such third-party notices normally appear. The contents
of the NOTICE file are for informational purposes only and
do not modify the License. You may add Your own attribution
notices within Derivative Works that You distribute, alongside
or as an addendum to the NOTICE text from the Work, provided
that such additional attribution notices cannot be construed
as modifying the License.
You may add Your own copyright statement to Your modifications and
may provide additional or different license terms and conditions
for use, reproduction, or distribution of Your modifications, or
for any such Derivative Works as a whole, provided Your use,
reproduction, and distribution of the Work otherwise complies with
the conditions stated in this License.
5. Submission of Contributions. Unless You explicitly state otherwise,
any Contribution intentionally submitted for inclusion in the Work
by You to the Licensor shall be under the terms and conditions of
this License, without any additional terms or conditions.
Notwithstanding the above, nothing herein shall supersede or modify
the terms of any separate license agreement you may have executed
with Licensor regarding such Contributions.
6. Trademarks. This License does not grant permission to use the trade
names, trademarks, service marks, or product names of the Licensor,
except as required for reasonable and customary use in describing the
origin of the Work and reproducing the content of the NOTICE file.
7. Disclaimer of Warranty. Unless required by applicable law or
agreed to in writing, Licensor provides the Work (and each
Contributor provides its Contributions) on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or
implied, including, without limitation, any warranties or conditions
of TITLE, NON-INFRINGEMENT, MERCHANTABILITY, or FITNESS FOR A
PARTICULAR PURPOSE. You are solely responsible for determining the
appropriateness of using or redistributing the Work and assume any
risks associated with Your exercise of permissions under this License.
8. Limitation of Liability. In no event and under no legal theory,
whether in tort (including negligence), contract, or otherwise,
unless required by applicable law (such as deliberate and grossly
negligent acts) or agreed to in writing, shall any Contributor be
liable to You for damages, including any direct, indirect, special,
incidental, or consequential damages of any character arising as a
result of this License or out of the use or inability to use the
Work (including but not limited to damages for loss of goodwill,
work stoppage, computer failure or malfunction, or any and all
other commercial damages or losses), even if such Contributor
has been advised of the possibility of such damages.
9. Accepting Warranty or Additional Liability. While redistributing
the Work or Derivative Works thereof, You may choose to offer,
and charge a fee for, acceptance of support, warranty, indemnity,
or other liability obligations and/or rights consistent with this
License. However, in accepting such obligations, You may act only
on Your own behalf and on Your sole responsibility, not on behalf
of any other Contributor, and only if You agree to indemnify,
defend, and hold each Contributor harmless for any liability
incurred by, or claims asserted against, such Contributor by reason
of your accepting any such warranty or additional liability.
END OF TERMS AND CONDITIONS
APPENDIX: How to apply the Apache License to your work.
To apply the Apache License to your work, attach the following
boilerplate notice, with the fields enclosed by brackets "[]"
replaced with your own identifying information. (Don't include
the brackets!) The text should be enclosed in the appropriate
comment syntax for the file format. We also recommend that a
file or class name and description of purpose be included on the
same "printed page" as the copyright notice for easier
identification within third-party archives.
Copyright [yyyy] [name of copyright owner]
Licensed under the Apache License, Version 2.0 (the "License");
you may not use this file except in compliance with the License.
You may obtain a copy of the License at
http://www.apache.org/licenses/LICENSE-2.0
Unless required by applicable law or agreed to in writing, software
distributed under the License is distributed on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
See the License for the specific language governing permissions and
limitations under the License.
================================================
FILE: NOTICE
================================================
MindSpore MindArmour
Copyright 2019-2020 Huawei Technologies Co., Ltd
================================================
FILE: OWNERS
================================================
approvers:
- pkuliuliu
- ZhidanLiu
- jxlang910
- liu-siming-hw
- yyuse
- ZhibinHan
reviewers:
- 张澍坤
- emmmmtang
================================================
FILE: README.md
================================================
# MindArmour
<!-- TOC -->
- [MindArmour](#mindarmour)
- [What is MindArmour](#what-is-mindarmour)
- [Adversarial Robustness Module](#adversarial-robustness-module)
- [Fuzz Testing Module](#fuzz-testing-module)
- [Privacy Protection and Evaluation Module](#privacy-protection-and-evaluation-module)
- [Differential Privacy Training Module](#differential-privacy-training-module)
- [Privacy Leakage Evaluation Module](#privacy-leakage-evaluation-module)
- [Starting](#starting)
- [System Environment Information Confirmation](#system-environment-information-confirmation)
- [Installation](#installation)
- [Installation by Source Code](#installation-by-source-code)
- [Installation by pip](#installation-by-pip)
- [Installation Verification](#installation-verification)
- [Docs](#docs)
- [Community](#community)
- [Contributing](#contributing)
- [Release Notes](#release-notes)
- [License](#license)
<!-- /TOC -->
[查看中文](./README_CN.md)
## What is MindArmour
MindArmour focus on security and privacy of artificial intelligence. It is committed to enhancing the trustworthiness of models and protecting the privacy of training and inference data. The current version (v2.0) mainly includes three modules: Adversarial Robustness Module, Fuzz Testing Module, Privacy Protection and Evaluation Module.
### Adversarial Robustness Module
Adversarial robustness module is designed for evaluating the robustness of the model against adversarial examples, and provides model enhancement methods to enhance the model's ability to resist the adversarial attack and improve the model's robustness.
This module includes four submodule: Adversarial Examples Generation, Adversarial Examples Detection, Model Defense and Evaluation.
The architecture is shown as follow:
### Fuzz Testing Module
Fuzz Testing module is a security test for AI models. We introduce neuron coverage gain as a guide to fuzz testing according to the characteristics of neural networks.
Fuzz testing is guided to generate samples in the direction of increasing neuron coverage rate, so that the input can activate more neurons and neuron values have a wider distribution range to fully test neural networks and explore different types of model output results and wrong behaviors.
The architecture is shown as follow:
### Privacy Protection and Evaluation Module
Privacy Protection and Evaluation Module includes two modules: Differential Privacy Training Module and Privacy Leakage Evaluation Module.
#### Differential Privacy Training Module
Differential Privacy Training Module implements the differential privacy optimizer. Currently, `SGD`, `Momentum` and `Adam` are supported. They are differential privacy optimizers based on the Gaussian mechanism.
This mechanism supports both non-adaptive and adaptive policy. Rényi differential privacy (RDP) and Zero-Concentrated differential privacy(ZCDP) are provided to monitor differential privacy budgets.
The architecture is shown as follow:
#### Privacy Leakage Evaluation Module
Privacy Leakage Evaluation Module is used to assess the risk of a model revealing user privacy. The privacy data security of the deep learning model is evaluated by using membership inference method to infer whether the sample belongs to training dataset.
The architecture is shown as follow:
## Starting
### System Environment Information Confirmation
- The hardware platform should be Ascend, GPU or CPU.
- See our [MindSpore Installation Guide](https://www.mindspore.cn/install) to install MindSpore.
The versions of MindArmour and MindSpore must be consistent.
- All other dependencies are included in [setup.py](https://gitee.com/mindspore/mindarmour/blob/master/setup.py).
### Installation
### Version dependency
Due the dependency between MindArmour and MindSpore, please follow the table below and install the corresponding MindSpore verision from [MindSpore download page](https://www.mindspore.cn/versions/en).
| MindArmour Version | Branch | MindSpore Version |
| ------------------ | --------------------------------------------------------- | ----------------- |
| 2.0.0 | [r2.0](https://gitee.com/mindspore/mindarmour/tree/r2.0/) | >=1.7.0 |
| 1.9.0 | [r1.9](https://gitee.com/mindspore/mindarmour/tree/r1.9/) | >=1.7.0 |
| 1.8.0 | [r1.8](https://gitee.com/mindspore/mindarmour/tree/r1.8/) | >=1.7.0 |
| 1.7.0 | [r1.7](https://gitee.com/mindspore/mindarmour/tree/r1.7/) | r1.7 |
#### Installation by Source Code
1. Download source code from Gitee.
```bash
git clone https://gitee.com/mindspore/mindarmour.git
```
2. Compile and install in MindArmour directory.
```bash
cd mindarmour
python setup.py install
```
#### Installation by pip
```bash
pip install https://ms-release.obs.cn-north-4.myhuaweicloud.com/{version}/MindArmour/{arch}/mindarmour-{version}-cp37-cp37m-linux_{arch}.whl --trusted-host ms-release.obs.cn-north-4.myhuaweicloud.com -i https://pypi.tuna.tsinghua.edu.cn/simple
```
> - When the network is connected, dependency items are automatically downloaded during .whl package installation. (For details about other dependency items, see [setup.py](https://gitee.com/mindspore/mindarmour/blob/master/setup.py)). In other cases, you need to manually install dependency items.
> - `{version}` denotes the version of MindArmour. For example, when you are downloading MindArmour 1.0.1, `{version}` should be 1.0.1.
> - `{arch}` denotes the system architecture. For example, the Linux system you are using is x86 architecture 64-bit, `{arch}` should be `x86_64`. If the system is ARM architecture 64-bit, then it should be `aarch64`.
### Installation Verification
Successfully installed, if there is no error message such as `No module named 'mindarmour'` when execute the following command:
```bash
python -c 'import mindarmour'
```
## Docs
Guidance on installation, tutorials, API, see our [User Documentation](https://gitee.com/mindspore/docs).
## Community
[MindSpore Slack](https://join.slack.com/t/mindspore/shared_invite/enQtOTcwMTIxMDI3NjM0LTNkMWM2MzI5NjIyZWU5ZWQ5M2EwMTQ5MWNiYzMxOGM4OWFhZjI4M2E5OGI2YTg3ODU1ODE2Njg1MThiNWI3YmQ) - Ask questions and find answers.
## Contributing
Welcome contributions. See our [Contributor Wiki](https://gitee.com/mindspore/mindspore/blob/master/CONTRIBUTING.md) for more details.
## Release Notes
The release notes, see our [RELEASE](RELEASE.md).
## License
[Apache License 2.0](LICENSE)
================================================
FILE: README_CN.md
================================================
# MindArmour
<!-- TOC -->
- [MindArmour](#mindarmour)
- [简介](#简介)
- [对抗样本鲁棒性模块](#对抗样本鲁棒性模块)
- [Fuzz Testing模块](#fuzz-testing模块)
- [隐私保护模块](#隐私保护模块)
- [差分隐私训练模块](#差分隐私训练模块)
- [隐私泄露评估模块](#隐私泄露评估模块)
- [开始](#开始)
- [确认系统环境信息](#确认系统环境信息)
- [安装](#安装)
- [源码安装](#源码安装)
- [pip安装](#pip安装)
- [验证是否成功安装](#验证是否成功安装)
- [文档](#文档)
- [社区](#社区)
- [贡献](#贡献)
- [版本](#版本)
- [版权](#版权)
<!-- /TOC -->
[View English](./README.md)
## 简介
MindArmour关注AI的安全和隐私问题。致力于增强模型的安全可信、保护训推数据隐私安全。当前版本(v2.0)主要包含3个模块:对抗样本鲁棒性模块、Fuzz Testing模块、隐私保护与评估模块。
### 对抗样本鲁棒性模块
对抗样本鲁棒性模块用于评估模型对于对抗样本的鲁棒性,并提供模型增强方法用于增强模型抗对抗样本攻击的能力,提升模型鲁棒性。对抗样本鲁棒性模块包含了4个子模块:对抗样本的生成、对抗样本的检测、模型防御、攻防评估。
对抗样本鲁棒性模块的架构图如下:
### Fuzz Testing模块
Fuzz Testing模块是针对AI模型的安全测试,根据神经网络的特点,引入神经元覆盖率,作为Fuzz测试的指导,引导Fuzzer朝着神经元覆盖率增加的方向生成样本,让输入能够激活更多的神经元,神经元值的分布范围更广,以充分测试神经网络,探索不同类型的模型输出结果和错误行为。
Fuzz Testing模块的架构图如下:
### 隐私保护模块
隐私保护模块包含差分隐私训练与隐私泄露评估。
#### 差分隐私训练模块
差分隐私训练包括动态或者非动态的差分隐私`SGD`、`Momentum`、`Adam`优化器,噪声机制支持高斯分布噪声、拉普拉斯分布噪声,差分隐私预算监测包含ZCDP、RDP。
差分隐私的架构图如下:
#### 隐私泄露评估模块
隐私泄露评估模块用于评估模型泄露用户隐私的风险。利用成员推理方法来推测样本是否属于用户训练数据集,从而评估深度学习模型的隐私数据安全。
隐私泄露评估模块框架图如下:
## 开始
### 确认系统环境信息
- 硬件平台为Ascend、GPU或CPU。
- 参考[MindSpore安装指南](https://www.mindspore.cn/install),完成MindSpore的安装。
MindArmour与MindSpore的版本需保持一致。
- 其余依赖请参见[setup.py](https://gitee.com/mindspore/mindarmour/blob/master/setup.py)。
### 安装
#### MindSpore版本依赖关系
由于MindArmour与MindSpore有依赖关系,请按照下表所示的对应关系,在[MindSpore下载页面](https://www.mindspore.cn/versions)下载并安装对应的whl包。
| MindArmour | 分支 | MindSpore |
| ---------- | --------------------------------------------------------- | --------- |
| 2.0.0 | [r2.0](https://gitee.com/mindspore/mindarmour/tree/r2.0/) | >=1.7.0 |
| 1.9.0 | [r1.9](https://gitee.com/mindspore/mindarmour/tree/r1.9/) | >=1.7.0 |
| 1.8.0 | [r1.8](https://gitee.com/mindspore/mindarmour/tree/r1.8/) | >=1.7.0 |
| 1.7.0 | [r1.7](https://gitee.com/mindspore/mindarmour/tree/r1.7/) | r1.7 |
#### 源码安装
1. 从Gitee下载源码。
```bash
git clone https://gitee.com/mindspore/mindarmour.git
```
2. 在源码根目录下,执行如下命令编译并安装MindArmour。
```bash
cd mindarmour
python setup.py install
```
#### pip安装
```bash
pip install https://ms-release.obs.cn-north-4.myhuaweicloud.com/{version}/MindArmour/{arch}/mindarmour-{version}-cp37-cp37m-linux_{arch}.whl --trusted-host ms-release.obs.cn-north-4.myhuaweicloud.com -i https://pypi.tuna.tsinghua.edu.cn/simple
```
> - 在联网状态下,安装whl包时会自动下载MindArmour安装包的依赖项(依赖项详情参见[setup.py](https://gitee.com/mindspore/mindarmour/blob/master/setup.py)),其余情况需自行安装。
> - `{version}`表示MindArmour版本号,例如下载1.0.1版本MindArmour时,`{version}`应写为1.0.1。
> - `{arch}`表示系统架构,例如使用的Linux系统是x86架构64位时,`{arch}`应写为`x86_64`。如果系统是ARM架构64位,则写为`aarch64`。
### 验证是否成功安装
执行如下命令,如果没有报错`No module named 'mindarmour'`,则说明安装成功。
```bash
python -c 'import mindarmour'
```
## 文档
安装指导、使用教程、API,请参考[用户文档](https://gitee.com/mindspore/docs)。
## 社区
社区问答:[MindSpore Slack](https://join.slack.com/t/mindspore/shared_invite/enQtOTcwMTIxMDI3NjM0LTNkMWM2MzI5NjIyZWU5ZWQ5M2EwMTQ5MWNiYzMxOGM4OWFhZjI4M2E5OGI2YTg3ODU1ODE2Njg1MThiNWI3YmQ)。
## 贡献
欢迎参与社区贡献,详情参考[Contributor Wiki](https://gitee.com/mindspore/mindspore/blob/master/CONTRIBUTING.md)。
## 版本
版本信息参考:[RELEASE](RELEASE.md)。
## 版权
[Apache License 2.0](LICENSE)
================================================
FILE: RELEASE.md
================================================
# MindSpore Armour Release Notes
[查看中文](./RELEASE_CN.md)
## MindSpore Armour 2.0.0 Release Notes
### Major Features and Improvements
* Add version check with MindSpore.
* Upgrade the related software packages, Pillow>=9.3.0,scipy>=1.5.2,pytest>=5.4.3.
### Contributors
Thanks goes to these wonderful people:
Zhang Shukun, Liu Zhidan, Jin Xiulang, Liu Liu, Tang Cong, Yang Yuan, Li Hongcheng.
Contributions of any kind are welcome!
## MindArmour 1.9.0 Release Notes
### API Change
* Add Chinese version api of natural robustness feature.
### Contributors
Thanks goes to these wonderful people:
Liu Zhidan, Zhang Shukun, Jin Xiulang, Liu Liu, Tang Cong, Yangyuan.
Contributions of any kind are welcome!
## MindArmour 1.8.0 Release Notes
### API Change
* Add Chinese version of all existed api.
### Contributors
Thanks goes to these wonderful people:
Zhang Shukun, Liu Zhidan, Jin Xiulang, Liu Liu, Tang Cong, Yangyuan.
Contributions of any kind are welcome!
## MindArmour 1.7.0 Release Notes
### Major Features and Improvements
#### Robustness
* [STABLE] Real-World Robustness Evaluation Methods
### API Change
* Change value of parameter `mutate_config` in `mindarmour.fuzz_testing.Fuzzer.fuzzing` interface. ([!333](https://gitee.com/mindspore/mindarmour/pulls/333))
### Bug fixes
* Update version of third-party dependence pillow from more than or equal to 6.2.0 to more than or equal to 7.2.0. ([!329](https://gitee.com/mindspore/mindarmour/pulls/329))
### Contributors
Thanks goes to these wonderful people:
Liu Zhidan, Zhang Shukun, Jin Xiulang, Liu Liu.
Contributions of any kind are welcome!
# MindArmour 1.6.0
## MindArmour 1.6.0 Release Notes
### Major Features and Improvements
#### Reliability
* [BETA] Data Drift Detection for Image Data
* [BETA] Model Fault Injection
### Bug fixes
### Contributors
Thanks goes to these wonderful people:
Wu Xiaoyu,Feng Zhenye, Liu Zhidan, Jin Xiulang, Liu Luobin, Liu Liu, Zhang Shukun
# MindArmour 1.5.0
## MindArmour 1.5.0 Release Notes
### Major Features and Improvements
#### Reliability
* [BETA] Reconstruct AI Fuzz and Neuron Coverage Metrics
### Bug fixes
### Contributors
Thanks goes to these wonderful people:
Wu Xiaoyu,Liu Zhidan, Jin Xiulang, Liu Luobin, Liu Liu
# MindArmour 1.3.0-rc1
## MindArmour 1.3.0 Release Notes
### Major Features and Improvements
#### Privacy
* [STABLE] Data Drift Detection for Time Series Data
### Bug fixes
* [BUGFIX] Optimization of API description.
### Contributors
Thanks goes to these wonderful people:
Wu Xiaoyu,Liu Zhidan, Jin Xiulang, Liu Luobin, Liu Liu
# MindArmour 1.2.0
## MindArmour 1.2.0 Release Notes
### Major Features and Improvements
#### Privacy
* [STABLE] Tailored-based privacy protection technology (Pynative)
* [STABLE] Model Inversion. Reverse analysis technology of privacy information
### API Change
#### Backwards Incompatible Change
##### C++ API
[Modify] ...
[Add] ...
[Delete] ...
##### Java API
[Add] ...
#### Deprecations
##### C++ API
##### Java API
### Bug fixes
[BUGFIX] ...
### Contributors
Thanks goes to these wonderful people:
han.yin
# MindArmour 1.1.0 Release Notes
## MindArmour
### Major Features and Improvements
* [STABLE] Attack capability of the Object Detection models.
* Some white-box adversarial attacks, such as [iterative] gradient method and DeepFool now can be applied to Object Detection models.
* Some black-box adversarial attacks, such as PSO and Genetic Attack now can be applied to Object Detection models.
### Backwards Incompatible Change
#### Python API
#### C++ API
### Deprecations
#### Python API
#### C++ API
### New Features
#### Python API
#### C++ API
### Improvements
#### Python API
#### C++ API
### Bug fixes
#### Python API
#### C++ API
## Contributors
Thanks goes to these wonderful people:
Xiulang Jin, Zhidan Liu, Luobin Liu and Liu Liu.
Contributions of any kind are welcome!
# Release 1.0.0
## Major Features and Improvements
### Differential privacy model training
* Privacy leakage evaluation.
* Parameter verification enhancement.
* Support parallel computing.
### Model robustness evaluation
* Fuzzing based Adversarial Robustness testing.
* Parameter verification enhancement.
### Other
* Api & Directory Structure
* Adjusted the directory structure based on different features.
* Optimize the structure of examples.
## Bugfixes
## Contributors
Thanks goes to these wonderful people:
Liu Liu, Xiulang Jin, Zhidan Liu and Luobin Liu.
Contributions of any kind are welcome!
# Release 0.7.0-beta
## Major Features and Improvements
### Differential privacy model training
* Privacy leakage evaluation.
* Using Membership inference to evaluate the effectiveness of privacy-preserving techniques for AI.
### Model robustness evaluation
* Fuzzing based Adversarial Robustness testing.
* Coverage-guided test set generation.
## Bugfixes
## Contributors
Thanks goes to these wonderful people:
Liu Liu, Xiulang Jin, Zhidan Liu, Luobin Liu and Huanhuan Zheng.
Contributions of any kind are welcome!
# Release 0.6.0-beta
## Major Features and Improvements
### Differential privacy model training
* Optimizers with differential privacy
* Differential privacy model training now supports some new policies.
* Adaptive Norm policy is supported.
* Adaptive Noise policy with exponential decrease is supported.
* Differential Privacy Training Monitor
* A new monitor is supported using zCDP as its asymptotic budget estimator.
## Bugfixes
## Contributors
Thanks goes to these wonderful people:
Liu Liu, Huanhuan Zheng, XiuLang jin, Zhidan liu.
Contributions of any kind are welcome.
# Release 0.5.0-beta
## Major Features and Improvements
### Differential privacy model training
* Optimizers with differential privacy
* Differential privacy model training now supports both Pynative mode and graph mode.
* Graph mode is recommended for its performance.
## Bugfixes
## Contributors
Thanks goes to these wonderful people:
Liu Liu, Huanhuan Zheng, Xiulang Jin, Zhidan Liu.
Contributions of any kind are welcome!
# Release 0.3.0-alpha
## Major Features and Improvements
### Differential Privacy Model Training
Differential Privacy is coming! By using Differential-Privacy-Optimizers, one can still train a model as usual, while the trained model preserved the privacy of training dataset, satisfying the definition of
differential privacy with proper budget.
* Optimizers with Differential Privacy([PR23](https://gitee.com/mindspore/mindarmour/pulls/23), [PR24](https://gitee.com/mindspore/mindarmour/pulls/24))
* Some common optimizers now have a differential privacy version (SGD/Adam). We are adding more.
* Automatically and adaptively add Gaussian Noise during training to achieve Differential Privacy.
* Automatically stop training when Differential Privacy Budget exceeds.
* Differential Privacy Monitor([PR22](https://gitee.com/mindspore/mindarmour/pulls/22))
* Calculate overall budget consumed during training, indicating the ultimate protect effect.
## Bug fixes
## Contributors
Thanks goes to these wonderful people:
Liu Liu, Huanhuan Zheng, Zhidan Liu, Xiulang Jin
Contributions of any kind are welcome!
# Release 0.2.0-alpha
## Major Features and Improvements
* Add a white-box attack method: M-DI2-FGSM([PR14](https://gitee.com/mindspore/mindarmour/pulls/14)).
* Add three neuron coverage metrics: KMNCov, NBCov, SNACov([PR12](https://gitee.com/mindspore/mindarmour/pulls/12)).
* Add a coverage-guided fuzzing test framework for deep neural networks([PR13](https://gitee.com/mindspore/mindarmour/pulls/13)).
* Update the MNIST Lenet5 examples.
* Remove some duplicate code.
## Bug fixes
## Contributors
Thanks goes to these wonderful people:
Liu Liu, Huanhuan Zheng, Zhidan Liu, Xiulang Jin
Contributions of any kind are welcome!
# Release 0.1.0-alpha
Initial release of MindArmour.
## Major Features
* Support adversarial attack and defense on the platform of MindSpore.
* Include 13 white-box and 7 black-box attack methods.
* Provide 5 detection algorithms to detect attacking in multiple way.
* Provide adversarial training to enhance model security.
* Provide 6 evaluation metrics for attack methods and 9 evaluation metrics for defense methods.
================================================
FILE: RELEASE_CN.md
================================================
# MindSpore Armour Release Notes
[View English](./RELEASE.md)
## MindSpore Armour 2.1.0 Release Notes
### 主要特性及增强
* 增加与MindSpore的版本校验关系。
* 升级相关软件包版本,setuptools >= 78.1.1,numpy >= 1.20.0,<2.0.0。
### 贡献者
感谢以下人员做出的贡献:
Yang Yuan, Han Zhibin, Liu Siming.
欢迎以任何形式对项目提供贡献!
## MindSpore Armour 2.0.0 Release Notes
### 主要特性及增强
* 增加与MindSpore的版本校验关系。
* 升级相关软件包版本,Pillow>=9.3.0,scipy>=1.5.2,pytest>=5.4.3。
### 贡献者
感谢以下人员做出的贡献:
Zhang Shukun, Liu Zhidan, Jin Xiulang, Liu Liu, Tang Cong, Yang Yuan, Li Hongcheng.
欢迎以任何形式对项目提供贡献!
## MindArmour 1.9.0 Release Notes
### API Change
* 增加自然鲁棒性特性的api中文版本
### 贡献
感谢以下人员做出的贡献:
Liu Zhidan, Zhang Shukun, Jin Xiulang, Liu Liu, Tang Cong, Yangyuan.
欢迎以任何形式对项目提供贡献!
## MindArmour 1.8.0 Release Notes
### API Change
* 增加所有特性的api中文版本
### 贡献
感谢以下人员做出的贡献:
Zhang Shukun, Liu Zhidan, Jin Xiulang, Liu Liu, Tang Cong, Yangyuan.
欢迎以任何形式对项目提供贡献!
## MindArmour 1.7.0 Release Notes
### 主要特性和增强
#### 鲁棒性
* [STABLE] 自然扰动评估方法
### API Change
* 接口`mindarmour.fuzz_testing.Fuzzer.fuzzing`的参数`mutate_config`的取值范围变化。 ([!333](https://gitee.com/mindspore/mindarmour/pulls/333))
### Bug修复
* 更新第三方依赖pillow的版本从大于等于6.2.0更新为大于等于7.2.0. ([!329](https://gitee.com/mindspore/mindarmour/pulls/329))
### 贡献
感谢以下人员做出的贡献:
Liu Zhidan, Zhang Shukun, Jin Xiulang, Liu Liu.
欢迎以任何形式对项目提供贡献!
================================================
FILE: docs/README.md
================================================
# MindArmour Documentation
The MindArmour documentation is in the [MindSpore Docs](https://gitee.com/mindspore/docs) repository.
================================================
FILE: docs/api/api_python/mindarmour.adv_robustness.attacks.rst
================================================
mindarmour.adv_robustness.attacks
=================================
本模块包括经典的黑盒和白盒攻击算法,以制作对抗样本。
.. py:class:: mindarmour.adv_robustness.attacks.FastGradientMethod(network, eps=0.07, alpha=None, bounds=(0.0, 1.0), norm_level=2, is_targeted=False, loss_fn=None)
基于梯度计算的单步攻击,扰动的范数包括 ``'L1'``、``'L2'`` 和 ``'Linf'``。
参考文献:`I. J. Goodfellow, J. Shlens, and C. Szegedy, "Explaining and harnessing adversarial examples," in ICLR, 2015. <https://arxiv.org/abs/1412.6572>`_。
参数:
- **network** (Cell) - 目标模型。
- **eps** (float) - 攻击产生的单步对抗扰动占数据范围的比例。默认值:``0.07``。
- **alpha** (Union[float, None]) - 单步随机扰动与数据范围的比例。默认值:``None``。
- **bounds** (tuple) - 数据的上下界,表示数据范围。以(数据最小值, 数据最大值)的形式出现。默认值:``(0.0, 1.0)``。
- **norm_level** (Union[int, str, numpy.inf]) - 范数类型。
可取值:``numpy.inf``、``1``、``2``、``'1'``、``'2'``、``'l1'``、``'l2'``、``'np.inf'``、``'inf'``、``'linf'``。默认值:``2``。
- **is_targeted** (bool) - 如果为 ``True``,则为目标攻击。如果为 ``False``,则为无目标攻击。默认值:``False``。
- **loss_fn** (Union[loss, None]) - 用于优化的损失函数。如果为 ``None``,则输入网络已配备损失函数。默认值:``None``。
.. py:class:: mindarmour.adv_robustness.attacks.RandomFastGradientMethod(network, eps=0.07, alpha=0.035, bounds=(0.0, 1.0), norm_level=2, is_targeted=False, loss_fn=None)
使用随机扰动的快速梯度法(Fast Gradient Method)。
基于梯度计算的单步攻击,其对抗性噪声是根据输入的梯度生成的,然后加入随机扰动,从而生成对抗样本。
参考文献:`Florian Tramer, Alexey Kurakin, Nicolas Papernot, "Ensemble adversarial training: Attacks and defenses" in ICLR, 2018 <https://arxiv.org/abs/1705.07204>`_。
参数:
- **network** (Cell) - 目标模型。
- **eps** (float) - 攻击产生的单步对抗扰动占数据范围的比例。默认值:``0.07``。
- **alpha** (float) - 单步随机扰动与数据范围的比例。默认值:``0.035``。
- **bounds** (tuple) - 数据的上下界,表示数据范围。以(数据最小值,数据最大值)的形式出现。默认值:``(0.0, 1.0)``。
- **norm_level** (Union[int, str, numpy.inf]) - 范数类型。
可取值:``numpy.inf``、``1``、``2``、``'1'``、``'2'``、``'l1'``、``'l2'``、``'np.inf'``、``'inf'``、``'linf'``。默认值:``2``。
- **is_targeted** (bool) - 如果为 ``True``,则为目标攻击。如果为 ``False``,则为无目标攻击。默认值:``False``。
- **loss_fn** (Union[loss, None]) - 用于优化的损失函数。如果为 ``None``,则输入网络已配备损失函数。默认值:``None``。
异常:
- **ValueError** - `eps` 小于 `alpha` 。
.. py:class:: mindarmour.adv_robustness.attacks.FastGradientSignMethod(network, eps=0.07, alpha=None, bounds=(0.0, 1.0), is_targeted=False, loss_fn=None)
快速梯度下降法(Fast Gradient Sign Method)攻击计算输入数据的梯度,然后使用梯度的符号创建对抗性噪声。
参考文献:`Ian J. Goodfellow, J. Shlens, and C. Szegedy, "Explaining and harnessing adversarial examples," in ICLR, 2015 <https://arxiv.org/abs/1412.6572>`_。
参数:
- **network** (Cell) - 目标模型。
- **eps** (float) - 攻击产生的单步对抗扰动占数据范围的比例。默认值:``0.07``。
- **alpha** (Union[float, None]) - 单步随机扰动与数据范围的比例。默认值:``None``。
- **bounds** (tuple) - 数据的上下界,表示数据范围。以(数据最小值,数据最大值)的形式出现。默认值:``(0.0, 1.0)``。
- **is_targeted** (bool) - 如果为 ``True``,则为目标攻击。如果为 ``False``,则为无目标攻击。默认值:``False``。
- **loss_fn** (Union[Loss, None]) - 用于优化的损失函数。如果为 ``None``,则输入网络已配备损失函数。默认值:``None``。
.. py:class:: mindarmour.adv_robustness.attacks.RandomFastGradientSignMethod(network, eps=0.07, alpha=0.035, bounds=(0.0, 1.0), is_targeted=False, loss_fn=None)
快速梯度下降法(Fast Gradient Sign Method)使用随机扰动。
随机快速梯度符号法(Random Fast Gradient Sign Method)攻击计算输入数据的梯度,然后使用带有随机扰动的梯度符号来创建对抗性噪声。
参考文献:`F. Tramer, et al., "Ensemble adversarial training: Attacks and defenses," in ICLR, 2018 <https://arxiv.org/abs/1705.07204>`_。
参数:
- **network** (Cell) - 目标模型。
- **eps** (float) - 攻击产生的单步对抗扰动占数据范围的比例。默认值:``0.07``。
- **alpha** (float) - 单步随机扰动与数据范围的比例。默认值:``0.005``。
- **bounds** (tuple) - 数据的上下界,表示数据范围。以(数据最小值,数据最大值)的形式出现。默认值:``(0.0, 1.0)``。
- **is_targeted** (bool) - 如果为 ``True``,则为目标攻击。如果为 ``False``,则为无目标攻击。默认值:``False``。
- **loss_fn** (Union[Loss, None]) - 用于优化的损失函数。如果为 ``None``,则输入网络已配备损失函数。默认值:``None``。
异常:
- **ValueError** - `eps` 小于 `alpha` 。
.. py:class:: mindarmour.adv_robustness.attacks.LeastLikelyClassMethod(network, eps=0.07, alpha=None, bounds=(0.0, 1.0), loss_fn=None)
单步最不可能类方法(Single Step Least-Likely Class Method)是FGSM的变体,它以最不可能类为目标,以生成对抗样本。
参考文献:`F. Tramer, et al., "Ensemble adversarial training: Attacks and defenses," in ICLR, 2018 <https://arxiv.org/abs/1705.07204>`_。
参数:
- **network** (Cell) - 目标模型。
- **eps** (float) - 攻击产生的单步对抗扰动占数据范围的比例。默认值:``0.07``。
- **alpha** (Union[float, None]) - 单步随机扰动与数据范围的比例。默认值:``None``。
- **bounds** (tuple) - 数据的上下界,表示数据范围。以(数据最小值,数据最大值)的形式出现。默认值:``(0.0, 1.0)``。
- **loss_fn** (Union[Loss, None]) - 用于优化的损失函数。如果为 ``None``,则输入网络已配备损失函数。默认值:``None``。
.. py:class:: mindarmour.adv_robustness.attacks.RandomLeastLikelyClassMethod(network, eps=0.07, alpha=0.035, bounds=(0.0, 1.0), loss_fn=None)
随机最不可能类攻击方法:以置信度最小类别对应的梯度加一个随机扰动为攻击方向。
具有随机扰动的单步最不可能类方法(Single Step Least-Likely Class Method)是随机FGSM的变体,它以最不可能类为目标,以生成对抗样本。
参考文献:`F. Tramer, et al., "Ensemble adversarial training: Attacks and defenses," in ICLR, 2018 <https://arxiv.org/abs/1705.07204>`_。
参数:
- **network** (Cell) - 目标模型。
- **eps** (float) - 攻击产生的单步对抗扰动占数据范围的比例。默认值:``0.07``。
- **alpha** (float) - 单步随机扰动与数据范围的比例。默认值:``0.005``。
- **bounds** (tuple) - 数据的上下界,表示数据范围。以(数据最小值,数据最大值)的形式出现。默认值:``(0.0, 1.0)``。
- **loss_fn** (Union[Loss, None]) - 用于优化的损失函数。如果为 ``None``,则输入网络已配备损失函数。默认值:``None``。
异常:
- **ValueError** - `eps` 小于 `alpha` 。
.. py:class:: mindarmour.adv_robustness.attacks.IterativeGradientMethod(network, eps=0.3, eps_iter=0.1, bounds=(0.0, 1.0), nb_iter=5, loss_fn=None)
所有基于迭代梯度的攻击的抽象基类。
参数:
- **network** (Cell) - 目标模型。
- **eps** (float) - 攻击产生的对抗性扰动占数据范围的比例。默认值:``0.3``。
- **eps_iter** (float) - 攻击产生的单步对抗扰动占数据范围的比例。默认值:``0.1``。
- **bounds** (tuple) - 数据的上下界,表示数据范围。以(数据最小值,数据最大值)的形式出现。默认值:``(0.0, 1.0)``。
- **nb_iter** (int) - 迭代次数。默认值:``5``。
- **loss_fn** (Union[Loss, None]) - 用于优化的损失函数。如果为 ``None``,则输入网络已配备损失函数。默认值:``None``。
.. py:method:: generate(inputs, labels)
:abstractmethod:
根据输入样本和原始/目标标签生成对抗样本。
参数:
- **inputs** (Union[numpy.ndarray, tuple]) - 良性输入样本,用于创建对抗样本。
- **labels** (Union[numpy.ndarray, tuple]) - 原始/目标标签。若每个输入有多个标签,将它包装在元组中。
异常:
- **NotImplementedError** - 此函数在迭代梯度方法中不可用。
.. py:class:: mindarmour.adv_robustness.attacks.BasicIterativeMethod(network, eps=0.3, eps_iter=0.1, bounds=(0.0, 1.0), is_targeted=False, nb_iter=5, loss_fn=None)
基本迭代法(Basic Iterative Method)攻击,一种生成对抗示例的迭代FGSM方法。
参考文献:`A. Kurakin, I. Goodfellow, and S. Bengio, "Adversarial examples in the physical world," in ICLR, 2017 <https://arxiv.org/abs/1607.02533>`_。
参数:
- **network** (Cell) - 目标模型。
- **eps** (float) - 攻击产生的对抗性扰动占数据范围的比例。默认值:``0.3``。
- **eps_iter** (float) - 攻击产生的单步对抗扰动占数据范围的比例。默认值:``0.1``。
- **bounds** (tuple) - 数据的上下界,表示数据范围。以(数据最小值,数据最大值)的形式出现。默认值:``(0.0, 1.0)``。
- **is_targeted** (bool) - 如果为 ``True``,则为目标攻击。如果为 ``False``,则为无目标攻击。默认值:``False``。
- **nb_iter** (int) - 迭代次数。默认值:``5``。
- **loss_fn** (Union[Loss, None]) - 用于优化的损失函数。如果为 ``None``,则输入网络已配备损失函数。默认值:``None``。
.. py:method:: generate(inputs, labels)
使用迭代FGSM方法生成对抗样本。
参数:
- **inputs** (Union[numpy.ndarray, tuple]) - 良性输入样本,用于创建对抗样本。
- **labels** (Union[numpy.ndarray, tuple]) - 原始/目标标签。若每个输入有多个标签,将它包装在元组中。
返回:
- **numpy.ndarray** - 生成的对抗样本。
.. py:class:: mindarmour.adv_robustness.attacks.MomentumIterativeMethod(network, eps=0.3, eps_iter=0.1, bounds=(0.0, 1.0), is_targeted=False, nb_iter=5, decay_factor=1.0, norm_level='inf', loss_fn=None)
动量迭代法(Momentum Iterative Method)攻击,通过在迭代中积累损失函数的梯度方向上的速度矢量,加速梯度下降算法,如FGSM、FGM和LLCM,从而生成对抗样本。
参考文献:`Y. Dong, et al., "Boosting adversarial attacks with momentum," arXiv:1710.06081, 2017 <https://arxiv.org/abs/1710.06081>`_。
参数:
- **network** (Cell) - 目标模型。
- **eps** (float) - 攻击产生的对抗性扰动占数据范围的比例。默认值:``0.3``。
- **eps_iter** (float) - 攻击产生的单步对抗扰动占数据范围的比例。默认值:``0.1``。
- **bounds** (tuple) - 数据的上下界,表示数据范围。
以(数据最小值,数据最大值)的形式出现。默认值:``(0.0, 1.0)``。
- **is_targeted** (bool) - 如果为 ``True``,则为目标攻击。如果为 ``False``,则为无目标攻击。默认值:``False``。
- **nb_iter** (int) - 迭代次数。默认值:``5``。
- **decay_factor** (float) - 迭代中的衰变因子。默认值:``1.0``。
- **norm_level** (Union[int, str, numpy.inf]) - 范数类型。
可取值:``numpy.inf``、``1``、``2``、``'1'``、``'2'``、``'l1'``、``'l2'``、``'np.inf'``、``'inf'``、``'linf'``。默认值:``numpy.inf``。
- **loss_fn** (Union[Loss, None]) - 用于优化的损失函数。如果为 ``None``,则输入网络已配备损失函数。默认值:``None``。
.. py:method:: generate(inputs, labels)
根据输入数据和原始/目标标签生成对抗样本。
参数:
- **inputs** (Union[numpy.ndarray, tuple]) - 良性输入样本,用于创建对抗样本。
- **labels** (Union[numpy.ndarray, tuple]) - 原始/目标标签。若每个输入有多个标签,将它包装在元组中。
返回:
- **numpy.ndarray** - 生成的对抗样本。
.. py:class:: mindarmour.adv_robustness.attacks.ProjectedGradientDescent(network, eps=0.3, eps_iter=0.1, bounds=(0.0, 1.0), is_targeted=False, nb_iter=5, norm_level='inf', loss_fn=None)
投影梯度下降(Projected Gradient Descent)攻击是基本迭代法的变体,在这种方法中,每次迭代之后,扰动被投影在指定半径的p范数球上(除了剪切对抗样本的值,使其位于允许的数据范围内)。这是Madry等人提出的用于对抗性训练的攻击。
参考文献:`A. Madry, et al., "Towards deep learning models resistant to adversarial attacks," in ICLR, 2018 <https://arxiv.org/abs/1706.06083>`_。
参数:
- **network** (Cell) - 目标模型。
- **eps** (float) - 攻击产生的对抗性扰动占数据范围的比例。默认值:``0.3``。
- **eps_iter** (float) - 攻击产生的单步对抗扰动占数据范围的比例。默认值:``0.1``。
- **bounds** (tuple) - 数据的上下界,表示数据范围。以(数据最小值,数据最大值)的形式出现。默认值:``(0.0, 1.0)``。
- **is_targeted** (bool) - 如果为 ``True``,则为目标攻击。如果为 ``False``,则为无目标攻击。默认值:``False``。
- **nb_iter** (int) - 迭代次数。默认值:``5``。
- **norm_level** (Union[int, str, numpy.inf]) - 范数类型。
可取值:``numpy.inf``、``1``、``2``、``'1'``、``'2'``、``'l1'``、``'l2'``、``'np.inf'``、``'inf'``、``'linf'``。默认值:``'numpy.inf'``。
- **loss_fn** (Union[Loss, None]) - 用于优化的损失函数。如果为 ``None``,则输入网络已配备损失函数。默认值:``None``。
.. py:method:: generate(inputs, labels)
基于BIM方法迭代生成对抗样本。通过带有参数norm_level的投影方法归一化扰动。
参数:
- **inputs** (Union[numpy.ndarray, tuple]) - 良性输入样本,用于创建对抗样本。
- **labels** (Union[numpy.ndarray, tuple]) - 原始/目标标签。若每个输入有多个标签,将它包装在元组中。
返回:
- **numpy.ndarray** - 生成的对抗样本。
.. py:class:: mindarmour.adv_robustness.attacks.AutoProjectedGradientDescent(network, eps=8 / 255, eps_iter=0.1, bounds=(0.0, 1.0), is_targeted=False, nb_iter=10, norm_level='inf', loss_fn=None, eot_iter=1, thr_decr=0.75)
自动投影梯度下降(AutoProjected Gradient Descent)攻击是基本迭代法的变体,也是PGD方法的升级版,在这种方法中,每次迭代之后,扰动被投影在指定半径的p范数球上(除了剪切对抗样本的值,使其位于允许的数据范围内),并引入了自适应步长和动量来加速收敛并提高攻击性能。这是Croce等人提出的用于对抗性训练的攻击。
参考文献:`Croce and Hein, "Reliable evaluation of adversarial robustness with an ensemble of \
diverse parameter-free attacks" in ICML, 2020 <https://arxiv.org/abs/2003.01690>`_。
参数:
- **network** (Cell) - 目标模型。
- **eps** (float) - 攻击产生的对抗性扰动占数据范围的比例。默认值:``8 / 255``。
- **eps_iter** (float) - 攻击产生的单步对抗扰动占数据范围的比例。默认值:``0.1``。
- **bounds** (tuple) - 数据的上下界,表示数据范围。以(数据最小值,数据最大值)的形式出现。默认值:``(0.0, 1.0)``。
- **is_targeted** (bool) - 如果为 ``True``,则为目标攻击。如果为 ``False``,则为无目标攻击。默认值:``False``。
- **nb_iter** (int) - 迭代次数。默认值:``10``。
- **norm_level** (Union[int, str, numpy.inf]) - 范数类型。可取值: ``inf`` 、 ``1`` 、 ``2`` 。默认值: ``inf`` 。
- **loss_fn** (Union[Loss, None]) - 用于优化的损失函数。如果为 ``None``,则输入网络已配备损失函数。默认值:``None``。
- **eot_iter** (int) - EOT的迭代次数。默认值: ``1``。
- **thr_decr** (float) - 步长更新的参数。默认值: ``0.75``。
.. py:method:: generate(inputs, labels)
根据输入样本和原始标签生成对抗样本。通过带有参数 `norm_level` 的投影方法归一化扰动。
参数:
- **inputs** (Union[numpy.ndarray, tuple]) - 良性输入样本,用于创建对抗样本。
- **labels** (Union[numpy.ndarray, tuple]) - 原始/目标标签。若每个输入有多个标签,将它包装在元组中。
返回:
numpy.ndarray,生成的对抗样本。
.. py:class:: mindarmour.adv_robustness.attacks.DiverseInputIterativeMethod(network, eps=0.3, bounds=(0.0, 1.0), is_targeted=False, prob=0.5, loss_fn=None)
多样性输入迭代法(Diverse Input Iterative Method)攻击遵循基本迭代法,并在每次迭代时对输入数据应用随机转换。对输入数据的这种转换可以提高对抗样本的可转移性。
参考文献:`Xie, Cihang and Zhang, et al., "Improving Transferability of Adversarial Examples With Input Diversity," in CVPR, 2019 <https://arxiv.org/abs/1803.06978>`_。
参数:
- **network** (Cell) - 目标模型。
- **eps** (float) - 攻击产生的对抗性扰动占数据范围的比例。默认值:``0.3``。
- **bounds** (tuple) - 数据的上下界,表示数据范围。以(数据最小值,数据最大值)的形式出现。默认值:``(0.0, 1.0)``。
- **is_targeted** (bool) - 如果为 ``True``,则为目标攻击。如果为 ``False``,则为无目标攻击。默认值:``False``。
- **prob** (float) - 对输入样本的转换概率。默认值:``0.5``。
- **loss_fn** (Union[Loss, None]) - 用于优化的损失函数。如果为 ``None``,则输入网络已配备损失函数。默认值:``None``。
.. py:class:: mindarmour.adv_robustness.attacks.MomentumDiverseInputIterativeMethod(network, eps=0.3, bounds=(0.0, 1.0), is_targeted=False, norm_level='l1', prob=0.5, loss_fn=None)
动量多样性输入迭代法(Momentum Diverse Input Iterative Method)攻击是一种动量迭代法,在每次迭代时对输入数据应用随机变换。对输入数据的这种转换可以提高对抗样本的可转移性。
参考文献:`Xie, Cihang and Zhang, et al., "Improving Transferability of Adversarial Examples With Input Diversity," in CVPR, 2019 <https://arxiv.org/abs/1803.06978>`_。
参数:
- **network** (Cell) - 目标模型。
- **eps** (float) - 攻击产生的对抗性扰动占数据范围的比例。默认值:``0.3``。
- **bounds** (tuple) - 数据的上下界,表示数据范围。以(数据最小值,数据最大值)的形式出现。默认值:``(0.0, 1.0)``。
- **is_targeted** (bool) - 如果为 ``True``,则为目标攻击。如果为 ``False``,则为无目标攻击。默认值:``False``。
- **norm_level** (Union[int, str, numpy.inf]) - 范数类型。
可取值:``numpy.inf``、``1``、``2``、``'1'``、``'2'``、``'l1'``、``'l2'``、``'np.inf'``、``'inf'``、``'linf'``。默认值:``'l1'``。
- **prob** (float) - 对输入样本的转换概率。默认值:``0.5``。
- **loss_fn** (Union[Loss, None]) - 用于优化的损失函数。如果为 ``None``,则输入网络已配备损失函数。默认值:``None``。
.. py:class:: mindarmour.adv_robustness.attacks.DeepFool(network, num_classes, model_type='classification', reserve_ratio=0.3, max_iters=50, overshoot=0.02, norm_level=2, bounds=None, sparse=True)
DeepFool是一种无目标的迭代攻击,通过将良性样本移动到最近的分类边界并跨越边界来实现。
参考文献:`DeepFool: a simple and accurate method to fool deep neural networks <https://arxiv.org/abs/1511.04599>`_。
参数:
- **network** (Cell) - 目标模型。
- **num_classes** (int) - 模型输出的标签数,应大于零。
- **model_type** (str) - 目标模型的类型。现在支持 ``'classification'`` 和 ``'detection'``。默认值:``'classification'``。
- **reserve_ratio** (Union[int, float]) - 攻击后可检测到的对象百分比,仅当model_type为 ``'detection'`` 时有效。保留比率应在(0, 1)的范围内。默认值:``0.3``。
- **max_iters** (int) - 最大迭代次数,应大于零。默认值:``50``。
- **overshoot** (float) - 过冲参数。默认值:``0.02``。
- **norm_level** (Union[int, str, numpy.inf]) - 矢量范数类型。可取值:``numpy.inf`` 或 ``2``。默认值:``2``。
- **bounds** (Union[tuple, list]) - 数据范围的上下界。以(数据最小值,数据最大值)的形式出现。默认值:``None``。
- **sparse** (bool) - 如果为 ``True``,则输入标签为稀疏编码。如果为 ``False``,则输入标签为one-hot编码。默认值:``True``。
.. py:method:: generate(inputs, labels)
根据输入样本和原始标签生成对抗样本。
参数:
- **inputs** (Union[numpy.ndarray, tuple]) - 输入样本。
- 如果 `model_type` = ``'classification'``,则输入的格式应为numpy.ndarray。输入的格式可以是(input1, input2, ...)。
- 如果 `model_type` = ``'detection'``,则只能是一个数组。
- **labels** (Union[numpy.ndarray, tuple]) - 目标标签或ground-truth标签。
- 如果 `model_type` = ``'classification'``,标签的格式应为numpy.ndarray。
- 如果 `model_type` = ``'detection'``,标签的格式应为(gt_boxes, gt_labels)。
返回:
- **numpy.ndarray** - 对抗样本。
异常:
- **NotImplementedError** - `norm_level` 不为 ``2``、``numpy.inf``、``'2'`` 或 ``'inf'``。
.. py:class:: mindarmour.adv_robustness.attacks.CarliniWagnerL2Attack(network, num_classes, box_min=0.0, box_max=1.0, bin_search_steps=5, max_iterations=1000, confidence=0, learning_rate=5e-3, initial_const=1e-2, abort_early_check_ratio=5e-2, targeted=False, fast=True, abort_early=True, sparse=True)
使用L2范数的Carlini & Wagner攻击通过分别利用两个损失生成对抗样本:“对抗损失”可使生成的示例实际上是对抗性的,“距离损失”可以控制对抗样本的质量。
参考文献:`Nicholas Carlini, David Wagner: "Towards Evaluating the Robustness of Neural Networks" <https://arxiv.org/abs/1608.04644>`_。
参数:
- **network** (Cell) - 目标模型。
- **num_classes** (int) - 模型输出的标签数,应大于零。
- **box_min** (float) - 目标模型输入的下界。默认值:``0``。
- **box_max** (float) - 目标模型输入的上界。默认值:``1.0``。
- **bin_search_steps** (int) - 用于查找距离和置信度之间的最优trade-off常数的二分查找步数。默认值:``5``。
- **max_iterations** (int) - 最大迭代次数,应大于零。默认值:``1000``。
- **confidence** (float) - 对抗样本输出的置信度。默认值:``0``。
- **learning_rate** (float) - 攻击算法的学习率。默认值:``5e-3``。
- **initial_const** (float) - 用于平衡扰动范数和置信度差异的初始trade-off常数。默认值:``1e-2``。
- **abort_early_check_ratio** (float) - 检查所有迭代中所有比率的损失进度。默认值:``5e-2``。
- **targeted** (bool) - 如果为 ``True``,则为目标攻击。如果为 ``False``,则为无目标攻击。默认值:``False``。
- **fast** (bool) - 如果为 ``True``,则返回第一个找到的对抗样本。如果为 ``False``,则返回扰动较小的对抗样本。默认值:``True``。
- **abort_early** (bool) - 是否提前终止。
- 如果为 ``True``,则当损失在一段时间内没有减少,Adam将被中止。
- 如果为 ``False``,Adam将继续工作,直到到达最大迭代。默认值:``True``。
- **sparse** (bool) - 如果为 ``True``,则输入标签为稀疏编码。如果为 ``False``,则输入标签为one-hot编码。默认值:``True``。
.. py:method:: generate(inputs, labels)
根据输入数据和目标标签生成对抗样本。
参数:
- **inputs** (numpy.ndarray) - 输入样本。
- **labels** (numpy.ndarray) - 输入样本的真值标签或目标标签。
返回:
- **numpy.ndarray** - 生成的对抗样本。
.. py:class:: mindarmour.adv_robustness.attacks.JSMAAttack(network, num_classes, box_min=0.0, box_max=1.0, theta=1.0, max_iteration=1000, max_count=3, increase=True, sparse=True)
基于Jacobian的显著图攻击(Jacobian-based Saliency Map Attack)是一种基于输入特征显著图的有目标的迭代攻击。它使用每个类标签相对于输入的每个组件的损失梯度。然后,使用显著图来选择产生最大误差的维度。
参考文献:`The limitations of deep learning in adversarial settings <https://arxiv.org/abs/1511.07528>`_。
参数:
- **network** (Cell) - 目标模型。
- **num_classes** (int) - 模型输出的标签数,应大于零。
- **box_min** (float) - 目标模型输入的下界。默认值:``0``。
- **box_max** (float) - 目标模型输入的上界。默认值:``1.0``。
- **theta** (float) - 一个像素的变化率(相对于输入数据范围)。默认值:``1.0``。
- **max_iteration** (int) - 迭代的最大轮次。默认值:``1000``。
- **max_count** (int) - 每个像素的最大更改次数。默认值:``3``。
- **increase** (bool) - 如果为 ``True``,则增加扰动。如果为 ``False``,则减少扰动。默认值:``True``。
- **sparse** (bool) - 如果为 ``True``,则输入标签为稀疏编码。如果为 ``False``,则输入标签为one-hot编码。默认值:``True``。
.. py:method:: generate(inputs, labels)
批量生成对抗样本。
参数:
- **inputs** (numpy.ndarray) - 输入样本。
- **labels** (numpy.ndarray) - 目标标签。
返回:
- **numpy.ndarray** - 对抗样本。
.. py:class:: mindarmour.adv_robustness.attacks.LBFGS(network, eps=1e-5, bounds=(0.0, 1.0), is_targeted=True, nb_iter=150, search_iters=30, loss_fn=None, sparse=False)
L-BFGS-B攻击使用有限内存BFGS优化算法来最小化输入与对抗样本之间的距离。
参考文献:`Pedro Tabacof, Eduardo Valle. "Exploring the Space of Adversarial Images" <https://arxiv.org/abs/1510.05328>`_。
参数:
- **network** (Cell) - 被攻击模型的网络。
- **eps** (float) - 攻击步长。默认值:``1e-5``。
- **bounds** (tuple) - 数据的上下界。默认值:``(0.0, 1.0)``。
- **is_targeted** (bool) - 如果为 ``True``,则为目标攻击。如果为 ``False``,则为无目标攻击。默认值:``True``。
- **nb_iter** (int) - lbfgs优化器的迭代次数,应大于零。默认值:``150``。
- **search_iters** (int) - 步长的变更数,应大于零。默认值:``30``。
- **loss_fn** (Functions) - 替代模型的损失函数。默认值:``None``。
- **sparse** (bool) - 如果为 ``True``,则输入标签为稀疏编码。如果为 ``False``,则输入标签为one-hot编码。默认值:``False``。
.. py:method:: generate(inputs, labels)
根据输入数据和目标标签生成对抗样本。
参数:
- **inputs** (numpy.ndarray) - 良性输入样本,用于创建对抗样本。
- **labels** (numpy.ndarray) - 原始/目标标签。
返回:
- **numpy.ndarray** - 生成的对抗样本。
.. py:class:: mindarmour.adv_robustness.attacks.GeneticAttack(model, model_type='classification', targeted=True, reserve_ratio=0.3, sparse=True, pop_size=6, mutation_rate=0.005, per_bounds=0.15, max_steps=1000, step_size=0.20, temp=0.3, bounds=(0, 1.0), adaptive=False, c=0.1)
遗传攻击(Genetic Attack)为基于遗传算法的黑盒攻击,属于差分进化算法。
此攻击是由Moustafa Alzantot等人(2018)提出的。
参考文献: `Moustafa Alzantot, Yash Sharma, Supriyo Chakraborty, "GeneticAttack: Practical Black-box Attacks with Gradient-FreeOptimization" <https://arxiv.org/abs/1805.11090>`_。
参数:
- **model** (BlackModel) - 目标模型。
- **model_type** (str) - 目标模型的类型。现在支持 ``'classification'`` 和 ``'detection'``。默认值:``'classification'``。
- **targeted** (bool) - 如果为 ``True``,则为目标攻击。如果为 ``False``,则为无目标攻击。 `model_type` 为 ``'detection'`` 时仅支持无目标攻击,默认值:``True``。
- **reserve_ratio** (Union[int, float]) - 攻击后可检测到的对象百分比,仅当 `model_type` 为 ``'detection'`` 时有效。保留比率应在(0, 1)的范围内。默认值:``0.3``。
- **pop_size** (int) - 粒子的数量,应大于零。默认值:``6``。
- **mutation_rate** (Union[int, float]) - 突变的概率,应在(0,1)的范围内。默认值:``0.005``。
- **per_bounds** (Union[int, float]) - 扰动允许的最大无穷范数距离。
- **max_steps** (int) - 每个对抗样本的最大迭代轮次。默认值:``1000``。
- **step_size** (Union[int, float]) - 攻击步长。默认值:``0.2``。
- **temp** (Union[int, float]) - 用于选择的采样温度。默认值:``0.3``。温度越大,个体选择概率之间的差异就越大。
- **bounds** (Union[tuple, list, None]) - 数据的上下界。以(数据最小值,数据最大值)的形式出现。默认值:``(0, 1.0)``。
- **adaptive** (bool) - 为 ``True``,则打开突变参数的动态缩放。如果为 ``False``,则打开静态突变参数。默认值:``False``。
- **sparse** (bool) - 如果为 ``True``,则输入标签为稀疏编码。如果为 ``False``,则输入标签为one-hot编码。默认值:``True``。
- **c** (Union[int, float]) - 扰动损失的权重。默认值:``0.1``。
.. py:method:: generate(inputs, labels)
根据输入数据和目标标签(或ground_truth标签)生成对抗样本。
参数:
- **inputs** (Union[numpy.ndarray, tuple]) - 输入样本。
- 如果 `model_type` = ``'classification'``,则输入的格式应为numpy.ndarray。输入的格式可以是(input1, input2, ...)。
- 如果 `model_type` = ``'detection'``,则只能是一个数组。
- **labels** (Union[numpy.ndarray, tuple]) - 目标标签或ground-truth标签。
- 如果 `model_type` = ``'classification'``,标签的格式应为numpy.ndarray。
- 如果 `model_type` = ``'detection'``,标签的格式应为(gt_boxes, gt_labels)。
返回:
- **numpy.ndarray** - 每个攻击结果的布尔值。
- **numpy.ndarray** - 生成的对抗样本。
- **numpy.ndarray** - 每个样本的查询次数。
.. py:class:: mindarmour.adv_robustness.attacks.HopSkipJumpAttack(model, init_num_evals=100, max_num_evals=1000, stepsize_search='geometric_progression', num_iterations=20, gamma=1.0, constraint='l2', batch_size=32, clip_min=0.0, clip_max=1.0, sparse=True)
Chen、Jordan和Wainwright提出的HopSkipJumpAttack是一种基于决策的攻击。此攻击需要访问目标模型的输出标签。
参考文献:`Chen J, Michael I. Jordan, Martin J. Wainwright. HopSkipJumpAttack: A Query-Efficient Decision-Based Attack. 2019. arXiv:1904.02144 <https://arxiv.org/abs/1904.02144>`_。
参数:
- **model** (BlackModel) - 目标模型。
- **init_num_evals** (int) - 梯度估计的初始评估数。默认值:``100``。
- **max_num_evals** (int) - 梯度估计的最大评估数。默认值:``1000``。
- **stepsize_search** (str) - 表示要如何搜索步长;
- 可取值为 ``'geometric_progression'`` 或 ``'grid_search'`` 。默认值:``'geometric_progression'``。
- **num_iterations** (int) - 迭代次数。默认值:``20``。
- **gamma** (float) - 用于设置二进制搜索阈值theta。默认值:``1.0``。
对于l2攻击,二进制搜索阈值 `theta` 为 :math:`gamma / d^{3/2}` 。对于linf攻击是 :math:`gamma/d^2` 。默认值:``1.0``。
- **constraint** (str) - 要优化距离的范数。可取值为 ``'l2'`` 或 ``'linf'``。默认值:``'l2'``。
- **batch_size** (int) - 批次大小。默认值:``32``。
- **clip_min** (float, 可选) - 最小图像组件值。默认值:``0``。
- **clip_max** (float, 可选) - 最大图像组件值。默认值:``1``。
- **sparse** (bool) - 如果为 ``True``,则输入标签为稀疏编码。如果为 ``False``,则输入标签为one-hot编码。默认值:``True``。
异常:
- **ValueError** - `stepsize_search` 不为 ``'geometric_progression'`` 或 ``'grid_search'``。
- **ValueError** - `constraint` 不为 ``'l2'`` 或 ``'linf'``。
.. py:method:: generate(inputs, labels)
在for循环中生成对抗图像。
参数:
- **inputs** (numpy.ndarray) - 原始图像。
- **labels** (numpy.ndarray) - 目标标签。
返回:
- **numpy.ndarray** - 每个攻击结果的布尔值。
- **numpy.ndarray** - 生成的对抗样本。
- **numpy.ndarray** - 每个样本的查询次数。
.. py:method:: set_target_images(target_images)
设置目标图像进行目标攻击。
参数:
- **target_images** (numpy.ndarray) - 目标图像。
.. py:class:: mindarmour.adv_robustness.attacks.NES(model, scene, max_queries=10000, top_k=-1, num_class=10, batch_size=128, epsilon=0.3, samples_per_draw=128, momentum=0.9, learning_rate=1e-3, max_lr=5e-2, min_lr=5e-4, sigma=1e-3, plateau_length=20, plateau_drop=2.0, adv_thresh=0.25, zero_iters=10, starting_eps=1.0, starting_delta_eps=0.5, label_only_sigma=1e-3, conservative=2, sparse=True)
该类是自然进化策略(Natural Evolutionary Strategies,NES)攻击法的实现。NES使用自然进化策略来估计梯度,以提高查询效率。NES包括三个设置:Query-Limited设置、Partial-Information置和Label-Only设置。
- 在'query-limit'设置中,攻击对目标模型的查询数量有限,但可以访问所有类的概率。
- 在'partial-info'设置中,攻击仅有权访问top-k类的概率。
- 在'label-only'设置中,攻击只能访问按其预测概率排序的k个推断标签列表。
在Partial-Information设置和Label-Only设置中,NES会进行目标攻击,因此用户需要使用set_target_images方法来设置目标类的目标图像。
参考文献:`Andrew Ilyas, Logan Engstrom, Anish Athalye, and Jessy Lin. Black-box adversarial attacks with limited queries and information. In ICML, July 2018 <https://arxiv.org/abs/1804.08598>`_。
参数:
- **model** (BlackModel) - 要攻击的目标模型。
- **scene** (str) - 确定算法的场景,可选值为:``'Label_Only'``、``'Partial_Info'``、``'Query_Limit'``。
- **max_queries** (int) - 生成对抗样本的最大查询编号。默认值:``10000``。
- **top_k** (int) - 用于'Partial-Info'或'Label-Only'设置,表示攻击者可用的(Top-k)信息数量。对于Query-Limited设置,此输入应设置为 ``-1``。默认值:``-1``。
- **num_class** (int) - 数据集中的类数。默认值:``10``。
- **batch_size** (int) - 批次大小。默认值:``128``。
- **epsilon** (float) - 攻击中允许的最大扰动。默认值:``0.3``。
- **samples_per_draw** (int) - 对偶采样中绘制的样本数。默认值:``128``。
- **momentum** (float) - 动量。默认值:``0.9``。
- **learning_rate** (float) - 学习率。默认值:``1e-3``。
- **max_lr** (float) - 最大学习率。默认值:``5e-2``。
- **min_lr** (float) - 最小学习率。默认值:``5e-4``。
- **sigma** (float) - 随机噪声的步长。默认值:``1e-3``。
- **plateau_length** (int) - 退火算法中使用的平台长度。默认值:``20``。
- **plateau_drop** (float) - 退火算法中使用的平台Drop。默认值:``2.0``。
- **adv_thresh** (float) - 对抗阈值。默认值:``0.25``。
- **zero_iters** (int) - 用于代理分数的点数。默认值:``10``。
- **starting_eps** (float) - Label-Only设置中使用的启动epsilon。默认值:``1.0``。
- **starting_delta_eps** (float) - Label-Only设置中使用的delta epsilon。默认值:``0.5``。
- **label_only_sigma** (float) - Label-Only设置中使用的Sigma。默认值:``1e-3``。
- **conservative** (int) - 用于epsilon衰变的守恒,如果没有收敛,它将增加。默认值:``2``。
- **sparse** (bool) - 如果为 ``True``,则输入标签为稀疏编码。如果为 ``False``,则输入标签为one-hot编码。默认值:``True``。
.. py:method:: generate(inputs, labels)
根据输入数据和目标标签生成对抗样本。
参数:
- **inputs** (numpy.ndarray) - 良性输入样本。
- **labels** (numpy.ndarray) - 目标标签。
返回:
- **numpy.ndarray** - 每个攻击结果的布尔值。
- **numpy.ndarray** - 生成的对抗样本。
- **numpy.ndarray** - 每个样本的查询次数。
异常:
- **ValueError** - 在'Label-Only'或'Partial-Info'设置中 `top_k` 小于0。
- **ValueError** - 在'Label-Only'或'Partial-Info'设置中 `target_imgs` 为 ``None``。
- **ValueError** - `scene` 不为 ``'Label_Only'``、``'Partial_Info'`` 或 ``'Query_Limit'``。
.. py:method:: set_target_images(target_images)
在'Partial-Info'或'Label-Only'设置中设置目标攻击的目标样本。
参数:
- **target_images** (numpy.ndarray) - 目标攻击的目标样本。
.. py:class:: mindarmour.adv_robustness.attacks.PointWiseAttack(model, max_iter=1000, search_iter=10, is_targeted=False, init_attack=None, sparse=True)
点式攻击(Pointwise Attack)确保使用最小数量的更改像素为每个原始样本生成对抗样本。那些更改的像素将使用二进制搜索,以确保对抗样本和原始样本之间的距离尽可能接近。
参考文献:`L. Schott, J. Rauber, M. Bethge, W. Brendel: "Towards the first adversarially robust neural network model on MNIST", ICLR (2019) <https://arxiv.org/abs/1805.09190>`_。
参数:
- **model** (BlackModel) - 目标模型。
- **max_iter** (int) - 生成对抗图像的最大迭代轮数。默认值:``1000``。
- **search_iter** (int) - 二进制搜索的最大轮数。默认值:``10``。
- **is_targeted** (bool) - 如果为 ``True``,则为目标攻击。如果为 ``False``,则为无目标攻击。默认值:``False``。
- **init_attack** (Union[Attack, None]) - 用于查找起点的攻击。默认值:``None``。
- **sparse** (bool) - 如果为 ``True``,则输入标签为稀疏编码。如果为 ``False``,则输入标签为one-hot编码。默认值:``True``。
.. py:method:: generate(inputs, labels)
根据输入样本和目标标签生成对抗样本。
参数:
- **inputs** (numpy.ndarray) - 良性输入样本,用于创建对抗样本。
- **labels** (numpy.ndarray) - 对于有目标的攻击,标签是对抗性的目标标签。对于无目标攻击,标签是ground-truth标签。
返回:
- **numpy.ndarray** - 每个攻击结果的布尔值。
- **numpy.ndarray** - 生成的对抗样本。
- **numpy.ndarray** - 每个样本的查询次数。
.. py:class:: mindarmour.adv_robustness.attacks.PSOAttack(model, model_type='classification', targeted=False, reserve_ratio=0.3, sparse=True, step_size=0.5, per_bounds=0.6, c1=2.0, c2=2.0, c=2.0, pop_size=6, t_max=1000, pm=0.5, bounds=None)
PSO攻击表示基于粒子群优化(Particle Swarm Optimization)算法的黑盒攻击,属于进化算法。
此攻击由Rayan Mosli等人(2019)提出。
参考文献:`Rayan Mosli, Matthew Wright, Bo Yuan, Yin Pan, "They Might NOT Be Giants: Crafting Black-Box Adversarial Examples with Fewer Queries Using Particle Swarm Optimization", arxiv: 1909.07490, 2019. <https://arxiv.org/abs/1909.07490>`_。
参数:
- **model** (BlackModel) - 目标模型。
- **step_size** (Union[int, float]) - 攻击步长。默认值:``0.5``。
- **per_bounds** (Union[int, float]) - 扰动的相对变化范围。默认值:``0.6``。
- **c1** (Union[int, float]) - 权重系数。默认值:``2``。
- **c2** (Union[int, float]) - 权重系数。默认值:``2``。
- **c** (Union[int, float]) - 扰动损失的权重。默认值:``2``。
- **pop_size** (int) - 粒子的数量,应大于零。默认值:``6``。
- **t_max** (int) - 每个对抗样本的最大迭代轮数,应大于零。默认值:``1000``。
- **pm** (Union[int, float]) - 突变的概率,应在(0,1)的范围内。默认值:``0.5``。
- **bounds** (Union[list, tuple, None]) - 数据的上下界。以(数据最小值,数据最大值)的形式出现。默认值:``None``。
- **targeted** (bool) - 如果为 ``True``,则为目标攻击。如果为 ``False``,则为无目标攻击。 `model_type` 为 ``'detection'`` 时仅支持无目标攻击,默认值:``False``。
- **sparse** (bool) - 如果为 ``True``,则输入标签为稀疏编码。如果为 ``False``,则输入标签为one-hot编码。默认值:``True``。
- **model_type** (str) - 目标模型的类型。现在支持 ``'classification'`` 和 ``'detection'``。默认值: ``'classification'``。
- **reserve_ratio** (Union[int, float]) - 攻击后可检测到的对象百分比,用于 `model_type` 为 ``'detection'`` 模式的情况。保留比率应在(0, 1)的范围内。默认值:``0.3``。
.. py:method:: generate(inputs, labels)
根据输入数据和目标标签(或ground_truth标签)生成对抗样本。
参数:
- **inputs** (Union[numpy.ndarray, tuple]) - 输入样本。
- 如果 `model_type` = ``'classification'``,则输入的格式应为numpy.ndarray。输入的格式可以是(input1, input2, ...)。
- 如果 `model_type` = ``'detection'``,则只能是一个数组。
- **labels** (Union[numpy.ndarray, tuple]) - 目标标签或ground-truth标签。
- 如果 `model_type` = ``'classification'``,标签的格式应为numpy.ndarray。
- 如果 `model_type` = ``'detection'``,标签的格式应为(gt_boxes, gt_labels)。
返回:
- **numpy.ndarray** - 每个攻击结果的布尔值。
- **numpy.ndarray** - 生成的对抗样本。
- **numpy.ndarray** - 每个样本的查询次数。
.. py:class:: mindarmour.adv_robustness.attacks.SaltAndPepperNoiseAttack(model, bounds=(0.0, 1.0), max_iter=100, is_targeted=False, sparse=True)
增加椒盐噪声的量以生成对抗样本。
参数:
- **model** (BlackModel) - 目标模型。
- **bounds** (tuple) - 数据的上下界。以(数据最小值,数据最大值)的形式出现。默认值:``(0.0, 1.0)``。
- **max_iter** (int) - 生成对抗样本的最大迭代。默认值:``100``。
- **is_targeted** (bool) - 如果为 ``True``,则为目标攻击。如果为 ``False``,则为无目标攻击。默认值:``False``。
- **sparse** (bool) - 如果为 ``True``,则输入标签为稀疏编码。如果为 ``False``,则输入标签为one-hot编码。默认值:``True``。
.. py:method:: generate(inputs, labels)
根据输入数据和目标标签生成对抗样本。
参数:
- **inputs** (numpy.ndarray) - 原始的、未受扰动的输入。
- **labels** (numpy.ndarray) - 目标标签。
返回:
- **numpy.ndarray** - 每个攻击结果的布尔值。
- **numpy.ndarray** - 生成的对抗样本。
- **numpy.ndarray** - 每个样本的查询次数。
.. py:class:: mindarmour.adv_robustness.attacks.VarianceTuningMomentumIterativeMethod(network, eps=0.3, eps_iter=0.1, bounds=(0.0, 1.0), is_targeted=False, nb_iter=5, decay_factor=1.0, nb_neighbor=5, neighbor_beta=3 / 2, norm_level='inf', loss_fn=None)
VMI-FGSM算法是一种基于梯度的迭代式对抗攻击方法,通过引入方差调整机制,利用当前数据点在优化路径上的梯度方差来调整当前梯度,从而提高攻击的迁移性。
实验结果表明,在对抗训练模型上,相比于MI-FGSM算法,VMI-FGSM算法可以将攻击传递性提高超过25%。
参考文献: `X Wang, H Kun, "Enhancing the Transferability of Adversarial Attacks through Variance Tuning" in CVPR, 2021 <https://arxiv.org/abs/2103.15571>`_。
参数:
- **network** (Cell) - 目标模型。
- **eps** (float) - 攻击产生的对抗性扰动占数据范围的比例。默认值:``0.3``。
- **eps_iter** (float) - 攻击产生的单步对抗扰动占数据范围的比例。默认值:``0.1``。
- **bounds** (tuple) - 数据的上下界,表示数据范围。
以(数据最小值,数据最大值)的形式出现。默认值:``(0.0, 1.0)``。
- **is_targeted** (bool) - 如果为 ``True``,则为目标攻击。如果为 ``False``,则为无目标攻击。默认值:``False``。
- **nb_iter** (int) - 迭代次数。默认值:``5``。
- **decay_factor** (float) - 迭代中的衰变因子。默认值:``1.0``。
- **nb_neighbor** (int) - 攻击算法在数据样本领域内采样的样本数量。默认值:``5``。
- **neighbor_beta** (float) - 领域的半径上限。默认值: ``3/2``。
- **norm_level** (Union[int, str, numpy.inf]) - 范数类型。
可取值:``numpy.inf``、``1``、``2``、``'1'``、``'2'``、``'l1'``、``'l2'``、``'np.inf'``、``'inf'``、``'linf'``。默认值:``inf``。
- **loss_fn** (Union[Loss, None]) - 用于优化的损失函数。如果为 ``None``,则输入网络已配备损失函数。默认值:``None``。
.. py:method:: generate(inputs, labels)
根据输入数据和原始/目标标签生成对抗样本。
参数:
- **inputs** (Union[numpy.ndarray, tuple]) - 良性输入样本,用于创建对抗样本。
- **labels** (Union[numpy.ndarray, tuple]) - 原始/目标标签。若每个输入有多个标签,将它包装在元组中。
返回:
- **numpy.ndarray** - 生成的对抗样本。
.. py:class:: mindarmour.adv_robustness.attacks.VarianceTuningNesterovIterativeMethod(network, eps=8/255, eps_iter=2/255, bounds=(0.0, 1.0), is_targeted=False, nb_iter=10, decay_factor=1.0, nb_neighbor=5, neighbor_beta=3/2, norm_level='inf', loss_fn=None)
VNI-FGSM算法是一种基于梯度的迭代式对抗攻击方法,与VMI-FGSM相比,VNI-FGSM在每次迭代时不仅使用当前梯度,还使用了之前所有迭代的平均梯度,
从而增加了攻击的稳定性和鲁棒性。实验结果表明可以将攻击迁移性提高超过30%,相比于VMI-FGSM算法,VNI-FGSM算法在对抗训练模型上具有更高的攻击成功率。
参考文献: `X Wang, H Kun, "Enhancing the Transferability of Adversarial Attacks through Variance Tuning" in CVPR, 2021 <https://arxiv.org/abs/2103.15571>`_。
参数:
- **network** (Cell) - 目标模型。
- **eps** (float) - 攻击产生的对抗性扰动最大占数据范围的比例。默认值: ``8/255`` 。
- **eps_iter** (float) - 攻击产生的单步对抗扰动占数据范围的比例。默认值:``2/255``。
- **bounds** (tuple) - 数据的上下界,表示数据范围。
以(数据最小值,数据最大值)的形式出现。默认值:``(0.0, 1.0)``。
- **is_targeted** (bool) - 如果为 ``True``,则为目标攻击。如果为 ``False``,则为无目标攻击。默认值:``False``。
- **nb_iter** (int) - 迭代次数。默认值:``10``。
- **decay_factor** (float) - 迭代中的衰变因子。默认值:``1.0``。
- **nb_neighbor** (int) - 攻击算法在数据样本领域内采样的样本数量。默认值:``5``。
- **neighbor_beta** (float) - 领域的半径上限。默认值: ``3/2``。
- **norm_level** (Union[int, str, numpy.inf]) - 范数类型。
可取值:``numpy.inf``、``1``、``2``、``'1'``、``'2'``、``'l1'``、``'l2'``、``'np.inf'``、``'inf'``、``'linf'``。默认值:``inf``。
- **loss_fn** (Union[Loss, None]) - 用于优化的损失函数。如果为 ``None``,则输入网络已配备损失函数。默认值:``None``。
.. py:method:: generate(inputs, labels)
根据输入数据和原始/目标标签生成对抗样本。
参数:
- **inputs** (Union[numpy.ndarray, tuple]) - 良性输入样本,用于创建对抗样本。
- **labels** (Union[numpy.ndarray, tuple]) - 原始/目标标签。若每个输入有多个标签,将它包装在元组中。
返回:
- **numpy.ndarray** - 生成的对抗样本。
================================================
FILE: docs/api/api_python/mindarmour.adv_robustness.defenses.rst
================================================
mindarmour.adv_robustness.defenses
==================================
该模块包括经典的防御算法,用于防御对抗样本,增强模型的安全性和可信性。
.. py:class:: mindarmour.adv_robustness.defenses.AdversarialDefense(network, loss_fn=None, optimizer=None)
使用给定的对抗样本进行对抗训练。
参数:
- **network** (Cell) - 要防御的MindSpore网络。
- **loss_fn** (Union[Loss, None]) - 损失函数。默认值:``None``。
- **optimizer** (Cell) - 用于训练网络的优化器。默认值:``None``。
.. py:method:: defense(inputs, labels)
通过使用输入样本进行训练来增强模型。
参数:
- **inputs** (numpy.ndarray) - 输入样本。
- **labels** (numpy.ndarray) - 输入样本的标签。
返回:
- **numpy.ndarray** - 防御操作的损失。
.. py:class:: mindarmour.adv_robustness.defenses.AdversarialDefenseWithAttacks(network, attacks, loss_fn=None, optimizer=None, bounds=(0.0, 1.0), replace_ratio=0.5)
利用特定的攻击方法和给定的对抗例子进行对抗训练,以增强模型的鲁棒性。
参数:
- **network** (Cell) - 要防御的MindSpore网络。
- **attacks** (list[Attack]) - 攻击方法序列。
- **loss_fn** (Union[Loss, None]) - 损失函数。默认值:``None``。
- **optimizer** (Cell) - 用于训练网络的优化器。默认值:``None``。
- **bounds** (tuple) - 数据的上下界。以(clip_min, clip_max)的形式出现。默认值:``(0.0, 1.0)``。
- **replace_ratio** (float) - 用对抗样本替换原始样本的比率,必须在0到1之间。默认值:``0.5``。
异常:
- **ValueError** - `replace_ratio` 不在0和1之间。
.. py:method:: defense(inputs, labels)
通过使用从输入样本生成的对抗样本进行训练来增强模型。
参数:
- **inputs** (numpy.ndarray) - 输入样本。
- **labels** (numpy.ndarray) - 输入样本的标签。
返回:
- **numpy.ndarray** - 对抗性防御操作的损失。
.. py:class:: mindarmour.adv_robustness.defenses.NaturalAdversarialDefense(network, loss_fn=None, optimizer=None, bounds=(0.0, 1.0), replace_ratio=0.5, eps=0.1)
基于FGSM的对抗性训练。
参考文献:`A. Kurakin, et al., "Adversarial machine learning at scale," in ICLR, 2017 <https://arxiv.org/abs/1611.01236>`_。
参数:
- **network** (Cell) - 要防御的MindSpore网络。
- **loss_fn** (Union[Loss, None]) - 损失函数。默认值:``None``。
- **optimizer** (Cell) - 用于训练网络的优化器。默认值:``None``。
- **bounds** (tuple) - 数据的上下界。以(clip_min, clip_max)的形式出现。默认值:``(0.0, 1.0)``。
- **replace_ratio** (float) - 用对抗样本替换原始样本的比率。默认值:``0.5``。
- **eps** (float) - 攻击方法(FGSM)的步长。默认值:``0.1``。
.. py:class:: mindarmour.adv_robustness.defenses.ProjectedAdversarialDefense(network, loss_fn=None, optimizer=None, bounds=(0.0, 1.0), replace_ratio=0.5, eps=0.3, eps_iter=0.1, nb_iter=5, norm_level='inf')
基于PGD的对抗性训练。
参考文献:`A. Madry, et al., "Towards deep learning models resistant to adversarial attacks," in ICLR, 2018 <https://arxiv.org/abs/1611.01236>`_。
参数:
- **network** (Cell) - 要防御的MindSpore网络。
- **loss_fn** (Union[Loss, None]) - 损失函数。默认值:``None``。
- **optimizer** (Cell) - 用于训练网络的优化器。默认值:``None``。
- **bounds** (tuple) - 输入数据的上下界。以(clip_min, clip_max)的形式出现。默认值:``(0.0, 1.0)``。
- **replace_ratio** (float) - 用对抗样本替换原始样本的比率。默认值:``0.5``。
- **eps** (float) - PGD攻击参数epsilon。默认值:``0.3``。
- **eps_iter** (int) - PGD攻击参数,内环epsilon。默认值:``0.1``。
- **nb_iter** (int) - PGD攻击参数,迭代次数。默认值:``5``。
- **norm_level** (Union[int, char, numpy.inf]) - 范数类型。可选值:``1``、``2``、``np.inf``、``'l1'``、``'l2'``、``'np.inf'`` 或 ``'inf'``。默认值:``'inf'``。
.. py:class:: mindarmour.adv_robustness.defenses.EnsembleAdversarialDefense(network, attacks, loss_fn=None, optimizer=None, bounds=(0.0, 1.0), replace_ratio=0.5)
使用特定攻击方法列表和给定的对抗样本进行对抗训练,以增强模型的鲁棒性。
参数:
- **network** (Cell) - 要防御的MindSpore网络。
- **attacks** (list[Attack]) - 攻击方法序列。
- **loss_fn** (Union[Loss, None]) - 损失函数。默认值:``None``。
- **optimizer** (Cell) - 用于训练网络的优化器。默认值:``None``。
- **bounds** (tuple) - 数据的上下界。以(clip_min, clip_max)的形式出现。默认值:``(0.0, 1.0)``。
- **replace_ratio** (float) - 用对抗样本替换原始样本的比率,必须在0到1之间。默认值:``0.5``。
异常:
- **ValueError** - `replace_ratio` 不在0和1之间。
================================================
FILE: docs/api/api_python/mindarmour.adv_robustness.detectors.rst
================================================
mindarmour.adv_robustness.detectors
===================================
此模块是用于区分对抗样本和良性样本的检测器方法。
.. py:class:: mindarmour.adv_robustness.detectors.ErrorBasedDetector(auto_encoder, false_positive_rate=0.01, bounds=(0.0, 1.0))
检测器重建输入样本,测量重建误差,并拒绝重建误差大的样本。
参考文献: `MagNet: a Two-Pronged Defense against Adversarial Examples, by Dongyu Meng and Hao Chen, at CCS 2017. <https://arxiv.org/abs/1705.09064>`_。
参数:
- **auto_encoder** (Model) - 一个(训练过的)自动编码器,对输入图片进行重构。
- **false_positive_rate** (float) - 检测器的误报率。默认值:``0.01``。
- **bounds** (tuple) - (clip_min, clip_max)。默认值:``(0.0, 1.0)``。
.. py:method:: detect(inputs)
检测输入样本是否具有对抗性。
参数:
- **inputs** (numpy.ndarray) - 待判断的可疑样本。
返回:
- **list[int]** - 样本是否具有对抗性。如果res[i]=1,则索引为i的输入样本是对抗性的。
.. py:method:: detect_diff(inputs)
检测原始样本和重建样本之间的距离。
参数:
- **inputs** (numpy.ndarray) - 输入样本。
返回:
- **float** - 重建样本和原始样本之间的距离。
.. py:method:: fit(inputs, labels=None)
查找给定数据集的阈值,以区分对抗样本。
参数:
- **inputs** (numpy.ndarray) - 输入样本。
- **labels** (numpy.ndarray) - 输入样本的标签。默认值:``None``。
返回:
- **float** - 区分对抗样本和良性样本的阈值。
.. py:method:: set_threshold(threshold)
设置阈值。
参数:
- **threshold** (float) - 检测阈值。
.. py:method:: transform(inputs)
重建输入样本。
参数:
- **inputs** (numpy.ndarray) - 输入样本。
返回:
- **numpy.ndarray** - 重建图像。
.. py:class:: mindarmour.adv_robustness.detectors.DivergenceBasedDetector(auto_encoder, model, option='jsd', t=1, bounds=(0.0, 1.0))
基于发散的检测器学习通过js发散来区分正常样本和对抗样本。
参考文献: `MagNet: a Two-Pronged Defense against Adversarial Examples, by Dongyu Meng and Hao Chen, at CCS 2017. <https://arxiv.org/abs/1705.09064>`_。
参数:
- **auto_encoder** (Model) - 编码器模型。
- **model** (Model) - 目标模型。
- **option** (str) - 用于计算发散的方法。默认值:``'jsd'``。
- **t** (int) - 用于克服数值问题的温度。默认值:``1``。
- **bounds** (tuple) - 数据的上下界。以(clip_min, clip_max)的形式出现。默认值:``(0.0, 1.0)``。
.. py:method:: detect_diff(inputs)
检测原始样本和重建样本之间的距离。
距离由JSD计算。
参数:
- **inputs** (numpy.ndarray) - 输入样本。
返回:
- **float** - 距离。
异常:
- **NotImplementedError** - 不支持参数 `option` 。
.. py:class:: mindarmour.adv_robustness.detectors.RegionBasedDetector(model, number_points=10, initial_radius=0.0, max_radius=1.0, search_step=0.01, degrade_limit=0.0, sparse=False)
基于区域的检测器利用对抗样本靠近分类边界的事实,并通过集成给定示例周围的信息,以检测输入是否为对抗样本。
参考文献: `Mitigating evasion attacks to deep neural networks via region-based classification <https://arxiv.org/abs/1709.05583>`_。
参数:
- **model** (Model) - 目标模型。
- **number_points** (int) - 从原始样本的超立方体生成的样本数。默认值:``10``。
- **initial_radius** (float) - 超立方体的初始半径。默认值:``0.0``。
- **max_radius** (float) - 超立方体的最大半径。默认值:``1.0``。
- **search_step** (float) - 半径搜索增量。默认值:``0.01``。
- **degrade_limit** (float) - 分类精度的可接受下降。默认值:``0.0``。
- **sparse** (bool) - 如果为 ``True``,则输入标签为稀疏编码。如果为 ``False``,则输入标签为onehot编码。默认值:``False``。
.. py:method:: detect(inputs)
判断输入样本是否具有对抗性。
参数:
- **inputs** (numpy.ndarray) - 待判断的可疑样本。
返回:
- **list[int]** - 样本是否具有对抗性。如果res[i]=1,则索引为i的输入样本是对抗性的。
.. py:method:: detect_diff(inputs)
返回原始预测结果和基于区域的预测结果。
参数:
- **inputs** (numpy.ndarray) - 输入样本。
返回:
- **numpy.ndarray** - 输入样本的原始预测结果和基于区域的预测结果。
.. py:method:: fit(inputs, labels=None)
训练检测器来决定最佳半径。
参数:
- **inputs** (numpy.ndarray) - 良性样本。
- **labels** (numpy.ndarray) - 输入样本的ground truth标签。默认值:``None``。
返回:
- **float** - 最佳半径。
.. py:method:: set_radius(radius)
设置半径。
参数:
- **radius** (float) - 区域的半径。
.. py:method:: transform(inputs)
为输入样本生成超级立方体。
参数:
- **inputs** (numpy.ndarray) - 输入样本。
返回:
- **numpy.ndarray** - 每个样本对应的超立方体。
.. py:class:: mindarmour.adv_robustness.detectors.SpatialSmoothing(model, ksize=3, is_local_smooth=True, metric='l1', false_positive_ratio=0.05)
基于空间平滑的检测方法。
使用高斯滤波、中值滤波和均值滤波,模糊原始图像。当模型在样本模糊前后的预测值之间有很大的阈值差异时,将其判断为对抗样本。
参数:
- **model** (Model) - 目标模型。
- **ksize** (int) - 平滑窗口大小。默认值:``3``。
- **is_local_smooth** (bool) - 如果为 ``True``,则触发局部平滑。如果为 ``False``,则无局部平滑。默认值:``True``。
- **metric** (str) - 距离方法。默认值:``'l1'``。
- **false_positive_ratio** (float) - 良性样本上的假正率。默认值:``0.05``。
.. py:method:: detect(inputs)
检测输入样本是否为对抗样本。
参数:
- **inputs** (numpy.ndarray) - 待判断的可疑样本。
返回:
- **list[int]** - 样本是否具有对抗性。如果res[i]=1,则索引为i的输入样本是对抗样本。
.. py:method:: detect_diff(inputs)
返回输入样本与其平滑对应样本之间的原始距离值(在应用阈值之前)。
参数:
- **inputs** (numpy.ndarray) - 待判断的可疑样本。
返回:
- **float** - 距离。
.. py:method:: fit(inputs, labels=None)
训练检测器来决定阈值。适当的阈值能够确保良性样本上的实际假正率小于给定值。
参数:
- **inputs** (numpy.ndarray) - 良性样本。
- **labels** (numpy.ndarray) - 默认 ``None``。
返回:
- **float** - 阈值,大于该距离的距离报告为正,即对抗性。
.. py:method:: set_threshold(threshold)
设置阈值。
参数:
- **threshold** (float) - 检测阈值。
.. py:class:: mindarmour.adv_robustness.detectors.EnsembleDetector(detectors, policy='vote')
集合检测器,通过检测器列表从输入样本中检测对抗样本。
参数:
- **detectors** (Union[tuple, list]) - 检测器方法列表。
- **policy** (str) - 决策策略,取值可为 ``'vote'``、``'all'``、``'any'``。默认值:``'vote'``。
.. py:method:: detect(inputs)
从输入样本中检测对抗性示例。
参数:
- **inputs** (numpy.ndarray) - 输入样本。
返回:
- **list[int]** - 样本是否具有对抗性。如果res[i]=1,则索引为i的输入样本是对抗样本。
异常:
- **ValueError** - 不支持策略。
.. py:method:: detect_diff(inputs)
此方法在此类中不可用。
参数:
- **inputs** (Union[numpy.ndarray, list, tuple]) - 用于创建对抗样本。
异常:
- **NotImplementedError** - 此函数在集成中不可用。
.. py:method:: fit(inputs, labels=None)
像机器学习模型一样拟合检测器。此方法在此类中不可用。
参数:
- **inputs** (numpy.ndarray) - 计算阈值的数据。
- **labels** (numpy.ndarray) - 数据的标签。默认值:``None``。
异常:
- **NotImplementedError** - 此函数在集成中不可用。
.. py:method:: transform(inputs)
过滤输入样本中的对抗性噪声。
此方法在此类中不可用。
参数:
- **inputs** (Union[numpy.ndarray, list, tuple]) - 用于创建对抗样本。
异常:
- **NotImplementedError** - 此函数在集成中不可用。
.. py:class:: mindarmour.adv_robustness.detectors.SimilarityDetector(trans_model, max_k_neighbor=1000, chunk_size=1000, max_buffer_size=10000, tuning=False, fpr=0.001)
检测器测量相邻查询之间的相似性,并拒绝与以前的查询非常相似的查询。
参考文献: `Stateful Detection of Black-Box Adversarial Attacks by Steven Chen, Nicholas Carlini, and David Wagner. at arxiv 2019 <https://arxiv.org/abs/1907.05587>`_。
参数:
- **trans_model** (Model) - 一个MindSpore模型,将输入数据编码为低维向量。
- **max_k_neighbor** (int) - 最近邻的最大数量。默认值:``1000``。
- **chunk_size** (int) - 缓冲区大小。默认值:``1000``。
- **max_buffer_size** (int) - 最大缓冲区大小。默认值:``10000``。
- **tuning** (bool) - 计算k个最近邻的平均距离。
- 如果'tuning'为 ``True``,k= `max_k_neighbor` 。
- 如果为 ``False``,k=1,..., `max_k_neighbor` 。默认值:``False``。
- **fpr** (float) - 合法查询序列上的误报率。默认值:``0.001``。
.. py:method:: clear_buffer()
清除缓冲区内存。
.. py:method:: detect(inputs)
处理查询以检测黑盒攻击。
参数:
- **inputs** (numpy.ndarray) - 查询序列。
异常:
- **ValueError** - 阈值或set_threshold方法中 `num_of_neighbors` 参数不可用。
.. py:method:: detect_diff(inputs)
从输入样本中检测对抗样本,如常见机器学习模型中的predict_proba函数。
参数:
- **inputs** (Union[numpy.ndarray, list, tuple]) - 用于创建对抗样本。
异常:
- **NotImplementedError** - 此函数在 `SimilarityDetector` 类(class)中不可用。
.. py:method:: fit(inputs, labels=None)
处理输入训练数据以计算阈值。
适当的阈值应确保假正率低于给定值。
参数:
- **inputs** (numpy.ndarray) - 用于计算阈值的训练数据。
- **labels** (numpy.ndarray) - 训练数据的标签。
返回:
- **list[int]** - 最近邻的数量。
- **list[float]** - 不同k的阈值。
异常:
- **ValueError** - 训练数据个数小于 `max_k_neighbor`。
.. py:method:: get_detected_queries()
获取检测到的查询的索引。
返回:
- **list[int]** - 检测到的恶意查询的序列号。
.. py:method:: get_detection_interval()
获取相邻检测之间的间隔。
返回:
- **list[int]** - 相邻检测之间的查询数。
.. py:method:: set_threshold(num_of_neighbors, threshold)
设置参数num_of_neighbors和threshold。
参数:
- **num_of_neighbors** (int) - 最近邻的数量。
- **threshold** (float) - 检测阈值。
.. py:method:: transform(inputs)
过滤输入样本中的对抗性噪声。
参数:
- **inputs** (Union[numpy.ndarray, list, tuple]) - 用于创建对抗样本。
异常:
- **NotImplementedError** - 此函数在 `SimilarityDetector` 类(class)中不可用。
================================================
FILE: docs/api/api_python/mindarmour.adv_robustness.evaluations.rst
================================================
mindarmour.adv_robustness.evaluations
=====================================
此模块包括各种指标,用于评估攻击或防御的结果。
.. py:class:: mindarmour.adv_robustness.evaluations.AttackEvaluate(inputs, labels, adv_inputs, adv_preds, targeted=False, target_label=None)
攻击方法的评估指标。
参数:
- **inputs** (numpy.ndarray) - 原始样本。
- **labels** (numpy.ndarray) - 原始样本的one-hot格式标签。
- **adv_inputs** (numpy.ndarray) - 从原始样本生成的对抗样本。
- **adv_preds** (numpy.ndarray) - 对对抗样本的对所有标签的预测概率。
- **targeted** (bool) - 如果为 ``True``,则为目标攻击。如果为 ``False``,则为无目标攻击。默认值:``False``。
- **target_label** (numpy.ndarray) - 对抗样本的目标标签,是大小为adv_inputs.shape[0]的一维。默认值:``None``。
异常:
- **ValueError** - 如果 `targeted` 为 ``True`` 时, `target_label` 为 ``None``。
.. py:method:: avg_conf_adv_class()
计算对抗类的平均置信度(ACAC)。
返回:
- **float** - 范围在(0,1)之间。值越高,攻击就越成功。
.. py:method:: avg_conf_true_class()
计算真类的平均置信度(ACTC)。
返回:
- **float** - 范围在(0,1)之间。值越低,攻击就越成功。
.. py:method:: avg_lp_distance()
计算平均lp距离(lp-dist)。
返回:
- **float** - 返回所有成功对抗样本的平均'l0'、'l2'或'linf'距离,返回值包括以下情况:
- 如果返回值 :math:`>=` 0,则为平均lp距离。值越低,攻击就越成功。
- 如果返回值为-1,则没有成功的对抗样本。
.. py:method:: avg_ssim()
计算平均结构相似性(ASS)。
返回:
- **float** - 平均结构相似性。
- 如果返回值在(0,1)之间,则值越高,攻击越成功。
- 如果返回值为-1,则没有成功的对抗样本。
.. py:method:: mis_classification_rate()
计算错误分类率(MR)。
返回:
- **float** - 范围在(0,1)之间。值越高,攻击就越成功。
.. py:method:: nte()
计算噪声容量估计(NTE)。
参考文献:`Towards Imperceptible and Robust Adversarial Example Attacks against Neural Networks <https://arxiv.org/abs/1801.04693>`_。
返回:
- **float** - 范围在(0,1)之间。值越高,攻击就越成功。
.. py:class:: mindarmour.adv_robustness.evaluations.BlackDefenseEvaluate(raw_preds, def_preds, raw_query_counts, def_query_counts, raw_query_time, def_query_time, def_detection_counts, true_labels, max_queries)
反黑盒防御方法的评估指标。
参数:
- **raw_preds** (numpy.ndarray) - 原始模型上特定样本的预测结果。
- **def_preds** (numpy.ndarray) - 原始防御模型上特定样本的预测结果。
- **raw_query_counts** (numpy.ndarray) - 在原始模型上生成对抗样本的查询数,原始模型是大小是与raw_preds.shape[0]的第一纬度相同。对于良性样本,查询计数必须设置为 ``0``。
- **def_query_counts** (numpy.ndarray) - 在防御模型上生成对抗样本的查询数,原始模型是大小是与raw_preds.shape[0]的第一纬度相同。对于良性样本,查询计数必须设置为 ``0``。
- **raw_query_time** (numpy.ndarray) - 在原始模型上生成对抗样本的总持续时间,该样本是大小是与raw_preds.shape[0]的第一纬度。
- **def_query_time** (numpy.ndarray) - 在防御模型上生成对抗样本的总持续时间,该样本是大小是与raw_preds.shape[0]的第一纬度。
- **def_detection_counts** (numpy.ndarray) - 每次对抗样本生成期间检测到的查询总数,大小是与raw_preds.shape[0]的第一纬度。对于良性样本,如果查询被识别为可疑,则将 `def_detection_counts` 设置为 ``1``,否则将其设置为 ``0``。
- **true_labels** (numpy.ndarray) - 大小是与raw_preds.shape[0]的第一纬度真标签。
- **max_queries** (int) - 攻击预算,最大查询数。
.. py:method:: asv()
计算攻击成功率方差(ASV)。
返回:
- **float** - 值越低,防守就越强。如果num_adv_samples=0,则返回-1。
.. py:method:: fpr()
计算基于查询的检测器的假正率(FPR)。
返回:
- **float** - 值越低,防御的可用性越高。如果num_adv_samples=0,则返回-1。
.. py:method:: qcv()
计算查询计数方差(QCV)。
返回:
- **float** - 值越高,防守就越强。如果num_adv_samples=0,则返回-1。
.. py:method:: qrv()
计算良性查询响应时间方差(QRV)。
返回:
- **float** - 值越低,防御的可用性越高。如果num_adv_samples=0,则返回-1。
.. py:class:: mindarmour.adv_robustness.evaluations.DefenseEvaluate(raw_preds, def_preds, true_labels)
防御方法的评估指标。
参数:
- **raw_preds** (numpy.ndarray) - 原始模型上某些样本的预测结果。
- **def_preds** (numpy.ndarray) - 防御模型上某些样本的预测结果。
- **true_labels** (numpy.ndarray) - 样本的ground-truth标签,一个大小为ground-truth的一维数组。
.. py:method:: cav()
计算分类精度方差(CAV)。
返回:
- **float** - 值越高,防守就越成功。
.. py:method:: ccv()
计算分类置信度方差(CCV)。
返回:
- **float** - 值越低,防守就越成功。如果返回值== -1,则说明样本数量为0。
.. py:method:: cos()
参考文献:`Calculate classification output stability (COS) <https://en.wikipedia.org/wiki/Jensen%E2%80%93Shannon_divergence>`_。
返回:
- **float** - 如果返回值>=0,则是有效的防御。值越低,防守越成功。如果返回值== -1, 则说明样本数量为0。
.. py:method:: crr()
计算分类校正率(CRR)。
返回:
- **float** - 值越高,防守就越成功。
.. py:method:: csr()
计算分类牺牲比(CSR),越低越好。
返回:
- **float** - 值越低,防守就越成功。
.. py:class:: mindarmour.adv_robustness.evaluations.NeuronMetric(model, inputs, adv_inputs, hook_names)
神经元敏感度,通过计算神经元在输入正常样本和对抗样本时的激活值变化,来衡量神经元的敏感度。
参数:
- **model** (mindspore.nn.Cell) - 待测量神经元敏感度的模型本身。
- **inputs** (mindspore.Tensor) - 所使用数据的原始样本。
- **adv_inputs** (mindspore.Tensor) - 所使用数据的对抗样本,需要和原始样本一一对应。
- **hook_names** (List[str]) - 所需要计算神经元敏感度的层的名字。
异常:
- **ValueError** - 模型中间层输出的shape维度数目小于等于1。
.. py:method:: neuron_sensitivity()
计算并返回神经元敏感度。
返回:
- **nsense** - 神经元敏感度的字典,包含每个层的名字和层的神经元对应的神经元敏感度。
.. py:class:: mindarmour.adv_robustness.evaluations.RadarMetric(metrics_name, metrics_data, labels, title, scale='hide')
雷达图,通过多个指标显示模型的鲁棒性。
参数:
- **metrics_name** (Union[tuple, list]) - 要显示的度量名称数组。每组值对应一条雷达曲线。
- **metrics_data** (numpy.ndarray) - 多个雷达曲线的每个度量的(归一化)值,如[[0.5, 0.8, ...], [0.2,0.6,...], ...]。
- **labels** (Union[tuple, list]) - 所有雷达曲线的图例。
- **title** (str) - 图表的标题。
- **scale** (str) - 用于调整轴刻度的标量,如 ``'hide'``、``'norm'``、``'sparse'``、``'dense'``。默认值:``'hide'``。
异常:
- **ValueError** - `scale` 值不为 ``'hide'``、``'norm'``、``'sparse'``、``'dense'``。
.. py:method:: show()
显示雷达图。
================================================
FILE: docs/api/api_python/mindarmour.fuzz_testing.rst
================================================
mindarmour.fuzz_testing
=======================
该模块提供了一种基于神经元覆盖率增益的模糊测试方法来评估给定模型的鲁棒性。
.. py:class:: mindarmour.fuzz_testing.Fuzzer(target_model)
深度神经网络的模糊测试框架。
参考文献:`DeepHunter: A Coverage-Guided Fuzz Testing Framework for Deep Neural Networks <https://dl.acm.org/doi/10.1145/3293882.3330579>`_。
参数:
- **target_model** (Model) - 目标模糊模型。
.. py:method:: fuzzing(mutate_config, initial_seeds, coverage, evaluate=True, max_iters=10000, mutate_num_per_seed=20)
深度神经网络的模糊测试。
参数:
- **mutate_config** (list) - 变异方法配置。格式为:
.. code-block:: python
mutate_config = [
{'method': 'GaussianBlur',
'params': {'ksize': [1, 2, 3, 5], 'auto_param': [True, False]}},
{'method': 'UniformNoise',
'params': {'factor': [0.1, 0.2, 0.3], 'auto_param': [False, True]}},
{'method': 'GaussianNoise',
'params': {'factor': [0.1, 0.2, 0.3], 'auto_param': [False, True]}},
{'method': 'Contrast',
'params': {'alpha': [0.5, 1, 1.5], 'beta': [-10, 0, 10], 'auto_param': [False, True]}},
{'method': 'Rotate',
'params': {'angle': [20, 90], 'auto_param': [False, True]}},
{'method': 'FGSM',
'params': {'eps': [0.3, 0.2, 0.4], 'alpha': [0.1], 'bounds': [(0, 1)]}}
...]
- 支持的方法在列表 `self._strategies` 中,每个方法的参数必须在可选参数的范围内。支持的方法分为两种类型:
- 首先,自然鲁棒性方法包括:'Translate'、'Scale'、'Shear'、'Rotate'、'Perspective'、'Curve'、'GaussianBlur'、'MotionBlur'、'GradientBlur'、'Contrast'、'GradientLuminance'、'UniformNoise'、'GaussianNoise'、'SaltAndPepperNoise'、'NaturalNoise'。
- 其次,对抗样本攻击方式包括:'FGSM'、'PGD'和'MDIM'。'FGSM'、'PGD'和'MDIM'分别是 FastGradientSignMethod、ProjectedGradientDent和MomentumDiverseInputIterativeMethod的缩写。 `mutate_config` 必须包含在['Contrast', 'GradientLuminance', 'GaussianBlur', 'MotionBlur', 'GradientBlur', 'UniformNoise', 'GaussianNoise', 'SaltAndPepperNoise', 'NaturalNoise']中的方法。
- 第一类方法的参数设置方式可以在'mindarmour/natural_robustness/transform/image'中看到。第二类方法参数配置参考 `self._attack_param_checklists` 。
- **initial_seeds** (list[list]) - 用于生成变异样本的初始种子队列。初始种子队列的格式为[[image_data, label], [...], ...],且标签必须为one-hot。
- **coverage** (CoverageMetrics) - 神经元覆盖率指标类。
- **evaluate** (bool) - 是否返回评估报告。默认值:``True``。
- **max_iters** (int) - 选择要变异的种子的最大数量。默认值:``10000``。
- **mutate_num_per_seed** (int) - 每个种子的最大变异次数。默认值:``20``。
返回:
- **list** - 模糊测试生成的变异样本。
- **list** - 变异样本的ground truth标签。
- **list** - 预测结果。
- **list** - 变异策略。
- **dict** - Fuzzer的指标报告。
异常:
- **ValueError** - 参数 `coverage` 必须是CoverageMetrics的子类。
- **ValueError** - 初始种子队列为空。
- **ValueError** - `initial_seeds` 中的种子未包含两个元素。
.. py:class:: mindarmour.fuzz_testing.SensitivityMaximizingFuzzer(target_model)
深度神经网络的模糊测试框架。
参考文献:
`Themis_Sensitivity_Testing_for_Deep_Learning_System <https://huangd1999.github.io/Themis__Sensitivity_Testing_for_Deep_Learning_System.pdf>`_。
参数:
- **target_model** (Model) - 目标模糊模型。
.. py:method:: fuzzing(mutate_config, initial_seeds, coverage, evaluate=True, max_iters=1000, mutate_num_per_seed=20)
深度神经网络的模糊测试。
参数:
- **mutate_config** (list) - 变异方法配置。格式为:
.. code-block:: python
mutate_config = [
{'method': 'GaussianBlur',
'params': {'ksize': [1, 2, 3, 5], 'auto_param': [True, False]}},
{'method': 'UniformNoise',
'params': {'factor': [0.1, 0.2, 0.3], 'auto_param': [False, True]}},
{'method': 'GaussianNoise',
'params': {'factor': [0.1, 0.2, 0.3], 'auto_param': [False, True]}},
{'method': 'Contrast',
'params': {'alpha': [0.5, 1, 1.5], 'beta': [-10, 0, 10], 'auto_param': [False, True]}},
{'method': 'Rotate',
'params': {'angle': [20, 90], 'auto_param': [False, True]}},
{'method': 'FGSM',
'params': {'eps': [0.3, 0.2, 0.4], 'alpha': [0.1], 'bounds': [(0, 1)]}}
...]
- 支持的方法在列表 `self._strategies` 中,每个方法的参数必须在可选参数的范围内。支持的方法分为两种类型:
- 首先,自然鲁棒性方法包括:'Translate'、'Scale'、'Shear'、'Rotate'、'Perspective'、'Curve'、'GaussianBlur'、'MotionBlur'、'GradientBlur'、'Contrast'、'GradientLuminance'、'UniformNoise'、'GaussianNoise'、'SaltAndPepperNoise'、'NaturalNoise'。
- 其次,对抗样本攻击方式包括:'FGSM'、'PGD'和'MDIM'。'FGSM'、'PGD'和'MDIM'分别是 FastGradientSignMethod、ProjectedGradientDent和MomentumDiverseInputIterativeMethod的缩写。 `mutate_config` 必须包含在['Contrast', 'GradientLuminance', 'GaussianBlur', 'MotionBlur', 'GradientBlur', 'UniformNoise', 'GaussianNoise', 'SaltAndPepperNoise', 'NaturalNoise']中的方法。
- 第一类方法的参数设置方式可以在'mindarmour/natural_robustness/transform/image'中看到。第二类方法参数配置参考 `self._attack_param_checklists` 。
- **initial_seeds** (list[list]) - 用于生成变异样本的初始种子队列。初始种子队列的格式为[[image_data, label], [...], ...],且标签必须为one-hot。
- **coverage** (CoverageMetrics) - 神经元覆盖率指标类。
- **evaluate** (bool) - 是否返回评估报告。默认值: ``True``。
- **max_iters** (int) - 选择要变异的种子的最大数量。默认值: ``1000``。
- **mutate_num_per_seed** (int) - 每个种子的最大变异次数。默认值: ``20``。
返回:
- list,模糊测试生成的变异样本。
- list,变异样本的ground truth标签。
- list,预测结果。
- list,变异策略。
- dict,Fuzzer的指标报告。
异常:
- **ValueError** - 参数 `coverage` 必须是CoverageMetrics的子类。
- **ValueError** - 初始种子队列为空。
- **ValueError** - `initial_seeds` 中的种子未包含两个元素。
.. py:class:: mindarmour.fuzz_testing.CoverageMetrics(model, incremental=False, batch_size=32)
计算覆盖指标的神经元覆盖类的抽象基类。
训练后网络的每个神经元输出有一个输出范围(我们称之为原始范围),测试数据集用于估计训练网络的准确性。然而,不同的测试数据集,神经元的输出分布会有所不同。因此,与传统模糊测试类似,模型模糊测试意味着测试这些神经元的输出,并评估在测试数据集上神经元输出值占原始范围的比例。
参考文献: `DeepGauge: Multi-Granularity Testing Criteria for Deep Learning Systems <https://arxiv.org/abs/1803.07519>`_。
参数:
- **model** (Model) - 被测模型。
- **incremental** (bool) - 指标将以增量方式计算。默认值:``False``。
- **batch_size** (int) - 模糊测试批次中的样本数。默认值:``32``。
.. py:method:: get_metrics(dataset)
:abstractmethod:
计算给定数据集的覆盖率指标。
参数:
- **dataset** (numpy.ndarray) - 用于计算覆盖指标的数据集。
异常:
- **NotImplementedError** - 抽象方法。
.. py:class:: mindarmour.fuzz_testing.NeuronCoverage(model, threshold=0.1, incremental=False, batch_size=32)
计算神经元激活的覆盖率。当神经元的输出大于阈值时,神经元被激活。
神经元覆盖率等于网络中激活的神经元占总神经元的比例。
参数:
- **model** (Model) - 被测模型。
- **threshold** (float) - 用于确定神经元是否激活的阈值。默认值:``0.1``。
- **incremental** (bool) - 指标将以增量方式计算。默认值:``False``。
- **batch_size** (int) - 模糊测试批次中的样本数。默认值:``32``。
.. py:method:: get_metrics(dataset)
获取神经元覆盖率的指标:激活的神经元占网络中神经元总数的比例。
参数:
- **dataset** (numpy.ndarray) - 用于计算覆盖率指标的数据集。
返回:
- **float** - 'neuron coverage'的指标。
.. py:class:: mindarmour.fuzz_testing.TopKNeuronCoverage(model, top_k=3, incremental=False, batch_size=32)
计算前k个激活神经元的覆盖率。当隐藏层神经元的输出值在最大的 `top_k` 范围内,神经元就会被激活。`top_k` 神经元覆盖率等于网络中激活神经元占总神经元的比例。
参数:
- **model** (Model) - 被测模型。
- **top_k** (int) - 当隐藏层神经元的输出值在最大的 `top_k` 范围内,神经元就会被激活。默认值:``3``。
- **incremental** (bool) - 指标将以增量方式计算。默认值:``False``。
- **batch_size** (int) - 模糊测试批次中的样本数。默认值:``32``。
.. py:method:: get_metrics(dataset)
获取Top K激活神经元覆盖率的指标。
参数:
- **dataset** (numpy.ndarray) - 用于计算覆盖率指标的数据集。
返回:
- **float** - 'top k neuron coverage'的指标。
.. py:class:: mindarmour.fuzz_testing.NeuronBoundsCoverage(model, train_dataset, incremental=False, batch_size=32)
获取'neuron boundary coverage'的指标 :math:`NBC = (|UpperCornerNeuron| + |LowerCornerNeuron|)/(2*|N|)` ,其中 :math:`|N|` 是神经元的数量,NBC是指测试数据集中神经元输出值超过训练数据集中相应神经元输出值的上下界的神经元比例。
参数:
- **model** (Model) - 等待测试的预训练模型。
- **train_dataset** (numpy.ndarray) - 用于确定神经元输出边界的训练数据集。
- **incremental** (bool) - 指标将以增量方式计算。默认值:``False``。
- **batch_size** (int) - 模糊测试批次中的样本数。默认值:``32``。
.. py:method:: get_metrics(dataset)
获取'neuron boundary coverage'的指标。
参数:
- **dataset** (numpy.ndarray) - 用于计算覆盖指标的数据集。
返回:
- **float** - 'neuron boundary coverage'的指标。
.. py:class:: mindarmour.fuzz_testing.SuperNeuronActivateCoverage(model, train_dataset, incremental=False, batch_size=32)
获取超激活神经元覆盖率('super neuron activation coverage')的指标。 :math:`SNAC = |UpperCornerNeuron|/|N|` 。SNAC是指测试集中神经元输出值超过训练集中相应神经元输出值上限的神经元比例。
参数:
- **model** (Model) - 等待测试的预训练模型。
- **train_dataset** (numpy.ndarray) - 用于确定神经元输出边界的训练数据集。
- **incremental** (bool) - 指标将以增量方式计算。默认值:``False``。
- **batch_size** (int) - 模糊测试批次中的样本数。默认值:``32``。
.. py:method:: get_metrics(dataset)
获取超激活神经元覆盖率('super neuron activation coverage')的指标。
参数:
- **dataset** (numpy.ndarray) - 用于计算覆盖指标的数据集。
返回:
- **float** - 超激活神经元覆盖率('super neuron activation coverage')的指标
.. py:class:: mindarmour.fuzz_testing.KMultisectionNeuronCoverage(model, train_dataset, segmented_num=100, incremental=False, batch_size=32)
获取K分神经元覆盖率的指标。KMNC度量测试集神经元输出落在训练集输出范围k等分间隔上的比例。
参数:
- **model** (Model) - 等待测试的预训练模型。
- **train_dataset** (numpy.ndarray) - 用于确定神经元输出边界的训练数据集。
- **segmented_num** (int) - 神经元输出间隔的分段部分数量。默认值:``100``。
- **incremental** (bool) - 指标将以增量方式计算。默认值:``False``。
- **batch_size** (int) - 模糊测试批次中的样本数。默认值:``32``。
.. py:method:: get_metrics(dataset)
获取'k-multisection neuron coverage'的指标。
参数:
- **dataset** (numpy.ndarray) - 用于计算覆盖指标的数据集。
返回:
- **float** - 'k-multisection neuron coverage'的指标。
.. py:class:: mindarmour.fuzz_testing.SensitivityConvergenceCoverage(model, threshold=0.5, incremental=False, batch_size=32, selected_neurons_num=100, n_iter=1000)
获取神经元收敛覆盖率的指标。SCC度量神经元输出变化值收敛为正态分布的比例。
参数:
- **model** (Model) - 等待测试的预训练模型。
- **threshold** (float) - 神经元收敛阈值。默认值: ``0.5``。
- **incremental** (bool) - 指标将以增量方式计算。默认值: ``False``。
- **batch_size** (int) - 模糊测试批次中的样本数。默认值: ``32``。
- **selected_neurons_num** (int) - 模糊测试时所选取的神经元数量。默认值: ``100``。
- **n_iter** (int) - 模糊测试时最大测试次数。默认值: ``1000``。
.. py:method:: get_metrics(dataset)
获取'neuron convergence coverage'的指标。
参数:
- **dataset** (numpy.ndarray) - 用于计算覆盖指标的数据集。
返回:
- **float** - 'neuron convergence coverage'的指标。
================================================
FILE: docs/api/api_python/mindarmour.natural_robustness.transform.image.rst
================================================
mindarmour.natural_robustness.transform.image
=============================================
本模块包含图像的自然扰动方法。
.. py:class:: mindarmour.natural_robustness.transform.image.Contrast(alpha=1, beta=0, auto_param=False)
图像的对比度。
参数:
- **alpha** (Union[float, int]) - 控制图像的对比度。:math:`out\_image = in\_image \times alpha+beta`。建议值范围[0.2, 2]。默认值:1。
- **beta** (Union[float, int]) - 补充alpha的增量。默认值:``0``。
- **auto_param** (bool) - 自动选择参数。在保留图像的语义的范围内自动选择参数。默认值:``False``。
.. py:class:: mindarmour.natural_robustness.transform.image.GradientLuminance(color_start=(0, 0, 0), color_end=(255, 255, 255), start_point=(10, 10), scope=0.5, pattern='light', bright_rate=0.3, mode='circle', auto_param=False)
渐变调整图片的亮度。
参数:
- **color_start** (union[tuple, list]) - 渐变中心的颜色。默认值:``(0, 0, 0)``。
- **color_end** (union[tuple, list]) - 渐变边缘的颜色。默认值:``(255, 255, 255)``。
- **start_point** (union[tuple, list]) - 渐变中心的二维坐标。默认值:``(10, 10)``。
- **scope** (float) - 渐变的范围。值越大,渐变范围越大。默认值:``0.5``。
- **pattern** (str) - 深色或浅色,此值必须为 ``'light'`` 或 ``'dark'``。默认值: ``'light'``。
- **bright_rate** (float) - 控制亮度。值越大,梯度范围越大。如果参数 `pattern` 为 ``'light'``,建议值范围为[0.1, 0.7],如果参数 `pattern` 为 ``'dark'``,建议值范围为[0.1, 0.9]。默认值:``0.3``。
- **mode** (str) - 渐变模式,值必须为 ``'circle'``、``'horizontal'`` 或 ``'vertical'``。默认值:``'circle'``。
- **auto_param** (bool) - 自动选择参数。在保留图像的语义的范围内自动选择参数。默认值:``False``。
.. py:class:: mindarmour.natural_robustness.transform.image.GaussianBlur(ksize=2, auto_param=False)
使用高斯模糊滤镜模糊图像。
参数:
- **ksize** (int) - 高斯核的大小,必须为非负数。默认值:``2``。
- **auto_param** (bool) - 自动选择参数。在保留图像的语义的范围内自动选择参数。默认值:``False``。
.. py:class:: mindarmour.natural_robustness.transform.image.MotionBlur(degree=5, angle=45, auto_param=False)
运动模糊。
参数:
- **degree** (int) - 模糊程度。必须为正值。建议取值范围[1, 15]。默认值:``5``。
- **angle** (union[float, int]) - 运动模糊的方向。angle=0表示上下运动模糊。角度为逆时针方向。默认值:``45``。
- **auto_param** (bool) - 自动选择参数。在保留图像的语义的范围内自动选择参数。默认值:``False``。
.. py:class:: mindarmour.natural_robustness.transform.image.GradientBlur(point, kernel_num=3, center=True, auto_param=False)
渐变模糊。
参数:
- **point** (union[tuple, list]) - 模糊中心点的二维坐标。
- **kernel_num** (int) - 模糊核的数量。建议取值范围[1, 8]。默认值:``3``。
- **center** (bool) - 指定中心点模糊或指定中心点清晰。默认值:``True``。
- **auto_param** (bool) - 自动选择参数。在保留图像的语义的范围内自动选择参数。默认值:``False``。
.. py:class:: mindarmour.natural_robustness.transform.image.UniformNoise(factor=0.1, auto_param=False)
图像添加均匀噪声。
参数:
- **factor** (float) - 噪声密度,单位像素区域添加噪声的比例。建议取值范围:[0.001, 0.15]。默认值:``0.1``。
- **auto_param** (bool) - 自动选择参数。在保留图像的语义的范围内自动选择参数。默认值:``False``。
.. py:class:: mindarmour.natural_robustness.transform.image.GaussianNoise(factor=0.1, auto_param=False)
图像添加高斯噪声。
参数:
- **factor** (float) - 噪声密度,单位像素区域添加噪声的比例。建议取值范围:[0.001, 0.15]。默认值:``0.1``。
- **auto_param** (bool) - 自动选择参数。在保留图像的语义的范围内自动选择参数。默认值:``False``。
.. py:class:: mindarmour.natural_robustness.transform.image.SaltAndPepperNoise(factor=0, auto_param=False)
图像添加椒盐噪声。
参数:
- **factor** (float) - 噪声密度,单位像素区域添加噪声的比例。建议取值范围:[0.001, 0.15]。默认值:``0``。
- **auto_param** (bool) - 自动选择参数。在保留图像的语义的范围内自动选择参数。默认值:``False``。
.. py:class:: mindarmour.natural_robustness.transform.image.NaturalNoise(ratio=0.0002, k_x_range=(1, 5), k_y_range=(3, 25), auto_param=False)
图像添加自然噪声。
参数:
- **ratio** (float) - 噪声密度,单位像素区域添加噪声的比例。建议取值范围:[0.00001, 0.001]。默认值:``0.0002``。
- **k_x_range** (union[list, tuple]) - 噪声块长度的取值范围。默认值:``(1, 5)``。
- **k_y_range** (union[list, tuple]) - 噪声块宽度的取值范围。默认值:``(3, 25)``。
- **auto_param** (bool) - 自动选择参数。在保留图像的语义的范围内自动选择参数。默认值:``False``。
.. py:class:: mindarmour.natural_robustness.transform.image.Translate(x_bias=0, y_bias=0, auto_param=False)
图像平移。
参数:
- **x_bias** (Union[int, float]) - X方向平移, :math:`x = x + x\_bias \times image\_length` 。建议取值范围在[-0.1, 0.1]中。默认值:``0``。
- **y_bias** (Union[int, float]) - Y方向平移, :math:`y = y + y\_bias \times image\_width` 。建议取值范围在[-0.1, 0.1]中。默认值:``0``。
- **auto_param** (bool) - 自动选择参数。在保留图像的语义的范围内自动选择参数。默认值:``False``。
.. py:class:: mindarmour.natural_robustness.transform.image.Scale(factor_x=1, factor_y=1, auto_param=False)
图像缩放。
参数:
- **factor_x** (Union[float, int]) - 在X方向缩放, :math:`x=factor_x \times x` 。建议取值范围在[0.5, 1]且abs(factor_y - factor_x) < 0.5。默认值:``1``。
- **factor_y** (Union[float, int]) - 沿Y方向缩放, :math:`y=factor_y \times y` 。建议取值范围在[0.5, 1]且abs(factor_y - factor_x) < 0.5。默认值:``1``。
- **auto_param** (bool) - 自动选择参数。在保留图像的语义的范围内自动选择参数。默认值:``False``。
.. py:class:: mindarmour.natural_robustness.transform.image.Shear(factor=0.2, direction='horizontal', auto_param=False)
图像错切,错切后图像和原图的映射关系为: :math:`(new_x, new_y) = (x+factor_x \times y, factor_y \times x+y)` 。错切后图像将重新缩放到原图大小。
参数:
- **factor** (Union[float, int]) - 沿错切方向上的错切比例。建议值范围[0.05, 0.5]。默认值:``0.2``。
- **direction** (str) - 形变方向。可选值为 ``'vertical'`` 或 ``'horizontal'``。默认值:``'horizontal'``。
- **auto_param** (bool) - 自动选择参数。在保留图像的语义的范围内自动选择参数。默认值:``False``。
.. py:class:: mindarmour.natural_robustness.transform.image.Rotate(angle=20, auto_param=False)
围绕图像中心点逆时针旋转图像。
参数:
- **angle** (Union[float, int]) - 逆时针旋转的度数。建议值范围[-60, 60]。默认值:``20``。
- **auto_param** (bool) - 自动选择参数。在保留图像的语义的范围内自动选择参数。默认值:``False``。
.. py:class:: mindarmour.natural_robustness.transform.image.Perspective(ori_pos, dst_pos, auto_param=False)
透视变换。
参数:
- **ori_pos** (list[list[int]]) - 原始图像中的四个点的坐标。
- **dst_pos** (list[list[int]]) - 对应的 `ori_pos` 中4个点透视变换后的点坐标。
- **auto_param** (bool) - 自动选择参数。在保留图像的语义的范围内自动选择参数。默认值:``False``。
.. py:class:: mindarmour.natural_robustness.transform.image.Curve(curves=3, depth=10, mode='vertical', auto_param=False)
使用Sin函数的曲线变换。
参数:
- **curves** (union[float, int]) - 曲线周期数。建议取值范围[0.1, 5]。默认值:``3``。
- **depth** (union[float, int]) - sin函数的幅度。建议取值不超过图片长度的1/10。默认值:``10``。
- **mode** (str) - 形变方向。可选值 ``'vertical'`` 或 ``'horizontal'``。默认值:``'vertical'``。
- **auto_param** (bool) - 自动选择参数。在保留图像的语义的范围内自动选择参数。默认值:``False``。
================================================
FILE: docs/api/api_python/mindarmour.privacy.diff_privacy.rst
================================================
mindarmour.privacy.diff_privacy
===============================
本模块提供差分隐私功能,以保护用户隐私。
.. py:class:: mindarmour.privacy.diff_privacy.NoiseGaussianRandom(norm_bound=1.0, initial_noise_multiplier=1.0, seed=0, decay_policy=None)
基于 :math:`mean=0` 以及 :math:`standard\_deviation = norm\_bound * initial\_noise\_multiplier` 的高斯分布产生噪声。
参数:
- **norm_bound** (float) - 梯度的l2范数的裁剪范围。默认值:``1.0``。
- **initial_noise_multiplier** (float) - 高斯噪声标准偏差除以 `norm_bound` 的比率,将用于计算隐私预算。默认值:``1.0``。
- **seed** (int) - 原始随机种子。如果值为 ``0``,随机正态将使用安全随机数,否则随机正态将使用给定的种子生成值。默认值:``0``。
- **decay_policy** (str) - 衰减策略。默认值:``None``。
.. py:method:: construct(gradients)
产生高斯噪声。
参数:
- **gradients** (Tensor) - 梯度。
返回:
- **Tensor** - 生成的shape与给定梯度相同的噪声。
.. py:class:: mindarmour.privacy.diff_privacy.NoiseAdaGaussianRandom(norm_bound=1.0, initial_noise_multiplier=1.0, seed=0, noise_decay_rate=6e-6, decay_policy='Exp')
自适应高斯噪声产生机制。噪音会随着训练而衰减。衰减模式可以是 ``'Time'``、``'Step'``、``'Exp'``。
在模型训练过程中,将更新 `self._noise_multiplier` 。
参数:
- **norm_bound** (float) - 梯度的l2范数的裁剪范围。默认值:``1.0``。
- **initial_noise_multiplier** (float) - 高斯噪声标准偏差除以 `norm_bound` 的比率,将用于计算隐私预算。默认值:``1.0``。
- **seed** (int) - 原始随机种子。如果值为 ``0``,随机正态将使用安全随机数,否则随机正态将使用给定的种子生成值。默认值:``0``。
- **noise_decay_rate** (float) - 控制噪声衰减的超参数。默认值:``6e-6``。
- **decay_policy** (str) - 噪声衰减策略包括 ``'Step'``、``'Time'``、``'Exp'``。默认值:``'Exp'``。
.. py:method:: construct(gradients)
生成自适应高斯噪声。
参数:
- **gradients** (Tensor) - 梯度。
返回:
- **Tensor** - 生成的shape与给定梯度相同的噪声。
.. py:class:: mindarmour.privacy.diff_privacy.AdaClippingWithGaussianRandom(decay_policy='Linear', learning_rate=0.001, target_unclipped_quantile=0.9, fraction_stddev=0.01, seed=0)
自适应剪裁。
如果 `decay_policy` 是'Linear',则更新公式为::math:`norm\_bound = norm\_bound - learning\_rate*(beta - target\_unclipped\_quantile)` 。
如果 `decay_policy` 是'Geometric',则更新公式为 :math:`norm\_bound = norm\_bound*exp(-learning\_rate*(empirical\_fraction - target\_unclipped\_quantile))` 。
其中,beta是值最多为 `target_unclipped_quantile` 的样本的经验分数。
参数:
- **decay_policy** (str) - 自适应剪裁的衰变策略, `decay_policy` 必须为 ``'Linear'`` 或 ``'Geometric'``。默认值:``'Linear'``。
- **learning_rate** (float) - 更新范数裁剪的学习率。默认值:``0.001``。
- **target_unclipped_quantile** (float) - 范数裁剪的目标分位数。默认值:``0.9``。
- **fraction_stddev** (float) - 高斯正态的stddev,用于 `empirical_fraction` ,公式为empirical_fraction + N(0, fraction_stddev)。默认值:``0.01``。
- **seed** (int) - 原始随机种子。如果值为 ``0``,随机正态将使用安全随机数,否则随机正态将使用给定的种子生成值。默认值:``0``。
返回:
- **Tensor** - 更新后的梯度裁剪阈值。
.. py:method:: construct(empirical_fraction, norm_bound)
更新 `norm_bound` 的值。
参数:
- **empirical_fraction** (Tensor) - 梯度裁剪的经验分位数,最大值不超过 `target_unclipped_quantile` 。
- **norm_bound** (Tensor) - 梯度的l2范数的裁剪范围。
返回:
- **Tensor** - 生成的shape与给定梯度相同的噪声。
.. py:class:: mindarmour.privacy.diff_privacy.NoiseMechanismsFactory
噪声产生机制的工厂类。它目前支持高斯随机噪声(Gaussian Random Noise)和自适应高斯随机噪声(Adaptive Gaussian Random Noise)。
详情请查看: `教程 <https://mindspore.cn/mindarmour/docs/zh-CN/master/protect_user_privacy_with_differential_privacy.html#%E5%B7%AE%E5%88%86%E9%9A%90%E7%A7%81>`_。
.. py:method:: create(mech_name, norm_bound=1.0, initial_noise_multiplier=1.0, seed=0, noise_decay_rate=6e-6, decay_policy=None)
:abstractmethod:
参数:
- **mech_name** (str) - 噪声生成策略,可以是 ``'Gaussian'`` 或 ``'AdaGaussian'``。噪声在 ``'AdaGaussian'`` 机制下衰减,而在 ``'Gaussian'`` 机制下则恒定。
- **norm_bound** (float) - 梯度的l2范数的裁剪范围。默认值:``1.0``。
- **initial_noise_multiplier** (float) - 高斯噪声标准偏差除以 `norm_bound` 的比率,将用于计算隐私预算。默认值:``1.0``。
- **seed** (int) - 原始随机种子。如果值为 ``0``,随机正态将使用安全随机数,否则随机正态将使用给定的种子生成值。默认值:``0``。
- **noise_decay_rate** (float) - 控制噪声衰减的超参数。默认值:``6e-6``。
- **decay_policy** (str) - 衰减策略。如果 `decay_policy` 为 ``None``,则不需要更新参数。默认值:``None``。
返回:
- **Mechanisms** - 产生的噪声类别机制。
异常:
- **NameError** - `mech_name` 必须为 ``'Gaussian'`` 或 ``'AdaGaussian'``。
.. py:class:: mindarmour.privacy.diff_privacy.ClipMechanismsFactory
梯度剪裁机制的工厂类。它目前支持高斯随机噪声(Gaussian Random Noise)的自适应剪裁(Adaptive Clipping)。
详情请查看: `教程 <https://mindspore.cn/mindarmour/docs/zh-CN/master/protect_user_privacy_with_differential_privacy.html#%E5%B7%AE%E5%88%86%E9%9A%90%E7%A7%81>`_。
.. py:method:: create(mech_name, decay_policy='Linear', learning_rate=0.001, target_unclipped_quantile=0.9, fraction_stddev=0.01, seed=0)
:abstractmethod:
参数:
- **mech_name** (str) - 噪声裁剪生成策略,现支持 ``'Gaussian'``。
- **decay_policy** (str) - 自适应剪裁的衰变策略,``decay_policy`` 必须为 ``'Linear'`` 或 ``'Geometric'``。默认值:``'Linear'``。
- **learning_rate** (float) - 更新范数裁剪的学习率。默认值:``0.001``。
- **target_unclipped_quantile** (float) - 范数裁剪的目标分位数。默认值:``0.9``。
- **fraction_stddev** (float) - 高斯正态的stddev,用于empirical_fraction,公式为 :math:`empirical\_fraction + N(0, fraction\_stddev)` 。默认值:``0.01``。
- **seed** (int) - 原始随机种子。如果值为 ``0``,随机正态将使用安全随机数,否则随机正态将使用给定的种子生成值。默认值:``0``。
返回:
- **Mechanisms** - 产生的噪声类别机制。
异常:
- **NameError** - `mech_name` 必须为 ``'Gaussian'``。
.. py:class:: mindarmour.privacy.diff_privacy.PrivacyMonitorFactory
DP训练隐私监视器的工厂类。
详情请查看: `教程 <https://mindspore.cn/mindarmour/docs/zh-CN/master/protect_user_privacy_with_differential_privacy.html#%E5%B7%AE%E5%88%86%E9%9A%90%E7%A7%81>`_。
.. py:method:: create(policy, *args, **kwargs)
:abstractmethod:
创建隐私预算监测类。
参数:
- **policy** (str) - 监控策略,现支持 ``'rdp'`` 和 ``'zcdp'``。
- 如果策略为 ``'rdp'``,监控器将根据Renyi差分隐私(Renyi differential privacy,RDP)理论计算DP训练的隐私预算;
- 如果策略为 ``'zcdp'``,监控器将根据零集中差分隐私(zero-concentrated differential privacy,zCDP)理论计算DP训练的隐私预算。注意,``'zcdp'`` 不适合子采样噪声机制。
- **args** (Union[int, float, numpy.ndarray, list, str]) - 用于创建隐私监视器的参数。
- **kwargs** (Union[int, float, numpy.ndarray, list, str]) - 用于创建隐私监视器的关键字参数。
返回:
- **Callback** - 隐私监视器。
.. py:class:: mindarmour.privacy.diff_privacy.RDPMonitor(num_samples, batch_size, initial_noise_multiplier=1.5, max_eps=10.0, target_delta=1e-3, max_delta=None, target_eps=None, orders=None, noise_decay_mode='Time', noise_decay_rate=6e-4, per_print_times=50, dataset_sink_mode=False)
基于Renyi差分隐私(RDP)理论,计算DP训练的隐私预算。根据下面的参考文献,如果随机化机制被认为具有α阶的ε'-Renyi差分隐私,它也满足常规差分隐私(ε, δ),如下所示:
.. math::
(ε'+\frac{log(1/δ)}{α-1}, δ)
详情请查看: `教程 <https://mindspore.cn/mindarmour/docs/zh-CN/master/protect_user_privacy_with_differential_privacy.html#%E5%B7%AE%E5%88%86%E9%9A%90%E7%A7%81>`_。
参考文献: `Rényi Differential Privacy of the Sampled Gaussian Mechanism <https://arxiv.org/abs/1908.10530>`_。
参数:
- **num_samples** (int) - 训练数据集中的样本总数。
- **batch_size** (int) - 训练时批处理中的样本数。
- **initial_noise_multiplier** (Union[float, int]) - 高斯噪声标准偏差除以norm_bound的比率,将用于计算隐私预算。默认值:``1.5``。
- **max_eps** (Union[float, int, None]) - DP训练的最大可接受epsilon预算,用于估计最大训练epoch。``None`` 表示epsilon预算没有限制。默认值:``10.0``。
- **target_delta** (Union[float, int, None]) - DP训练的目标delta预算。如果 `target_delta` 设置为 ``δ``,则隐私预算 ``δ`` 将在整个训练过程中是固定的。默认值:``1e-3``。
- **max_delta** (Union[float, int, None]) - DP训练的最大可接受delta预算,用于估计最大训练epoch。 `max_delta` 必须小于1,建议小于1e-3,否则会溢出。``None`` 表示delta预算没有限制。默认值:``None``。
- **target_eps** (Union[float, int, None]) - DP训练的目标epsilon预算。如果 `target_eps` 设置为 ``ε``,则隐私预算 ``ε`` 将在整个训练过程中是固定的。默认值:``None``。
- **orders** (Union[None, list[int, float]]) - 用于计算rdp的有限阶数,必须大于1。不同阶的隐私预算计算结果会有所不同。为了获得更严格(更小)的隐私预算估计,可以尝试阶列表。默认值:``None``。
- **noise_decay_mode** (Union[None, str]) - 训练时添加噪音的衰减模式,可以是 ``None``、``'Time'``、``'Step'``、``'Exp'``。默认值:``'Time'``。
- **noise_decay_rate** (float) - 训练时噪音的衰变率。默认值:``6e-4``。
- **per_print_times** (int) - 计算和打印隐私预算的间隔步数。默认值:``50``。
- **dataset_sink_mode** (bool) - 如果为 ``True``,所有训练数据都将一次性传递到设备(Ascend)。如果为 ``False``,则训练数据将在每步训练后传递到设备。默认值:``False``。
.. py:method:: max_epoch_suggest()
估计最大训练epoch,以满足预定义的隐私预算。
返回:
- **int** - 建议的最大训练epoch。
.. py:method:: step_end(run_context)
在每个训练步骤后计算隐私预算。
参数:
- **run_context** (RunContext) - 包含模型的一些信息。
.. py:class:: mindarmour.privacy.diff_privacy.ZCDPMonitor(num_samples, batch_size, initial_noise_multiplier=1.5, max_eps=10.0, target_delta=1e-3, noise_decay_mode='Time', noise_decay_rate=6e-4, per_print_times=50, dataset_sink_mode=False)
基于零集中差分隐私(zCDP)理论,计算DP训练的隐私预算。根据下面的参考文献,如果随机化机制满足ρ-zCDP机制,它也满足传统的差分隐私(ε, δ),如下所示:
.. math::
(ρ+2\sqrt{ρ*log(1/δ)}, δ)
注意,ZCDPMonitor不适合子采样噪声机制(如NoiseAdaGaussianRandom和NoiseGaussianRandom)。未来将开发zCDP的匹配噪声机制。
详情请查看:`教程 <https://mindspore.cn/mindarmour/docs/zh-CN/master/protect_user_privacy_with_differential_privacy.html#%E5%B7%AE%E5%88%86%E9%9A%90%E7%A7%81>`_。
参考文献:`Concentrated Differentially Private Gradient Descent with Adaptive per-Iteration Privacy Budget <https://arxiv.org/abs/1808.09501>`_。
参数:
- **num_samples** (int) - 训练数据集中的样本总数。
- **batch_size** (int) - 训练时批处理中的样本数。
- **initial_noise_multiplier** (Union[float, int]) - 高斯噪声标准偏差除以norm_bound的比率,将用于计算隐私预算。默认值:``1.5``。
- **max_eps** (Union[float, int]) - DP训练的最大可接受epsilon预算,用于估计最大训练epoch。默认值:``10.0``。
- **target_delta** (Union[float, int]) - DP训练的目标delta预算。如果 `target_delta` 设置为 ``δ``,则隐私预算 `δ` 将在整个训练过程中是固定的。默认值:``1e-3``。
- **noise_decay_mode** (Union[None, str]) - 训练时添加噪音的衰减模式,可以是 ``None``、``'Time'``、``'Step'``、``'Exp'``。默认值:``'Time'``。
- **noise_decay_rate** (float) - 训练时噪音的衰变率。默认值:``6e-4``。
- **per_print_times** (int) - 计算和打印隐私预算的间隔步数。默认值:``50``。
- **dataset_sink_mode** (bool) - 如果为 ``True``,所有训练数据都将一次性传递到设备(Ascend)。如果为 ``False``,则训练数据将在每步训练后传递到设备。默认值:``False``。
.. py:method:: max_epoch_suggest()
估计最大训练epoch,以满足预定义的隐私预算。
返回:
- **int** - 建议的最大训练epoch。
.. py:method:: step_end(run_context)
在每个训练步骤后计算隐私预算。
参数:
- **run_context** (RunContext) - 包含模型的一些信息。
.. py:class:: mindarmour.privacy.diff_privacy.DPOptimizerClassFactory(micro_batches=2)
优化器的工厂类。
参数:
- **micro_batches** (int) - 从原始批次拆分的小批次中的样本数量。默认值:``2``。
返回:
- **Optimizer** - 优化器类。
.. py:method:: create(policy)
创建DP优化器。策略可以是 ``'sgd'``、``'momentum'``、``'adam'``。
参数:
- **policy** (str) - 选择原始优化器类型。
返回:
- **Optimizer** - 一个带有差分加噪的优化器。
.. py:method:: set_mechanisms(policy, *args, **kwargs)
获取噪音机制对象。策略可以是 ``'Gaussian'`` 或 ``'AdaGaussian'``。候选的args和kwargs可以在 `NoiseMechanismsFactory` 类中看到。
参数:
- **policy** (str) - 选择机制类型。
.. py:class:: mindarmour.privacy.diff_privacy.DPModel(micro_batches=2, norm_bound=1.0, noise_mech=None, clip_mech=None, optimizer=nn.Momentum, **kwargs)
DPModel用于构建差分隐私训练的模型。
这个类重载自 `mindspore.train.Model` 。
详情请查看: `教程 <https://mindspore.cn/mindarmour/docs/zh-CN/master/protect_user_privacy_with_differential_privacy.html#%E5%B7%AE%E5%88%86%E9%9A%90%E7%A7%81>`_。
参数:
- **micro_batches** (int) - 从原始批次拆分的小批次数。默认值:``2``。
- **norm_bound** (float) - 用于裁剪范围,如果设置为 ``1.0``,将返回原始数据。默认值:``1.0``。
- **noise_mech** (Mechanisms) - 用于生成不同类型的噪音。默认值:``None``。
- **clip_mech** (Mechanisms) - 用于更新自适应剪裁。默认值:``None``。
- **optimizer** (Cell) - 用于更新差分隐私训练过程中的模型权重值。默认值:``nn.Momentum``。
异常:
- **ValueError** - `optimizer` 值为 ``None``。
- **ValueError** - `optimizer` 不是DPOptimizer,且 `noise_mech` 为 ``None``。
- **ValueError** - `optimizer` 是DPOptimizer,且 `noise_mech` 非 ``None``。
- **ValueError** - `noise_mech` 或DPOptimizer的mech方法是自适应的,而 `clip_mech` 不是 ``None``。
================================================
FILE: docs/api/api_python/mindarmour.privacy.evaluation.rst
================================================
mindarmour.privacy.evaluation
=============================
本模块提供了一些评估给定模型隐私泄露风险的方法。
.. py:class:: mindarmour.privacy.evaluation.MembershipInference(model, n_jobs=-1)
成员推理是由Shokri、Stronati、Song和Shmatikov提出的一种用于推断用户隐私数据的灰盒攻击。它需要训练样本的loss或logits结果,隐私是指单个用户的一些敏感属性。
有关详细信息,请参见: `教程 <https://mindspore.cn/mindarmour/docs/zh-CN/master/test_model_security_membership_inference.html>`_。
参考文献:`Reza Shokri, Marco Stronati, Congzheng Song, Vitaly Shmatikov. Membership Inference Attacks against Machine Learning Models. 2017. <https://arxiv.org/abs/1610.05820v2>`_。
参数:
- **model** (Model) - 目标模型。
- **n_jobs** (int) - 并行运行的任务数量。``-1`` 表示使用所有处理器,否则 `n_jobs` 的值必须为正整数。
异常:
- **TypeError** - 模型的类型不是 `mindspore.train.Model` 。
- **TypeError** - `n_jobs` 的类型不是int。
- **ValueError** - `n_jobs` 的值既不是 ``-1``,也不是正整数。
.. py:method:: eval(dataset_train, dataset_test, metrics)
评估目标模型的隐私泄露程度。
评估指标应由metrics规定。
参数:
- **dataset_train** (mindspore.dataset) - 目标模型的训练数据集。
- **dataset_test** (mindspore.dataset) - 目标模型的测试数据集。
- **metrics** (Union[list, tuple]) - 评估指标。指标的值必须为 ``"precision"``、``"accuracy"`` 或 ``"recall"``。默认值:``"precision"``。
返回:
- **list** - 每个元素都包含攻击模型的评估指标。
.. py:method:: train(dataset_train, dataset_test, attack_config)
根据配置,使用输入数据集训练攻击模型。
参数:
- **dataset_train** (mindspore.dataset) - 目标模型的训练数据集。
- **dataset_test** (mindspore.dataset) - 目标模型的测试集。
- **attack_config** (Union[list, tuple]) - 攻击模型的参数设置。格式为
.. code-block:: python
attack_config =
[{"method": "knn", "params": {"n_neighbors": [3, 5, 7]}},
{"method": "lr", "params": {"C": np.logspace(-4, 2, 10)}}]
- 支持的方法有 ``knn``、``lr``、``mlp`` 和 ``rf``,每个方法的参数必须在可变参数的范围内。参数实现的提示可在下面找到:
- `KNN <https://scikit-learn.org/stable/modules/generated/sklearn.neighbors.KNeighborsClassifier.html>`_
- `LR <https://scikit-learn.org/stable/modules/generated/sklearn.linear_model.LogisticRegression.html>`_
- `RF <https://scikit-learn.org/stable/modules/generated/sklearn.ensemble.RandomForestClassifier.html>`_
- `MLP <https://scikit-learn.org/stable/modules/generated/sklearn.neural_network.MLPRegressor.html>`_
异常:
- **KeyError** - `attack_config` 中的配置没有键{"method", "params"}。
- **NameError** - `attack_config` 中的方法(不区分大小写)不为 ``"lr"``、``"knn"``、``"rf"`` 或 ``"mlp"``。
.. py:class:: mindarmour.privacy.evaluation.ImageInversionAttack(network, input_shape, input_bound, loss_weights=(1, 0.2, 5))
一种通过还原图像的深层表达来重建图像的攻击方法。
参考文献:`Aravindh Mahendran, Andrea Vedaldi. Understanding Deep Image Representations by Inverting Them. 2014. <https://arxiv.org/pdf/1412.0035.pdf>`_。
参数:
- **network** (Cell) - 网络,用于推断图像的深层特征。
- **input_shape** (tuple) - 单个网络输入的数据形状,应与给定网络一致。形状的格式应为 :math:`(channel, image\_width, image\_height)` 。
- **input_bound** (Union[tuple, list]) - 原始图像的像素范围,应该像[minimum_pixel, maximum_pixel]或(minimum_pixel, maximum_pixel)。
- **loss_weights** (Union[list, tuple]) - InversionLoss中三个子损失的权重,可以调整以获得更好的结果。默认值:``(1, 0.2, 5)``。
异常:
- **TypeError** - 网络类型不是Cell。
- **ValueError** - `input_shape` 的值有非正整数。
- **ValueError** - `loss_weights` 的值有非正数。
.. py:method:: evaluate(original_images, inversion_images, labels=None, new_network=None)
通过三个指标评估还原图像的质量:原始图像和还原图像之间的平均L2距离和SSIM值,以及新模型对还原图像的推理结果在真实标签上的置信度平均值。
参数:
- **original_images** (numpy.ndarray) - 原始图像,其形状应为 :math:`(img\_num, channels, img\_width, img\_height)` 。
- **inversion_images** (numpy.ndarray) - 还原图像,其形状应为 :math:`(img\_num, channels, img\_width, img\_height)` 。
- **labels** (numpy.ndarray) - 原始图像的ground truth标签。默认值:``None``。
- **new_network** (Cell) - 其结构包含self._network中所有网络,但加载了不同的模型文件。默认值:``None``。
返回:
- **float** - l2距离。
- **float** - 平均ssim值。
- **Union[float, None]** - 平均置信度。如果 `labels` 或 `new_network` 为 ``None``,则该值为 ``None``。
.. py:method:: generate(target_features, iters=100)
根据 `target_features` 重建图像。
参数:
- **target_features** (numpy.ndarray) - 原始图像的深度表示。 `target_features` 的第一个维度应该是img_num。需要注意的是,如果img_num等于1,则 `target_features` 的shape应该是 :math:`(1, dim2, dim3, ...)` 。
- **iters** (int) - 逆向攻击的迭代次数,应为正整数。默认值:``1.0``。
返回:
- **numpy.ndarray** - 重建图像,预计与原始图像相似。
异常:
- **TypeError** - `target_features` 的类型不是numpy.ndarray。
- **ValueError** - `iters` 的值都不是正整数.
================================================
FILE: docs/api/api_python/mindarmour.privacy.sup_privacy.rst
================================================
mindarmour.privacy.sup_privacy
==============================
本模块提供抑制隐私功能,以保护用户隐私。
.. py:class:: mindarmour.privacy.sup_privacy.SuppressMasker(model, suppress_ctrl)
周期性检查抑制隐私功能状态和切换(启动/关闭)抑制操作。
详情请查看: `应用抑制隐私机制保护用户隐私
<https://mindspore.cn/mindarmour/docs/zh-CN/master/protect_user_privacy_with_suppress_privacy.html#%E5%BC%95%E5%85%A5%E6%8A%91%E5%88%B6%E9%9A%90%E7%A7%81%E8%AE%AD%E7%BB%83>`_。
参数:
- **model** (SuppressModel) - SuppressModel 实例。
- **suppress_ctrl** (SuppressCtrl) - SuppressCtrl 实例。
.. py:method:: step_end(run_context)
更新用于抑制模型实例的掩码矩阵张量。
参数:
- **run_context** (RunContext) - 包含模型的一些信息。
.. py:class:: mindarmour.privacy.sup_privacy.SuppressModel(network, loss_fn, optimizer, **kwargs)
抑制隐私训练器,重载自 `mindspore.train.Model` 。
有关详细信息,请查看: `应用抑制隐私机制保护用户隐私 <https://mindspore.cn/mindarmour/docs/zh-CN/master/protect_user_privacy_with_suppress_privacy.html#%E5%BC%95%E5%85%A5%E6%8A%91%E5%88%B6%E9%9A%90%E7%A7%81%E8%AE%AD%E7%BB%83>`_。
参数:
- **network** (Cell) - 要训练的神经网络模型。
- **loss_fn** (Cell) - 优化器的损失函数。
- **optimizer** (Optimizer) - 优化器实例。
- **kwargs** - 创建抑制模型时使用的关键字参数。
.. py:method:: link_suppress_ctrl(suppress_pri_ctrl)
SuppressCtrl实例关联到SuppressModel实例。
参数:
- **suppress_pri_ctrl** (SuppressCtrl) - SuppressCtrl实例。
.. py:class:: mindarmour.privacy.sup_privacy.SuppressPrivacyFactory
SuppressCtrl机制的工厂类。
详情请查看: `应用抑制隐私机制保护用户隐私 <https://mindspore.cn/mindarmour/docs/zh-CN/master/protect_user_privacy_with_suppress_privacy.html#%E5%BC%95%E5%85%A5%E6%8A%91%E5%88%B6%E9%9A%90%E7%A7%81%E8%AE%AD%E7%BB%83>`_。
.. py:method:: create(networks, mask_layers, policy='local_train', end_epoch=10, batch_num=20, start_epoch=3, mask_times=1000, lr=0.05, sparse_end=0.90, sparse_start=0.0)
:abstractmethod:
参数:
- **networks** (Cell) - 要训练的神经网络模型。此网络参数应与SuppressModel()的'network'参数相同。
- **mask_layers** (list) - 需要抑制的训练网络层的描述。
- **policy** (str) - 抑制隐私训练的训练策略。默认值: ``"local_train"``,表示本地训练。
- **end_epoch** (int) - 最后一次抑制操作对应的epoch序号,0<start_epoch<=end_epoch<=100。默认值:``10``。此参数应与 `mindspore.train.model.train()` 的 `epoch` 参数相同。
- **batch_num** (int) - 一个epoch中批次的数量,应等于num_samples/batch_size。默认值:``20``。
- **start_epoch** (int) - 第一个抑制操作对应的epoch序号,0<start_epoch<=end_epoch<=100。默认值:``3``。
- **mask_times** (int) - 抑制操作的数量。默认值:``1000``。
- **lr** (Union[float, int]) - 学习率,在训练期间应保持不变。0<lr<=0.50. 默认值:0.05。此lr参数应与 `mindspore.nn.SGD()` 的 `learning_rate` 参数相同。
- **sparse_end** (float) - 要到达的稀疏性,0.0<=sparse_start<sparse_end<1.0。默认值:``0.90``。
- **sparse_start** (Union[float, int]) - 抑制操作启动时对应的稀疏性,0.0<=sparse_start<sparse_end<1.0。默认值:``0.0``。
返回:
- **SuppressCtrl** - 抑制隐私机制的类。
.. py:class:: mindarmour.privacy.sup_privacy.SuppressCtrl(networks, mask_layers, end_epoch, batch_num, start_epoch, mask_times, lr, sparse_end, sparse_start)
完成抑制隐私操作,包括计算抑制比例,找到应该抑制的参数,并永久抑制这些参数。
详情请查看: `应用抑制隐私机制保护用户隐私 <https://mindspore.cn/mindarmour/docs/zh-CN/master/protect_user_privacy_with_suppress_privacy.html#%E5%BC%95%E5%85%A5%E6%8A%91%E5%88%B6%E9%9A%90%E7%A7%81%E8%AE%AD%E7%BB%83>`_。
参数:
- **networks** (Cell) - 要训练的神经网络模型。
- **mask_layers** (list) - 需要抑制的层的描述。
- **end_epoch** (int) - 最后一次抑制操作对应的epoch序号。
- **batch_num** (int) - 一个epoch中的batch数量。
- **start_epoch** (int) - 第一个抑制操作对应的epoch序号。
- **mask_times** (int) - 抑制操作的数量。
- **lr** (Union[float, int]) - 学习率。
- **sparse_end** (float) - 要到达的稀疏性。
- **sparse_start** (Union[float, int]) - 要启动的稀疏性。
.. py:method:: calc_actual_sparse_for_conv(networks)
计算con1层和con2层的网络稀疏性。
参数:
- **networks** (Cell) - 要训练的神经网络模型。
.. py:method:: calc_actual_sparse_for_fc1(networks)
计算全连接1层的实际稀疏
参数:
- **networks** (Cell) - 要训练的神经网络模型。
.. py:method:: calc_actual_sparse_for_layer(networks, layer_name)
计算一个网络层的实际稀疏性
参数:
- **networks** (Cell) - 要训练的神经网络模型。
- **layer_name** (str) - 目标层的名称。
.. py:method:: calc_theoretical_sparse_for_conv()
计算卷积层的掩码矩阵的实际稀疏性。
.. py:method:: print_paras()
显示参数信息
.. py:method:: reset_zeros()
将用于加法运算的掩码数组设置为0。
.. py:method:: update_mask(networks, cur_step, target_sparse=0.0)
对整个模型的用于加法运算和乘法运算的掩码数组进行更新。
参数:
- **networks** (Cell) - 训练网络。
- **cur_step** (int) - 整个训练过程的当前epoch。
- **target_sparse** (float) - 要到达的稀疏性。默认值:``0.0``。
.. py:method:: update_mask_layer(weight_array_flat, sparse_weight_thd, sparse_stop_pos, weight_abs_max, layer_index)
对单层的用于加法运算和乘法运算的掩码数组进行更新。
参数:
- **weight_array_flat** (numpy.ndarray) - 层参数权重数组。
- **sparse_weight_thd** (float) - 绝对值小于该阈值的权重会被抑制。
- **sparse_stop_pos** (int) - 要抑制的最大元素数。
- **weight_abs_max** (float) - 权重的最大绝对值。
- **layer_index** (int) - 目标层的索引。
.. py:method:: update_mask_layer_approximity(weight_array_flat, weight_array_flat_abs, actual_stop_pos, layer_index)
对单层的用于加法运算和乘法运算的掩码数组进行更新。
禁用clipping lower、clipping、adding noise操作。
参数:
- **weight_array_flat** (numpy.ndarray) - 层参数权重数组。
- **weight_array_flat_abs** (numpy.ndarray) - 层参数权重的绝对值的数组。
- **actual_stop_pos** (int) - 应隐藏实际参数编号。
- **layer_index** (int) - 目标层的索引。
.. py:method:: update_status(cur_epoch, cur_step, cur_step_in_epoch)
更新抑制操作状态。
参数:
- **cur_epoch** (int) - 整个训练过程的当前epoch。
- **cur_step** (int) - 整个训练过程的当前步骤。
- **cur_step_in_epoch** (int) - 当前epoch的当前步骤。
.. py:class:: mindarmour.privacy.sup_privacy.MaskLayerDes(layer_name, grad_idx, is_add_noise, is_lower_clip, min_num, upper_bound=1.20)
对抑制目标层的描述。
参数:
- **layer_name** (str) - 层名称,如下获取一个层的名称:
.. code-block::
for layer in networks.get_parameters(expand=True):
if layer.name == "conv": ...
- **grad_idx** (int) - 掩码层在梯度元组中的索引。可参考 `model.py <https://gitee.com/mindspore/mindarmour/blob/master/mindarmour/privacy/sup_privacy/train/model.py>`_ 中TrainOneStepCell的构造函数,在PYNATIVE_MODE模式下打印某些层的索引值。
- **is_add_noise** (bool) - 如果为 ``True``,则此层的权重可以添加噪声。如果为 ``False``,则此层的权重不能添加噪声。如果参数num大于100000,则 `is_add_noise` 无效。
- **is_lower_clip** (bool) - 如果为 ``True``,则此层的权重将被剪裁到大于下限值。如果为 ``False``,此层的权重不会被要求大于下限制。如果参数num大于100000,则 `is_lower_clip` 无效。
- **min_num** (int) - 未抑制的剩余权重数。如果 `min_num` 小于(参数总数量 * `SupperssCtrl.sparse_end` ),则 `min_num` 无效。
- **upper_bound** (Union[float, int]) - 此层权重的最大abs值,默认值:``1.20``。如果参数num大于100000,则 `upper_bound` 无效。
================================================
FILE: docs/api/api_python/mindarmour.reliability.rst
================================================
mindarmour.reliability
======================
MindArmour的可靠性方法。
.. py:class:: mindarmour.reliability.FaultInjector(model, fi_type=None, fi_mode=None, fi_size=None)
故障注入模块模拟深度神经网络的各种故障场景,并评估模型的性能和可靠性。
详情请查看 `实现模型故障注入评估模型容错性 <https://mindspore.cn/mindarmour/docs/zh-CN/master/fault_injection.html>`_。
参数:
- **model** (Model) - 需要评估模型。
- **fi_type** (list) - 故障注入的类型,包括 ``'bitflips_random'`` (随机翻转)、 ``'bitflips_designated'`` (翻转关键位)、 ``'random'``、 ``'zeros'``、 ``'nan'``、 ``'inf'``、 ``'anti_activation'``、 ``'precision_loss'`` 等。
- **fi_mode** (list) - 故障注入的模式。可选值: ``'single_layer'``、 ``'all_layer'`` 。
- **fi_size** (list) - 故障注入的次数,表示需要注入多少值。
.. py:method:: kick_off(ds_data, ds_label, iter_times=100)
启动故障注入并返回最终结果。
参数:
- **ds_data** (np.ndarray) - 输入测试数据。评估基于这些数据。
- **ds_label** (np.ndarray) - 数据的标签,对应于数据。
- **iter_times** (int) - 评估数,这将决定批处理大小。
返回:
- **list** - 故障注入的结果。
.. py:method:: metrics()
最终结果的指标。
返回:
- **list** - 结果总结。
.. py:class:: mindarmour.reliability.ConceptDriftCheckTimeSeries(window_size=100, rolling_window=10, step=10, threshold_index=1.5, need_label=False)
概念漂移检查时间序列(ConceptDriftCheckTimeSeries)用于样本序列分布变化检测。
有关详细信息,请查看 `实现时序数据概念漂移检测应用
<https://mindspore.cn/mindarmour/docs/zh-CN/master/concept_drift_time_series.html>`_。
参数:
- **window_size** (int) - 概念窗口的大小,不小于10。如果给定输入数据, `window_size` 取值范围为[10, 1/3*len( `data` )]。
如果数据是周期性的,通常 `window_size` 等于2-5个周期。例如,对于月/周数据,30/7天的数据量是一个周期。默认值:``1.0``。
- **rolling_window** (int) - 平滑窗口大小,在[1, `window_size` ]中。默认值:``10``。
- **step** (int) - 滑动窗口的跳跃长度,取值范围为[1, `window_size` ]。默认值:``10``。
- **threshold_index** (float) - 阈值索引,:math:`(-\infty, +\infty)` 。默认值:``1.5``。
- **need_label** (bool) - 如果为 ``True``,则需要概念漂移标签。默认值:``False``。
.. py:method:: concept_check(data)
在数据序列中查找概念漂移位置。
参数:
- **data** (numpy.ndarray) - 输入数据。数据的shape可以是 :math:`(n,1)` 或 :math:`(n,m)`。
请注意,每列(m列)是一个数据序列。
返回:
- **numpy.ndarray** - 样本序列的概念漂移分数。
- **float** - 判断概念漂移的阈值。
- **list** - 概念漂移的位置。
.. py:class:: mindarmour.reliability.OodDetector(model, ds_train)
分布外检测器的抽象类。
参数:
- **model** (Model) - 训练模型。
- **ds_train** (numpy.ndarray) - 训练数据集。
.. py:method:: get_optimal_threshold(label, ds_eval)
获取最佳阈值。尝试找到一个最佳阈值来检测OOD样本。最佳阈值由标记的数据集 `ds_eval` 计算。
参数:
- **label** (numpy.ndarray) - 区分图像是否为分布内或分布外的标签。
- **ds_eval** (numpy.ndarray) - 帮助查找阈值的测试数据集。
返回:
- **float** - 最佳阈值。
.. py:method:: ood_predict(threshold, ds_test)
分布外(out-of-distribution,OOD)检测。此函数的目的是检测被视为 `ds_test` 的图像是否为OOD样本。如果一张图像的预测分数大于 `threshold` ,则该图像为分布外。
参数:
- **threshold** (float) - 判断ood数据的阈值。可以根据经验设置值,也可以使用函数get_optimal_threshold。
- **ds_test** (numpy.ndarray) - 测试数据集。
返回:
- **numpy.ndarray** - 检测结果。``0`` 表示数据不是ood,``1`` 表示数据是ood。
.. py:class:: mindarmour.reliability.OodDetectorFeatureCluster(model, ds_train, n_cluster, layer)
训练OOD检测器。提取训练数据特征,得到聚类中心。测试数据特征与聚类中心之间的距离确定图像是否为分布外(OOD)图像。
有关详细信息,请查看 `实现图像数据概念漂移检测应用 <https://mindspore.cn/mindarmour/docs/zh-CN/master/concept_drift_images.html>`_。
参数:
- **model** (Model) - 训练模型。
- **ds_train** (numpy.ndarray) - 训练数据集。
- **n_cluster** (int) - 聚类数量。取值属于[2,100]。
通常,`n_cluster` 等于训练数据集的类号。如果OOD检测器在测试数据集中性能较差,我们可以适当增加 `n_cluster` 的值。
- **layer** (str) - 特征层的名称。layer (str)由'name[:Tensor]'表示,其中'name'由用户在训练模型时给出。
请查看有关如何在'README.md'中命名模型层的更多详细信息。
.. py:method:: get_optimal_threshold(label, ds_eval)
获取最佳阈值。尝试找到一个最佳阈值来检测OOD样本。最佳阈值由标记的数据集 `ds_eval` 计算。
参数:
- **label** (numpy.ndarray) - 区分图像是否为分布内或分布外的标签。
- **ds_eval** (numpy.ndarray) - 帮助查找阈值的测试数据集。
返回:
- **float** - 最佳阈值。
.. py:method:: ood_predict(threshold, ds_test)
分布外(out-of-distribution,OOD)检测。此函数的目的是检测 `ds_test` 中的图像是否为OOD样本。如果一张图像的预测分数大于 `threshold` ,则该图像为分布外。
参数:
- **threshold** (float) - 判断ood数据的阈值。可以根据经验设置值,也可以使用函数get_optimal_threshold。
- **ds_test** (numpy.ndarray) - 测试数据集。
返回:
- **numpy.ndarray** - 检测结果。``0`` 表示数据不是ood,``1`` 表示数据是ood。
================================================
FILE: docs/api/api_python/mindarmour.rst
================================================
mindarmour
==========
MindArmour是MindSpore的工具箱,用于增强模型可信,实现隐私保护机器学习。
.. py:class:: mindarmour.Attack
所有通过创建对抗样本的攻击类的抽象基类。
对抗样本是通过向原始样本添加对抗噪声来生成的。
.. py:method:: batch_generate(inputs, labels, batch_size=64)
根据输入样本及其标签来批量生成对抗样本。
参数:
- **inputs** (Union[numpy.ndarray, tuple]) - 生成对抗样本的原始样本。
- **labels** (Union[numpy.ndarray, tuple]) - 原始/目标标签。若每个输入有多个标签,将它包装在元组中。
- **batch_size** (int) - 一个批次中的样本数。默认值:``64``。
返回:
- **numpy.ndarray** - 生成的对抗样本。
.. py:method:: generate(inputs, labels)
:abstractmethod:
根据正常样本及其标签生成对抗样本。
参数:
- **inputs** (Union[numpy.ndarray, tuple]) - 生成对抗样本的原始样本。
- **labels** (Union[numpy.ndarray, tuple]) - 原始/目标标签。若每个输入有多个标签,将它包装在元组中。
异常:
- **NotImplementedError** - 此为抽象方法。
.. py:class:: mindarmour.BlackModel
将目标模型视为黑盒的抽象类。模型应由用户定义。
.. py:method:: is_adversarial(data, label, is_targeted)
检查输入样本是否为对抗样本。
参数:
- **data** (numpy.ndarray) - 要检查的输入样本,通常是一些恶意干扰的样本。
- **label** (numpy.ndarray) - 对于目标攻击,标签是受扰动样本的预期标签。对于无目标攻击,标签是相应未扰动样本的原始标签。
- **is_targeted** (bool) - 对于有目标/无目标攻击,请选择 ``True`` / ``False``。
返回:
bool。
- 如果为 ``True``,则输入样本是对抗性的。
- 如果为 ``False``,则输入样本不是对抗性的。
.. py:method:: predict(inputs)
:abstractmethod:
使用用户指定的模型进行预测。预测结果的shape应该是 :math:`(m, n)`,其中n表示此模型分类的类数。
参数:
- **inputs** (numpy.ndarray) - 要预测的输入样本。
异常:
- **NotImplementedError** - 抽象方法未实现。
.. py:class:: mindarmour.Detector
所有对抗样本检测器的抽象基类。
.. py:method:: detect(inputs)
:abstractmethod:
从输入样本中检测对抗样本。
参数:
- **inputs** (Union[numpy.ndarray, list, tuple]) - 要检测的输入样本。
异常:
- **NotImplementedError** - 抽象方法未实现。
.. py:method:: detect_diff(inputs)
:abstractmethod:
计算输入样本和去噪样本之间的差值。
参数:
- **inputs** (Union[numpy.ndarray, list, tuple]) - 要检测的输入样本。
异常:
- **NotImplementedError** - 抽象方法未实现。
.. py:method:: fit(inputs, labels=None)
:abstractmethod:
拟合阈值,拒绝与去噪样本差异大于阈值的对抗样本。当应用于正常样本时,阈值由假正率决定。
参数:
- **inputs** (numpy.ndarray) - 用于计算阈值的输入样本。
- **labels** (numpy.ndarray) - 训练数据的标签。默认值:``None``。
异常:
- **NotImplementedError** - 抽象方法未实现。
.. py:method:: transform(inputs)
:abstractmethod:
过滤输入样本中的对抗性噪声。
参数:
- **inputs** (Union[numpy.ndarray, list, tuple]) - 要转换的输入样本。
异常:
- **NotImplementedError** - 抽象方法未实现。
.. py:class:: mindarmour.Defense(network)
所有防御类的抽象基类,用于防御对抗样本。
参数:
- **network** (Cell) - 要防御的MindSpore风格的深度学习模型。
.. py:method:: batch_defense(inputs, labels, batch_size=32, epochs=5)
对输入进行批量防御操作。
参数:
- **inputs** (numpy.ndarray) - 生成对抗样本的原始样本。
- **labels** (numpy.ndarray) - 输入样本的标签。
- **batch_size** (int) - 一个批次中的样本数。默认值:``32``。
- **epochs** (int) - epochs的数量。默认值:``5``。
返回:
- **numpy.ndarray** - `batch_defense` 操作的损失。
异常:
- **ValueError** - `batch_size` 为 ``0``。
.. py:method:: defense(inputs, labels)
:abstractmethod:
对输入进行防御操作。
参数:
- **inputs** (numpy.ndarray) - 生成对抗样本的原始样本。
- **labels** (numpy.ndarray) - 输入样本的标签。
异常:
- **NotImplementedError** - 抽象方法未实现。
================================================
FILE: docs/api/api_python/mindarmour.utils.rst
================================================
mindarmour.utils
================
MindArmour的工具方法。
.. py:class:: mindarmour.utils.LogUtil
日志记录模块。
在长期运行的脚本中记录随时间推移的日志统计信息。
异常:
- **SyntaxError** - 创建此类异常。
.. py:method:: add_handler(handler)
添加日志模块支持的其他处理程序。
参数:
- **handler** (logging.Handler) - 日志模块支持的其他处理程序。
异常:
- **ValueError** - 输入handler不是logging.Handler的实例。
.. py:method:: debug(tag, msg, *args)
记录'[tag] msg % args',严重性为'DEBUG'。
参数:
- **tag** (str) - Logger标记。
- **msg** (str) - Logger消息。
- **args** (Any) - 辅助值。
.. py:method:: error(tag, msg, *args)
记录'[tag] msg % args',严重性为'ERROR'。
参数:
- **tag** (str) - Logger标记。
- **msg** (str) - Logger消息。
- **args** (Any) - 辅助值。
.. py:method:: get_instance()
:abstractmethod:
获取类 `LogUtil` 的实例。
返回:
- **Object** - 类 `LogUtil` 的实例。
.. py:method:: info(tag, msg, *args)
记录'[tag] msg % args',严重性为'INFO'。
参数:
- **tag** (str) - Logger标记。
- **msg** (str) - Logger消息。
- **args** (Any) - 辅助值。
.. py:method:: set_level(level)
设置此logger的日志级别,级别必须是整数或字符串。支持的级别为 ``'NOTSET'(integer: 0)``、``'ERROR'(integer: 1-40)``、``'WARNING'('WARN', integer: 1-30)``、``'INFO'(integer: 1-20)`` 以及 ``'DEBUG'(integer: 1-10)``。
例如,如果logger.set_level('WARNING')或logger.set_level(21),则在运行时将打印脚本中的logger.warn()和logger.error(),而logger.info()或logger.debug()将不会打印。
参数:
- **level** (Union[int, str]) - logger的级别。
.. py:method:: warn(tag, msg, *args)
记录'[tag] msg % args',严重性为'WARNING'。
参数:
- **tag** (str) - Logger标记。
- **msg** (str) - Logger消息。
- **args** (Any) - 辅助值。
.. py:class:: mindarmour.utils.GradWrapWithLoss(network)
构造一个网络来计算输入空间中损失函数的梯度,并由 `weight` 加权。
参数:
- **network** (Cell) - 要包装的目标网络。
.. py:method:: construct(inputs, labels)
使用标签和权重计算 `inputs` 的梯度。
参数:
- **inputs** (Tensor) - 网络的输入。
- **labels** (Tensor) - 输入的标签。
返回:
- **Tensor** - 梯度矩阵。
.. py:class:: mindarmour.utils.GradWrap(network)
构建一个网络,以计算输入空间中网络输出的梯度,并由 `weight` 加权,表示为雅可比矩阵。
参数:
- **network** (Cell) - 要包装的目标网络。
.. py:method:: construct(*data)
计算雅可比矩阵(jacobian matrix)。
参数:
- **data** (Tensor) - 数据由输入和权重组成。
- inputs: 网络的输入。
- weight: 每个梯度的权重,'weight'与'labels'的shape相同。
返回:
- **Tensor** - 雅可比矩阵。
================================================
FILE: docs/api/api_python_en/mindarmour.adv_robustness.attacks.rst
================================================
mindarmour.adv_robustness.attacks
=================================
.. automodule:: mindarmour.adv_robustness.attacks
:members:
================================================
FILE: docs/api/api_python_en/mindarmour.adv_robustness.defenses.rst
================================================
mindarmour.adv_robustness.defenses
==================================
.. automodule:: mindarmour.adv_robustness.defenses
:members:
================================================
FILE: docs/api/api_python_en/mindarmour.adv_robustness.detectors.rst
================================================
mindarmour.adv_robustness.detectors
===================================
.. automodule:: mindarmour.adv_robustness.detectors
:members:
================================================
FILE: docs/api/api_python_en/mindarmour.adv_robustness.evaluations.rst
================================================
mindarmour.adv_robustness.evaluations
=====================================
.. automodule:: mindarmour.adv_robustness.evaluations
:members:
================================================
FILE: docs/api/api_python_en/mindarmour.fuzz_testing.rst
================================================
mindarmour.fuzz_testing
=======================
.. automodule:: mindarmour.fuzz_testing
:members:
================================================
FILE: docs/api/api_python_en/mindarmour.natural_robustness.transform.image.rst
================================================
mindarmour.natural_robustness.transform.image
=============================================
.. automodule:: mindarmour.natural_robustness.transform.image
:members:
================================================
FILE: docs/api/api_python_en/mindarmour.privacy.diff_privacy.rst
================================================
mindarmour.privacy.diff_privacy
===============================
.. automodule:: mindarmour.privacy.diff_privacy
:members:
================================================
FILE: docs/api/api_python_en/mindarmour.privacy.evaluation.rst
================================================
mindarmour.privacy.evaluation
=============================
.. automodule:: mindarmour.privacy.evaluation
:members:
================================================
FILE: docs/api/api_python_en/mindarmour.privacy.sup_privacy.rst
================================================
mindarmour.privacy.sup_privacy
===============================
.. automodule:: mindarmour.privacy.sup_privacy
:members:
================================================
FILE: docs/api/api_python_en/mindarmour.reliability.rst
================================================
mindarmour.reliability
======================
.. automodule:: mindarmour.reliability
:members:
================================================
FILE: docs/api/api_python_en/mindarmour.rst
================================================
mindarmour
==========
.. automodule:: mindarmour
:members:
:exclude-members: SuppressModel, SuppressMasker, SuppressCtrl, Fuzzer, DPModel, MembershipInference, ImageInversionAttack, ConceptDriftCheckTimeSeries
================================================
FILE: docs/api/api_python_en/mindarmour.utils.rst
================================================
mindarmour.utils
================
.. automodule:: mindarmour.utils
:members:
================================================
FILE: examples/README.md
================================================
# Examples
## Introduction
This package includes application demos for all developed tools of MindArmour. Through these demos, you will soon
master those tools of MindArmour. Let's Start!
## Preparation
Most of those demos are implemented based on LeNet5 and MNIST dataset. As a preparation, we should download MNIST and
train a LeNet5 model first.
### 1. download dataset
The MNIST database of handwritten digits has a training set of 60,000 examples, and a test set of 10,000 examples
. It is a subset of a larger set available from MNIST. The digits have been size-normalized and centered in a fixed-size image.
```sh
cd examples/common/dataset
mkdir MNIST
cd MNIST
mkdir train
mkdir test
cd train
wget "http://yann.lecun.com/exdb/mnist/train-images-idx3-ubyte.gz"
wget "http://yann.lecun.com/exdb/mnist/train-labels-idx1-ubyte.gz"
gzip train-images-idx3-ubyte.gz -d
gzip train-labels-idx1-ubyte.gz -d
cd ../test
wget "http://yann.lecun.com/exdb/mnist/t10k-images-idx3-ubyte.gz"
wget "http://yann.lecun.com/exdb/mnist/t10k-labels-idx1-ubyte.gz"
gzip t10k-images-idx3-ubyte.gz -d
gzip t10k-labels-idx1-ubyte.gz -d
```
### 2. trian LeNet5 model
After training the network, you will obtain a group of ckpt files. Those ckpt files save the trained model parameters
of LeNet5, which can be used in 'examples/ai_fuzzer' and 'examples/model_security'.
```sh
cd examples/common/networks/lenet5
python mnist_train.py
```
================================================
FILE: examples/__init__.py
================================================
# Copyright 2020 Huawei Technologies Co., Ltd
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
"""
This package includes real application examples for developed features of MindArmour.
"""
================================================
FILE: examples/ai_fuzzer/README.md
================================================
# Application demos of model fuzzing
## Introduction
The same as the traditional software fuzz testing, we can also design fuzz test for AI models. Compared to
branch coverage or line coverage of traditional software, some people propose the
concept of 'neuron coverage' based on the unique structure of deep neural network. We can use the neuron coverage
as a guide to search more metamorphic inputs to test our models.
## 1. calculation of neuron coverage
There are five metrics proposed for evaluating the neuron coverage of a test:NC, Effective NC, KMNC, NBC and SNAC.
Usually we need to feed all the training dataset into the model first, and record the output range of all neurons
(however, in KMNC, NBC and SNAC, only the last layer of neurons are recorded in our method). In the testing phase,
we feed test samples into the model, and calculate those three metrics mentioned above according to those neurons'
output distribution.
```sh
cd examples/ai_fuzzer/
python lenet5_mnist_coverage.py
```
## 2. fuzz test for AI model
We have provided several types of methods for manipulating metamorphic inputs: affine transformation, pixel
transformation and adversarial attacks. Usually we feed the original samples into the fuzz function as seeds, and
then metamorphic samples are generated through iterative manipulations.
```sh
cd examples/ai_fuzzer/
python lenet5_mnist_fuzzing.py
```
================================================
FILE: examples/ai_fuzzer/__init__.py
================================================
================================================
FILE: examples/ai_fuzzer/fuzz_testing_and_model_enhense.py
================================================
# Copyright 2019 Huawei Technologies Co., Ltd
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
"""
An example of fuzz testing and then enhance non-robustness model.
"""
import random
import numpy as np
import mindspore
from mindspore import Model
from mindspore import context
from mindspore import Tensor
from mindspore.train.serialization import load_checkpoint, load_param_into_net
from mindspore.nn import SoftmaxCrossEntropyWithLogits
from mindspore.nn.optim.momentum import Momentum
from mindarmour.adv_robustness.defenses import AdversarialDefense
from mindarmour.fuzz_testing import Fuzzer
from mindarmour.fuzz_testing import KMultisectionNeuronCoverage
from mindarmour.utils.logger import LogUtil
from examples.common.dataset.data_processing import generate_mnist_dataset
from examples.common.networks.lenet5.lenet5_net_for_fuzzing import LeNet5
LOGGER = LogUtil.get_instance()
TAG = 'Fuzz_testing and enhance model'
LOGGER.set_level('INFO')
def split_dataset(image, label, proportion):
"""
Split the generated fuzz data into train and test set.
"""
indices = np.arange(len(image))
random.shuffle(indices)
train_length = int(len(image) * proportion)
train_image = [image[i] for i in indices[:train_length]]
train_label = [label[i] for i in indices[:train_length]]
test_image = [image[i] for i in indices[:train_length]]
test_label = [label[i] for i in indices[:train_length]]
return train_image, train_label, test_image, test_label
def example_lenet_mnist_fuzzing():
"""
An example of fuzz testing and then enhance the non-robustness model.
"""
# upload trained network
ckpt_path = '../common/networks/lenet5/trained_ckpt_file/checkpoint_lenet-10_1875.ckpt'
net = LeNet5()
load_dict = load_checkpoint(ckpt_path)
load_param_into_net(net, load_dict)
model = Model(net)
mutate_config = [
{'method': 'GaussianBlur',
'params': {'ksize': [1, 2, 3, 5], 'auto_param': [True, False]}},
{'method': 'MotionBlur',
'params': {'degree': [1, 2, 5], 'angle': [45, 10, 100, 140, 210, 270, 300], 'auto_param': [True]}},
{'method': 'GradientBlur',
'params': {'point': [[10, 10]], 'auto_param': [True]}},
{'method': 'UniformNoise',
'params': {'factor': [0.1, 0.2, 0.3], 'auto_param': [False, True]}},
{'method': 'GaussianNoise',
'params': {'factor': [0.1, 0.2, 0.3], 'auto_param': [False, True]}},
{'method': 'SaltAndPepperNoise',
'params': {'factor': [0.1, 0.2, 0.3], 'auto_param': [False, True]}},
{'method': 'NaturalNoise',
'params': {'ratio': [0.1], 'k_x_range': [(1, 3), (1, 5)], 'k_y_range': [(1, 5)], 'auto_param': [False, True]}},
{'method': 'Contrast',
'params': {'alpha': [0.5, 1, 1.5], 'beta': [-10, 0, 10], 'auto_param': [False, True]}},
{'method': 'GradientLuminance',
'params': {'color_start': [(0, 0, 0)], 'color_end': [(255, 255, 255)], 'start_point': [(10, 10)],
'scope': [0.5], 'pattern': ['light'], 'bright_rate': [0.3], 'mode': ['circle'],
'auto_param': [False, True]}},
{'method': 'Translate',
'params': {'x_bias': [0, 0.05, -0.05], 'y_bias': [0, -0.05, 0.05], 'auto_param': [False, True]}},
{'method': 'Scale',
'params': {'factor_x': [1, 0.9], 'factor_y': [1, 0.9], 'auto_param': [False, True]}},
{'method': 'Shear',
'params': {'factor': [0.2, 0.1], 'direction': ['horizontal', 'vertical'], 'auto_param': [False, True]}},
{'method': 'Rotate',
'params': {'angle': [20, 90], 'auto_param': [False, True]}},
{'method': 'Perspective',
'params': {'ori_pos': [[[0, 0], [0, 800], [800, 0], [800, 800]]],
'dst_pos': [[[50, 0], [0, 800], [780, 0], [800, 800]]], 'auto_param': [False, True]}},
{'method': 'Curve',
'params': {'curves': [5], 'depth': [2], 'mode': ['vertical'], 'auto_param': [False, True]}},
{'method': 'FGSM',
'params': {'eps': [0.3, 0.2, 0.4], 'alpha': [0.1], 'bounds': [(0, 1)]}}]
# get training data
data_list = "../common/dataset/MNIST/train"
batch_size = 32
ds = generate_mnist_dataset(data_list, batch_size, sparse=False)
train_images = []
for data in ds.create_tuple_iterator(output_numpy=True):
images = data[0].astype(np.float32)
train_images.append(images)
train_images = np.concatenate(train_images, axis=0)
segmented_num = 100
# fuzz test with original test data
data_list = "../common/dataset/MNIST/test"
batch_size = batch_size
init_samples = 50
max_iters = 500
mutate_num_per_seed = 10
ds = generate_mnist_dataset(data_list, batch_size=batch_size, num_samples=init_samples, sparse=False)
test_images = []
test_labels = []
for data in ds.create_tuple_iterator(output_numpy=True):
test_images.append(data[0].astype(np.float32))
test_labels.append(data[1])
test_images = np.concatenate(test_images, axis=0)
test_labels = np.concatenate(test_labels, axis=0)
coverage = KMultisectionNeuronCoverage(model, train_images, segmented_num=segmented_num, incremental=True)
kmnc = coverage.get_metrics(test_images[:100])
print('kmnc: ', kmnc)
# make initial seeds
initial_seeds = []
for img, label in zip(test_images, test_labels):
initial_seeds.append([img, label])
model_fuzz_test = Fuzzer(model)
gen_samples, gt, _, _, metrics = model_fuzz_test.fuzzing(mutate_config,
initial_seeds, coverage,
evaluate=True,
max_iters=max_iters,
mutate_num_per_seed=mutate_num_per_seed)
if metrics:
for key in metrics:
LOGGER.info(TAG, key + ': %s', metrics[key])
train_image, train_label, test_image, test_label = split_dataset(gen_samples, gt, 0.7)
# load model B and test it on the test set
ckpt_path = '../common/networks/lenet5/trained_ckpt_file/checkpoint_lenet-10_1875.ckpt'
net = LeNet5()
load_dict = load_checkpoint(ckpt_path)
load_param_into_net(net, load_dict)
model_b = Model(net)
pred_b = model_b.predict(Tensor(test_image, dtype=mindspore.float32)).asnumpy()
acc_b = np.sum(np.argmax(pred_b, axis=1) == np.argmax(test_label, axis=1)) / len(test_label)
print('Accuracy of model B on test set is ', acc_b)
# enhense model robustness
lr = 0.001
momentum = 0.9
loss_fn = SoftmaxCrossEntropyWithLogits(sparse=True)
optimizer = Momentum(net.trainable_params(), lr, momentum)
adv_defense = AdversarialDefense(net, loss_fn, optimizer)
adv_defense.batch_defense(np.array(train_image).astype(np.float32), np.argmax(train_label, axis=1).astype(np.int32))
preds_en = net(Tensor(test_image, dtype=mindspore.float32)).asnumpy()
acc_en = np.sum(np.argmax(preds_en, axis=1) == np.argmax(test_label, axis=1)) / len(test_label)
print('Accuracy of enhensed model on test set is ', acc_en)
if __name__ == '__main__':
# device_target can be "CPU", "GPU" or "Ascend"
context.set_context(mode=context.GRAPH_MODE, device_target="CPU")
example_lenet_mnist_fuzzing()
================================================
FILE: examples/ai_fuzzer/lenet5_mnist_coverage.py
================================================
# Copyright 2019 Huawei Technologies Co., Ltd
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
import numpy as np
from mindspore import Model
from mindspore import context
from mindspore.train.serialization import load_checkpoint, load_param_into_net
from mindarmour.fuzz_testing.model_coverage_metrics import NeuronCoverage, TopKNeuronCoverage, NeuronBoundsCoverage,\
SuperNeuronActivateCoverage, KMultisectionNeuronCoverage
from mindarmour.utils.logger import LogUtil
from examples.common.dataset.data_processing import generate_mnist_dataset
from examples.common.networks.lenet5.lenet5_net_for_fuzzing import LeNet5
LOGGER = LogUtil.get_instance()
TAG = 'Neuron coverage test'
LOGGER.set_level('INFO')
def test_lenet_mnist_coverage():
# upload trained network
ckpt_path = '../common/networks/lenet5/trained_ckpt_file/checkpoint_lenet-10_1875.ckpt'
net = LeNet5()
load_dict = load_checkpoint(ckpt_path)
load_param_into_net(net, load_dict)
model = Model(net)
# get training data
data_list = "../common/dataset/MNIST/train"
batch_size = 32
ds = generate_mnist_dataset(data_list, batch_size, sparse=True)
train_images = []
for data in ds.create_tuple_iterator(output_numpy=True):
images = data[0].astype(np.float32)
train_images.append(images)
train_images = np.concatenate(train_images, axis=0)
# fuzz test with original test data
# get test data
data_list = "../common/dataset/MNIST/test"
batch_size = 32
ds = generate_mnist_dataset(data_list, batch_size, sparse=True)
test_images = []
test_labels = []
for data in ds.create_tuple_iterator(output_numpy=True):
images = data[0].astype(np.float32)
labels = data[1]
test_images.append(images)
test_labels.append(labels)
test_images = np.concatenate(test_images, axis=0)
# initialize fuzz test with training dataset
nc = NeuronCoverage(model, threshold=0.1)
nc_metric = nc.get_metrics(test_images)
tknc = TopKNeuronCoverage(model, top_k=3)
tknc_metrics = tknc.get_metrics(test_images)
snac = SuperNeuronActivateCoverage(model, train_images)
snac_metrics = snac.get_metrics(test_images)
nbc = NeuronBoundsCoverage(model, train_images)
nbc_metrics = nbc.get_metrics(test_images)
kmnc = KMultisectionNeuronCoverage(model, train_images, segmented_num=100)
kmnc_metrics = kmnc.get_metrics(test_images)
print('KMNC of this test is: ', kmnc_metrics)
print('NBC of this test is: ', nbc_metrics)
print('SNAC of this test is: ', snac_metrics)
print('NC of this test is: ', nc_metric)
print('TKNC of this test is: ', tknc_metrics)
if __name__ == '__main__':
# device_target can be "CPU", "GPU" or "Ascend"
context.set_context(mode=context.GRAPH_MODE, device_target="CPU")
test_lenet_mnist_coverage()
================================================
FILE: examples/ai_fuzzer/lenet5_mnist_fuzzing.py
================================================
# Copyright 2019 Huawei Technologies Co., Ltd
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
import numpy as np
from mindspore import Model
from mindspore import context
from mindspore import load_checkpoint, load_param_into_net
from mindarmour.fuzz_testing import Fuzzer
from mindarmour.fuzz_testing import KMultisectionNeuronCoverage
from mindarmour.utils import LogUtil
from examples.common.dataset.data_processing import generate_mnist_dataset
from examples.common.networks.lenet5.lenet5_net_for_fuzzing import LeNet5
LOGGER = LogUtil.get_instance()
TAG = 'Fuzz_test'
LOGGER.set_level('INFO')
def test_lenet_mnist_fuzzing():
# upload trained network
ckpt_path = '../common/networks/lenet5/trained_ckpt_file/checkpoint_lenet-10_1875.ckpt'
net = LeNet5()
load_dict = load_checkpoint(ckpt_path)
load_param_into_net(net, load_dict)
model = Model(net)
mutate_config = [
{'method': 'GaussianBlur',
'params': {'ksize': [1, 2, 3, 5],
'auto_param': [True, False]}},
{'method': 'MotionBlur',
'params': {'degree': [1, 2, 5], 'angle': [45, 10, 100, 140, 210, 270, 300], 'auto_param': [True]}},
{'method': 'GradientBlur',
'params': {'point': [[10, 10]], 'auto_param': [True]}},
{'method': 'UniformNoise',
'params': {'factor': [0.1, 0.2, 0.3], 'auto_param': [False, True]}},
{'method': 'GaussianNoise',
'params': {'factor': [0.1, 0.2, 0.3], 'auto_param': [False, True]}},
{'method': 'SaltAndPepperNoise',
'params': {'factor': [0.1, 0.2, 0.3], 'auto_param': [False, True]}},
{'method': 'NaturalNoise',
'params': {'ratio': [0.1, 0.2, 0.3], 'k_x_range': [(1, 3), (1, 5)], 'k_y_range': [(1, 5)],
'auto_param': [False, True]}},
{'method': 'Contrast',
'params': {'alpha': [0.5, 1, 1.5], 'beta': [-10, 0, 10], 'auto_param': [False, True]}},
{'method': 'GradientLuminance',
'params': {'color_start': [(0, 0, 0)], 'color_end': [(255, 255, 255)], 'start_point': [(10, 10)],
'scope': [0.5], 'pattern': ['light'], 'bright_rate': [0.3], 'mode': ['circle'],
'auto_param': [False, True]}},
{'method': 'Translate',
'params': {'x_bias': [0, 0.05, -0.05], 'y_bias': [0, -0.05, 0.05], 'auto_param': [False, True]}},
{'method': 'Scale',
'params': {'factor_x': [1, 0.9], 'factor_y': [1, 0.9], 'auto_param': [False, True]}},
{'method': 'Shear',
'params': {'factor': [0.2, 0.1], 'direction': ['horizontal', 'vertical'], 'auto_param': [False, True]}},
{'method': 'Rotate',
'params': {'angle': [20, 90], 'auto_param': [False, True]}},
{'method': 'Perspective',
'params': {'ori_pos': [[[0, 0], [0, 800], [800, 0], [800, 800]]],
'dst_pos': [[[50, 0], [0, 800], [780, 0], [800, 800]]], 'auto_param': [False, True]}},
{'method': 'Curve',
'params': {'curves': [5], 'depth': [2], 'mode': ['vertical'], 'auto_param': [False, True]}},
{'method': 'FGSM',
'params': {'eps': [0.3, 0.2, 0.4], 'alpha': [0.1], 'bounds': [(0, 1)]}},
{'method': 'PGD',
'params': {'eps': [0.1, 0.2, 0.4], 'eps_iter': [0.05, 0.1], 'nb_iter': [1, 3]}},
{'method': 'MDIIM',
'params': {'eps': [0.1, 0.2, 0.4], 'prob': [0.5, 0.1],
'norm_level': [1, 2, '1', '2', 'l1', 'l2', 'inf', 'np.inf', 'linf']}}
]
# get training data
data_list = "../common/dataset/MNIST/train"
batch_size = 32
ds = generate_mnist_dataset(data_list, batch_size, sparse=False)
train_images = []
for data in ds.create_tuple_iterator(output_numpy=True):
images = data[0].astype(np.float32)
train_images.append(images)
train_images = np.concatenate(train_images, axis=0)
# fuzz test with original test data
# get test data
data_list = "../common/dataset/MNIST/test"
batch_size = 32
ds = generate_mnist_dataset(data_list, batch_size, sparse=False)
test_images = []
test_labels = []
for data in ds.create_tuple_iterator(output_numpy=True):
images = data[0].astype(np.float32)
labels = data[1]
test_images.append(images)
test_labels.append(labels)
test_images = np.concatenate(test_images, axis=0)
test_labels = np.concatenate(test_labels, axis=0)
initial_seeds = []
# make initial seeds
for img, label in zip(test_images, test_labels):
initial_seeds.append([img, label])
coverage = KMultisectionNeuronCoverage(model, train_images, segmented_num=100, incremental=True)
kmnc = coverage.get_metrics(test_images[:100])
print('KMNC of initial seeds is: ', kmnc)
initial_seeds = initial_seeds[:100]
model_fuzz_test = Fuzzer(model)
_, _, _, _, metrics = model_fuzz_test.fuzzing(mutate_config,
initial_seeds, coverage,
evaluate=True,
max_iters=10,
mutate_num_per_seed=20)
if metrics:
for key in metrics:
print(key + ': ', metrics[key])
if __name__ == '__main__':
# device_target can be "CPU"GPU, "" or "Ascend"
context.set_context(mode=context.GRAPH_MODE, device_target="CPU")
test_lenet_mnist_fuzzing()
================================================
FILE: examples/ai_fuzzer/lenet5_mnist_scc.py
================================================
# Copyright 2019 Huawei Technologies Co., Ltd
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
"""
A sample example for SCC.
"""
import numpy as np
import mindspore
from mindspore import Model
from mindspore import nn
from mindspore.dataset import vision, transforms
from mindspore.dataset import MnistDataset
from mindspore.common.initializer import TruncatedNormal
from mindspore.ops import operations as P
from mindspore.ops import TensorSummary
from mindarmour.fuzz_testing.fuzzing import SensitivityMaximizingFuzzer
from mindarmour.fuzz_testing.sensitivity_convergence_coverage import SensitivityConvergenceCoverage
def datapipe(path):
"""Prepare and return the MNIST dataset."""
image_transforms = [
vision.Rescale(1.0 / 255.0, 0),
vision.HWC2CHW()
]
label_transform = transforms.TypeCast(mindspore.int32)
dataset = MnistDataset(path)
dataset = dataset.map(image_transforms, 'image')
dataset = dataset.map(label_transform, 'label')
dataset = dataset.batch(100)
return dataset
class Net(nn.Cell):
"""Convolutional neural network model."""
def __init__(self):
super().__init__()
self.conv1 = nn.Conv2d(1, 6, 4, padding=0, weight_init=TruncatedNormal(0.02), pad_mode="valid")
self.conv2 = nn.Conv2d(6, 16, 4, padding=0, weight_init=TruncatedNormal(0.02), pad_mode="valid")
self.fc1 = nn.Dense(16 * 4 * 4, 120, TruncatedNormal(0.02), TruncatedNormal(0.02))
self.fc2 = nn.Dense(120, 84, TruncatedNormal(0.02), TruncatedNormal(0.02))
self.fc3 = nn.Dense(84, 10, TruncatedNormal(0.02), TruncatedNormal(0.02))
self.relu = nn.ReLU()
self.max_pool2d = nn.MaxPool2d(kernel_size=2, stride=2)
self.reshape = P.Reshape()
self.summary = TensorSummary()
def construct(self, x):
"""Construct the network."""
x = self.conv1(x)
x = self.relu(x)
self.summary('conv1', x)
x = self.max_pool2d(x)
x = self.conv2(x)
x = self.relu(x)
self.summary('conv2', x)
x = self.max_pool2d(x)
x = self.reshape(x, (-1, 16 * 4 * 4))
x = self.fc1(x)
x = self.relu(x)
self.summary('fc1', x)
x = self.fc2(x)
x = self.relu(x)
self.summary('fc2', x)
x = self.fc3(x)
self.summary('fc3', x)
return x
model = Net()
param_dict = mindspore.load_checkpoint("model.ckpt")
mindspore.load_param_into_net(model, param_dict)
model = Model(model)
mutate_config = [{'method': 'GaussianBlur',
'params': {'ksize': [1, 2, 3, 5], 'auto_param': [True, False]}},
{'method': 'MotionBlur',
'params': {'degree': [1, 2, 5], 'angle': [45, 10, 100, 140, 210, 270, 300]}},
{'method': 'UniformNoise',
'params': {'factor': [0.1, 0.2, 0.3], 'auto_param': [False, True]}},
{'method': 'GaussianNoise',
'params': {'factor': [0.1, 0.2, 0.3], 'auto_param': [False, True]}},
{'method': 'Contrast',
'params': {'alpha': [0.5, 1, 1.5], 'beta': [-10, 0, 10], 'auto_param': [False, True]}},
{'method': 'Rotate',
'params': {'angle': [20, 90], 'auto_param': [False, True]}},
{'method': 'FGSM',
'params': {'eps': [0.3, 0.2, 0.4], 'alpha': [0.1], 'bounds': [(0, 1)]}}]
# make initial seeds
test_dataset = datapipe('MNIST_Data/test')
for data, label in test_dataset.create_tuple_iterator():
initial_data = data
initial_label = label
break
initial_seeds = []
for data, label in test_dataset.create_tuple_iterator():
initial_data = data
initial_label = label
break
for img, label in zip(initial_data, initial_label):
label_array = np.array([0 if i != label else 1 for i in range(10)])
initial_seeds.append([np.array(img).astype(np.float32), label_array.astype(np.float32)])
SCC = SensitivityConvergenceCoverage(model, batch_size=32)
print("SCC.get_metrics(initial_data)", SCC.get_metrics(initial_data))
model_fuzz_test = SensitivityMaximizingFuzzer(model)
samples, gt_labels, preds, strategies, metrics = model_fuzz_test.fuzzing(
mutate_config, initial_seeds, SCC, max_iters=10)
print(metrics)
================================================
FILE: examples/common/__init__.py
================================================
================================================
FILE: examples/common/dataset/__init__.py
================================================
================================================
FILE: examples/common/dataset/data_processing.py
================================================
# Copyright 2021 Huawei Technologies Co., Ltd
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
"""data processing"""
import os
import mindspore.dataset as ds
import mindspore.dataset.vision as CV
import mindspore.dataset.transforms as C
from mindspore.dataset.vision import Inter
import mindspore.common.dtype as mstype
def generate_mnist_dataset(data_path, batch_size=32, repeat_size=1,
num_samples=None, num_parallel_workers=1, sparse=True):
"""
create dataset for training or testing
"""
# define dataset
ds1 = ds.MnistDataset(data_path, num_samples=num_samples)
# define operation parameters
resize_height, resize_width = 32, 32
rescale = 1.0 / 255.0
shift = 0.0
# define map operations
resize_op = CV.Resize((resize_height, resize_width),
interpolation=Inter.LINEAR)
rescale_op = CV.Rescale(rescale, shift)
hwc2chw_op = CV.HWC2CHW()
type_cast_op = C.TypeCast(mstype.int32)
# apply map operations on images
if not sparse:
one_hot_enco = C.OneHot(10)
ds1 = ds1.map(input_columns="label", operations=one_hot_enco,
num_parallel_workers=num_parallel_workers)
type_cast_op = C.TypeCast(mstype.float32)
ds1 = ds1.map(input_columns="label", operations=type_cast_op,
num_parallel_workers=num_parallel_workers)
ds1 = ds1.map(input_columns="image", operations=resize_op,
num_parallel_workers=num_parallel_workers)
ds1 = ds1.map(input_columns="image", operations=rescale_op,
num_parallel_workers=num_parallel_workers)
ds1 = ds1.map(input_columns="image", operations=hwc2chw_op,
num_parallel_workers=num_parallel_workers)
# apply DatasetOps
buffer_size = 10000
ds1 = ds1.shuffle(buffer_size=buffer_size)
ds1 = ds1.batch(batch_size, drop_remainder=True)
ds1 = ds1.repeat(repeat_size)
return ds1
def vgg_create_dataset100(data_home, image_size, batch_size, rank_id=0, rank_size=1, repeat_num=1,
training=True, num_samples=None, shuffle=True):
"""Data operations."""
ds.config.set_seed(1)
data_dir = os.path.join(data_home, "train")
if not training:
data_dir = os.path.join(data_home, "test")
if num_samples is not None:
data_set = ds.Cifar100Dataset(data_dir, num_shards=rank_size, shard_id=rank_id,
num_samples=num_samples, shuffle=shuffle)
else:
data_set = ds.Cifar100Dataset(data_dir, num_shards=rank_size, shard_id=rank_id)
input_columns = ["fine_label"]
output_columns = ["label"]
data_set = data_set.rename(input_columns=input_columns, output_columns=output_columns)
data_set = data_set.project(["image", "label"])
rescale = 1.0 / 255.0
shift = 0.0
# define map operations
random_crop_op = CV.RandomCrop((32, 32), (4, 4, 4, 4)) # padding_mode default CONSTANT
random_horizontal_op = CV.RandomHorizontalFlip()
resize_op = CV.Resize(image_size) # interpolation default BILINEAR
rescale_op = CV.Rescale(rescale, shift)
normalize_op = CV.Normalize((0.4465, 0.4822, 0.4914), (0.2010, 0.1994, 0.2023))
changeswap_op = CV.HWC2CHW()
type_cast_op = C.TypeCast(mstype.int32)
c_trans = []
if training:
c_trans = [random_crop_op, random_horizontal_op]
c_trans += [resize_op, rescale_op, normalize_op,
changeswap_op]
# apply map operations on images
data_set = data_set.map(input_columns="label", operations=type_cast_op)
data_set = data_set.map(input_columns="image", operations=c_trans)
# apply shuffle operations
data_set = data_set.shuffle(buffer_size=1000)
# apply batch operations
data_set = data_set.batch(batch_size=batch_size, drop_remainder=True)
# apply repeat operations
data_set = data_set.repeat(repeat_num)
return data_set
def create_dataset_imagenet(path, batch_size=32, repeat_size=20, status="train", target="GPU"):
image_ds = ds.ImageFolderDataset(path, decode=True)
rescale = 1.0 / 255.0
shift = 0.0
cfg = {'num_classes': 10,
'learning_rate': 0.002,
'momentum': 0.9,
'epoch_size': 30,
'batch_size': batch_size,
'buffer_size': 1000,
'image_height': 224,
'image_width': 224,
'save_checkpoint_steps': 1562,
'keep_checkpoint_max': 10,
'device': target,
'status': status}
resize_op = CV.Resize((cfg['image_height'], cfg['image_width']))
rescale_op = CV.Rescale(rescale, shift)
normalize_op = CV.Normalize((0.4914, 0.4822, 0.4465), (0.2023, 0.1994, 0.2010))
random_crop_op = CV.RandomCrop([32, 32], [4, 4, 4, 4])
random_horizontal_op = CV.RandomHorizontalFlip()
channel_swap_op = CV.HWC2CHW()
typecast_op = C.TypeCast(mstype.int32)
image_ds = image_ds.map(input_columns="label", operations=typecast_op, num_parallel_workers=6)
image_ds = image_ds.map(input_columns="image", operations=random_crop_op, num_parallel_workers=6)
image_ds = image_ds.map(input_columns="image", operations=random_horizontal_op, num_parallel_workers=6)
image_ds = image_ds.map(input_columns="image", operations=resize_op, num_parallel_workers=6)
image_ds = image_ds.map(input_columns="image", operations=rescale_op, num_parallel_workers=6)
image_ds = image_ds.map(input_columns="image", operations=normalize_op, num_parallel_workers=6)
image_ds = image_ds.map(input_columns="image", operations=channel_swap_op, num_parallel_workers=6)
image_ds = image_ds.shuffle(buffer_size=cfg['buffer_size'])
image_ds = image_ds.repeat(repeat_size)
return image_ds
def create_dataset_cifar(data_path, image_height, image_width, repeat_num=1, training=True):
"""
create data for next use such as training or inferring
"""
usage = "train" if training else "test"
cifar_ds = ds.Cifar10Dataset(dataset_dir=data_path, usage=usage)
resize_height = image_height # 224
resize_width = image_width # 224
rescale = 1.0 / 255.0
shift = 0.0
batch_size = 32
# define map operations
random_crop_op = CV.RandomCrop((32, 32), (4, 4, 4, 4)) # padding_mode default CONSTANT
random_horizontal_op = CV.RandomHorizontalFlip()
resize_op = CV.Resize((resize_height, resize_width)) # interpolation default BILINEAR
rescale_op = CV.Rescale(rescale, shift)
normalize_op = CV.Normalize((0.4914, 0.4822, 0.4465), (0.2023, 0.1994, 0.2010))
changeswap_op = CV.HWC2CHW()
type_cast_op = C.TypeCast(mstype.int32)
c_trans = []
if training:
c_trans = [random_crop_op, random_horizontal_op]
c_trans += [resize_op, rescale_op, normalize_op,
changeswap_op]
# apply map operations on images
cifar_ds = cifar_ds.map(operations=type_cast_op, input_columns="label")
cifar_ds = cifar_ds.map(operations=c_trans, input_columns="image")
# apply shuffle operations
cifar_ds = cifar_ds.shuffle(buffer_size=10)
# apply batch operations
cifar_ds = cifar_ds.batch(batch_size=batch_size, drop_remainder=True)
# apply repeat operations
cifar_ds = cifar_ds.repeat(repeat_num)
return cifar_ds
def generate_dataset_cifar(data_path, batch_size, usage, repeat_num=1):
"""
create data for next use such as training or inferring
"""
cifar_ds = ds.Cifar10Dataset(data_path, usage=usage)
resize_height = 32
resize_width = 32
rescale = 1.0 / 255.0
shift = 0.0
batch_size = batch_size
# define map operations
resize_op = CV.Resize((resize_height, resize_width)) # interpolation default BILINEAR
rescale_op = CV.Rescale(rescale, shift)
changeswap_op = CV.HWC2CHW()
type_cast_op = C.TypeCast(mstype.int32)
c_trans = []
c_trans += [resize_op, rescale_op,
changeswap_op]
# apply map operations on images
cifar_ds = cifar_ds.map(operations=type_cast_op, input_columns="label")
cifar_ds = cifar_ds.map(operations=c_trans, input_columns="image")
# apply shuffle operations
cifar_ds = cifar_ds.shuffle(buffer_size=10)
# apply batch operations
cifar_ds = cifar_ds.batch(batch_size=batch_size, drop_remainder=True)
# apply repeat operations
cifar_ds = cifar_ds.repeat(repeat_num)
return cifar_ds
================================================
FILE: examples/common/networks/__init__.py
================================================
================================================
FILE: examples/common/networks/cifar10cnn/__init__.py
================================================
================================================
FILE: examples/common/networks/cifar10cnn/cifar10cnn_net.py
================================================
# Copyright 2024 Huawei Technologies Co., Ltd
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
"""
CIFAR10CNN network.
"""
import collections
from mindspore import nn
from mindspore.common.initializer import TruncatedNormal
def weight_variable():
return TruncatedNormal(0.05)
def conv(in_channels, out_channels, kernel_size, stride=1, padding=0):
weight = weight_variable()
return nn.Conv2d(in_channels, out_channels,
kernel_size=kernel_size, stride=stride, padding=padding,
weight_init=weight, has_bias=False, pad_mode="pad")
def fc_with_initialize(input_channels, out_channels):
weight = weight_variable()
bias = weight_variable()
return nn.Dense(input_channels, out_channels, weight, bias)
class CIFAR10CNN(nn.Cell):
"""
Part of CIFAR10CNN network.
"""
def __init__(self):
super(CIFAR10CNN, self).__init__()
self.features = []
self.layerdict = collections.OrderedDict()
self.conv11 = conv(3, 64, 3, padding=1)
self.relu11 = nn.ReLU()
self.conv12 = conv(64, 64, 3, padding=1)
self.relu12 = nn.ReLU()
self.pool1 = nn.MaxPool2d(2, 2)
self.features.extend([
self.conv11, self.relu11, self.conv12, self.relu12, self.pool1
])
self.layerdict['conv11'] = self.conv11
self.layerdict['relu11'] = self.relu11
self.layerdict['conv12'] = self.conv12
self.layerdict['relu12'] = self.relu12
self.layerdict['pool1'] = self.pool1
self.conv21 = conv(64, 128, 3, padding=1)
self.relu21 = nn.ReLU()
self.conv22 = conv(128, 128, 3, padding=1)
self.relu22 = nn.ReLU()
self.pool2 = nn.MaxPool2d(2, 2)
self.features.extend([
self.conv21, self.relu21, self.conv22, self.relu22, self.pool2
])
self.layerdict['conv21'] = self.conv21
self.layerdict['relu21'] = self.relu21
self.layerdict['conv22'] = self.conv22
self.layerdict['relu22'] = self.relu22
self.layerdict['pool2'] = self.pool2
self.conv31 = conv(128, 128, 3, padding=1)
self.relu31 = nn.ReLU()
self.conv32 = conv(128, 128, 3, padding=1)
self.relu32 = nn.ReLU()
self.pool3 = nn.MaxPool2d(2, 2)
self.features.extend([
self.conv31, self.relu31, self.conv32, self.relu32, self.pool3
])
self.layerdict['conv31'] = self.conv31
self.layerdict['relu31'] = self.relu31
self.layerdict['conv32'] = self.conv32
self.layerdict['relu32'] = self.relu32
self.layerdict['pool3'] = self.pool3
self.classifier = []
self.feature_dims = 4 * 4 * 128
self.fc1 = fc_with_initialize(self.feature_dims, 512)
self.fc1act = nn.Sigmoid()
self.fc2 = fc_with_initialize(512, 10)
self.classifier.extend([
self.fc1, self.fc1act, self.fc2
])
self.layerdict['fc1'] = self.fc1
self.layerdict['fc1act'] = self.fc1act
self.layerdict['fc2'] = self.fc2
def construct(self, x):
for layer in self.features:
x = layer(x)
x = x.view(-1, self.feature_dims)
for layer in self.classifier:
x = layer(x)
return x
def forward_from(self, x, layer):
"""
Forward the network from the target layer.
"""
if layer in self.layerdict:
targetlayer = self.layerdict[layer]
if targetlayer in self.features:
layeridx = self.features.index(targetlayer)
for func in self.features[layeridx + 1:]:
x = func(x)
x = x.view(-1, self.feature_dims)
for func in self.classifier:
x = func(x)
return x
layeridx = self.classifier.index(targetlayer)
for func in self.classifier[layeridx:]:
x = func(x)
return x
msg = "Target Layer not exists"
raise ValueError(msg)
def get_layer_output(self, x, targetlayer):
"""
Get the output of the target layer.
"""
targetlayer = self.layerdict.get(targetlayer, None)
for layer in self.features:
x = layer(x)
if layer == targetlayer:
return x
x = x.view(-1, self.feature_dims)
for layer in self.classifier:
x = layer(x)
if layer == targetlayer:
return x
msg = "Target Layer not exists"
raise ValueError(msg)
================================================
FILE: examples/common/networks/cifar10cnn/cifar_train.py
================================================
# Copyright 2024 Huawei Technologies Co., Ltd
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
"""
Train a CIFAR10CNN network model.
"""
import os
import mindspore.nn as nn
from mindspore import context
from mindspore.nn.metrics import Accuracy
from mindspore.train import Model
from mindspore.train.callback import ModelCheckpoint, CheckpointConfig, LossMonitor
from mindspore.train.serialization import load_checkpoint, load_param_into_net
from mindarmour.utils.logger import LogUtil
from examples.common.dataset.data_processing import create_dataset_cifar
from examples.common.networks.cifar10cnn.cifar10cnn_net import CIFAR10CNN
LOGGER = LogUtil.get_instance()
LOGGER.set_level('INFO')
TAG = "CIFAR10CNN_train"
def cifar_train(epoch_size, lr, momentum):
"""
Generate Dataset and Train
"""
mnist_path = "../../dataset/CIFAR10"
# ds = create_dataset_cifar(os.path.join(mnist_path, "train"), 32, 32, repeat_num=1)
ds = create_dataset_cifar(mnist_path, 32, 32, repeat_num=1)
network = CIFAR10CNN()
net_loss = nn.SoftmaxCrossEntropyWithLogits(sparse=True, reduction="mean")
net_opt = nn.Momentum(network.trainable_params(), lr, momentum)
config_ck = CheckpointConfig(save_checkpoint_steps=1875,
keep_checkpoint_max=10)
ckpoint_cb = ModelCheckpoint(prefix="checkpoint_cifar",
directory="./trained_ckpt_file/",
config=config_ck)
gitextract_ionqowz0/
├── .gitee/
│ └── PULL_REQUEST_TEMPLATE.md
├── .github/
│ ├── ISSUE_TEMPLATE/
│ │ ├── RFC.md
│ │ ├── bug-report.md
│ │ └── task-tracking.md
│ └── PULL_REQUEST_TEMPLATE.md
├── .gitignore
├── .jenkins/
│ ├── check/
│ │ └── config/
│ │ ├── filter_cppcheck.txt
│ │ ├── filter_cpplint.txt
│ │ ├── filter_pylint.txt
│ │ └── whitelizard.txt
│ └── test/
│ └── config/
│ └── dependent_packages.yaml
├── .vscode/
│ └── settings.json
├── LICENSE
├── NOTICE
├── OWNERS
├── README.md
├── README_CN.md
├── RELEASE.md
├── RELEASE_CN.md
├── docs/
│ ├── README.md
│ └── api/
│ ├── api_python/
│ │ ├── mindarmour.adv_robustness.attacks.rst
│ │ ├── mindarmour.adv_robustness.defenses.rst
│ │ ├── mindarmour.adv_robustness.detectors.rst
│ │ ├── mindarmour.adv_robustness.evaluations.rst
│ │ ├── mindarmour.fuzz_testing.rst
│ │ ├── mindarmour.natural_robustness.transform.image.rst
│ │ ├── mindarmour.privacy.diff_privacy.rst
│ │ ├── mindarmour.privacy.evaluation.rst
│ │ ├── mindarmour.privacy.sup_privacy.rst
│ │ ├── mindarmour.reliability.rst
│ │ ├── mindarmour.rst
│ │ └── mindarmour.utils.rst
│ └── api_python_en/
│ ├── mindarmour.adv_robustness.attacks.rst
│ ├── mindarmour.adv_robustness.defenses.rst
│ ├── mindarmour.adv_robustness.detectors.rst
│ ├── mindarmour.adv_robustness.evaluations.rst
│ ├── mindarmour.fuzz_testing.rst
│ ├── mindarmour.natural_robustness.transform.image.rst
│ ├── mindarmour.privacy.diff_privacy.rst
│ ├── mindarmour.privacy.evaluation.rst
│ ├── mindarmour.privacy.sup_privacy.rst
│ ├── mindarmour.reliability.rst
│ ├── mindarmour.rst
│ └── mindarmour.utils.rst
├── examples/
│ ├── README.md
│ ├── __init__.py
│ ├── ai_fuzzer/
│ │ ├── README.md
│ │ ├── __init__.py
│ │ ├── fuzz_testing_and_model_enhense.py
│ │ ├── lenet5_mnist_coverage.py
│ │ ├── lenet5_mnist_fuzzing.py
│ │ └── lenet5_mnist_scc.py
│ ├── common/
│ │ ├── __init__.py
│ │ ├── dataset/
│ │ │ ├── __init__.py
│ │ │ └── data_processing.py
│ │ └── networks/
│ │ ├── __init__.py
│ │ ├── cifar10cnn/
│ │ │ ├── __init__.py
│ │ │ ├── cifar10cnn_net.py
│ │ │ └── cifar_train.py
│ │ ├── lenet5/
│ │ │ ├── __init__.py
│ │ │ ├── lenet5_net.py
│ │ │ ├── lenet5_net_for_fuzzing.py
│ │ │ └── mnist_train.py
│ │ ├── resnet/
│ │ │ ├── __init__.py
│ │ │ └── resnet.py
│ │ └── vgg/
│ │ ├── __init__.py
│ │ ├── config.py
│ │ ├── crossentropy.py
│ │ ├── linear_warmup.py
│ │ ├── utils/
│ │ │ ├── __init__.py
│ │ │ ├── util.py
│ │ │ └── var_init.py
│ │ ├── vgg.py
│ │ ├── warmup_cosine_annealing_lr.py
│ │ └── warmup_step_lr.py
│ ├── community/
│ │ ├── __init__.py
│ │ ├── face_adversarial_attack/
│ │ │ ├── README.md
│ │ │ ├── adversarial_attack.py
│ │ │ ├── example_non_target_attack.py
│ │ │ ├── example_target_attack.py
│ │ │ ├── loss_design.py
│ │ │ └── test.py
│ │ ├── query_attack_detector/
│ │ │ ├── README.md
│ │ │ └── query_detector.py
│ │ └── speech_adversarial_attack/
│ │ ├── README.md
│ │ ├── attack.py
│ │ ├── checkpoints/
│ │ │ └── .gitkeep
│ │ ├── data/
│ │ │ └── .gitkeep
│ │ ├── dataset.py
│ │ ├── labels.json
│ │ ├── requirements.txt
│ │ ├── src/
│ │ │ ├── __init__.py
│ │ │ ├── config.py
│ │ │ ├── deepspeech2.py
│ │ │ └── greedydecoder.py
│ │ └── stft.py
│ ├── model_protection/
│ │ └── qwen2_5/
│ │ ├── README.md
│ │ ├── infer/
│ │ │ ├── network_patch/
│ │ │ │ ├── __init__.py
│ │ │ │ ├── qwen2_5_7b_instruct_ms_network_obfuscate.py
│ │ │ │ └── qwen2_5_7b_instruct_ms_network_obfuscate_emb.py
│ │ │ └── qwen2_5_7b_instruct_obfuscate_inference.py
│ │ └── obfuscation/
│ │ ├── config/
│ │ │ ├── qwen2_5_7b_instruct_obf_config.yaml
│ │ │ └── qwen2_5_7b_instruct_obf_config_emb.yaml
│ │ └── qwen2_5_7b_instruct_weight_obfuscate.py
│ ├── model_security/
│ │ ├── README.md
│ │ ├── __init__.py
│ │ ├── model_attacks/
│ │ │ ├── __init__.py
│ │ │ ├── black_box/
│ │ │ │ ├── __init__.py
│ │ │ │ ├── mnist_attack_genetic.py
│ │ │ │ ├── mnist_attack_hsja.py
│ │ │ │ ├── mnist_attack_nes.py
│ │ │ │ ├── mnist_attack_pointwise.py
│ │ │ │ ├── mnist_attack_pso.py
│ │ │ │ └── mnist_attack_salt_and_pepper.py
│ │ │ ├── cv/
│ │ │ │ ├── faster_rcnn/
│ │ │ │ │ ├── README.md
│ │ │ │ │ ├── coco_attack_genetic.py
│ │ │ │ │ ├── coco_attack_pgd.py
│ │ │ │ │ ├── coco_attack_pso.py
│ │ │ │ │ └── src/
│ │ │ │ │ ├── FasterRcnn/
│ │ │ │ │ │ ├── __init__.py
│ │ │ │ │ │ ├── anchor_generator.py
│ │ │ │ │ │ ├── bbox_assign_sample.py
│ │ │ │ │ │ ├── bbox_assign_sample_stage2.py
│ │ │ │ │ │ ├── faster_rcnn_r50.py
│ │ │ │ │ │ ├── fpn_neck.py
│ │ │ │ │ │ ├── proposal_generator.py
│ │ │ │ │ │ ├── rcnn.py
│ │ │ │ │ │ ├── resnet50.py
│ │ │ │ │ │ ├── roi_align.py
│ │ │ │ │ │ └── rpn.py
│ │ │ │ │ ├── config.py
│ │ │ │ │ ├── dataset.py
│ │ │ │ │ ├── lr_schedule.py
│ │ │ │ │ ├── network_define.py
│ │ │ │ │ └── util.py
│ │ │ │ └── yolov3_darknet53/
│ │ │ │ ├── coco_attack_deepfool.py
│ │ │ │ └── src/
│ │ │ │ ├── __init__.py
│ │ │ │ ├── config.py
│ │ │ │ ├── convert_weight.py
│ │ │ │ ├── darknet.py
│ │ │ │ ├── distributed_sampler.py
│ │ │ │ ├── initializer.py
│ │ │ │ ├── logger.py
│ │ │ │ ├── loss.py
│ │ │ │ ├── lr_scheduler.py
│ │ │ │ ├── transforms.py
│ │ │ │ ├── util.py
│ │ │ │ ├── yolo.py
│ │ │ │ └── yolo_dataset.py
│ │ │ └── white_box/
│ │ │ ├── __init__.py
│ │ │ ├── mnist_attack_cw.py
│ │ │ ├── mnist_attack_deepfool.py
│ │ │ ├── mnist_attack_fgsm.py
│ │ │ ├── mnist_attack_jsma.py
│ │ │ ├── mnist_attack_lbfgs.py
│ │ │ ├── mnist_attack_mdi2fgsm.py
│ │ │ ├── mnist_attack_pgd.py
│ │ │ └── mnist_attack_vmifgsm.py
│ │ ├── model_defenses/
│ │ │ ├── __init__.py
│ │ │ ├── mnist_defense_nad.py
│ │ │ ├── mnist_evaluation.py
│ │ │ └── mnist_similarity_detector.py
│ │ └── neuron_sensitivity/
│ │ └── mnist_neuron_sensitivity.py
│ ├── natural_robustness/
│ │ ├── __init__.py
│ │ ├── natural_robustness_example.py
│ │ └── serving/
│ │ ├── README.md
│ │ ├── client/
│ │ │ ├── perturb_config.py
│ │ │ └── serving_client.py
│ │ └── server/
│ │ ├── perturbation/
│ │ │ └── servable_config.py
│ │ └── serving_server.py
│ ├── privacy/
│ │ ├── README.md
│ │ ├── __init__.py
│ │ ├── diff_privacy/
│ │ │ ├── __init__.py
│ │ │ ├── dp_ada_gaussian_config.py
│ │ │ ├── dp_ada_sgd_graph_config.py
│ │ │ ├── lenet5_config.py
│ │ │ ├── lenet5_dp.py
│ │ │ ├── lenet5_dp_ada_gaussian.py
│ │ │ ├── lenet5_dp_ada_sgd_graph.py
│ │ │ └── lenet5_dp_optimizer.py
│ │ ├── inversion_attack/
│ │ │ ├── README.md
│ │ │ ├── __init__.py
│ │ │ ├── cifar_black_box.py
│ │ │ ├── cifar_shadow_attack.py
│ │ │ ├── inversion_net.py
│ │ │ ├── mnist_inversion_attack.py
│ │ │ └── shadow_net.py
│ │ ├── membership_inference/
│ │ │ ├── __init__.py
│ │ │ ├── eval.py
│ │ │ ├── example_vgg_cifar.py
│ │ │ └── train.py
│ │ └── sup_privacy/
│ │ ├── __init__.py
│ │ ├── sup_privacy.py
│ │ └── sup_privacy_config.py
│ └── reliability/
│ ├── concept_drift_check_images_lenet.py
│ ├── concept_drift_check_images_resnet.py
│ ├── concept_drift_time_series.py
│ └── model_fault_injection.py
├── mindarmour/
│ ├── __init__.py
│ ├── adv_robustness/
│ │ ├── __init__.py
│ │ ├── attacks/
│ │ │ ├── __init__.py
│ │ │ ├── attack.py
│ │ │ ├── black/
│ │ │ │ ├── __init__.py
│ │ │ │ ├── black_model.py
│ │ │ │ ├── genetic_attack.py
│ │ │ │ ├── hop_skip_jump_attack.py
│ │ │ │ ├── natural_evolutionary_strategy.py
│ │ │ │ ├── pointwise_attack.py
│ │ │ │ ├── pso_attack.py
│ │ │ │ └── salt_and_pepper_attack.py
│ │ │ ├── carlini_wagner.py
│ │ │ ├── deep_fool.py
│ │ │ ├── gradient_method.py
│ │ │ ├── iterative_gradient_method.py
│ │ │ ├── jsma.py
│ │ │ └── lbfgs.py
│ │ ├── defenses/
│ │ │ ├── __init__.py
│ │ │ ├── adversarial_defense.py
│ │ │ ├── defense.py
│ │ │ ├── natural_adversarial_defense.py
│ │ │ └── projected_adversarial_defense.py
│ │ ├── detectors/
│ │ │ ├── __init__.py
│ │ │ ├── black/
│ │ │ │ ├── __init__.py
│ │ │ │ └── similarity_detector.py
│ │ │ ├── detector.py
│ │ │ ├── ensemble_detector.py
│ │ │ ├── mag_net.py
│ │ │ ├── region_based_detector.py
│ │ │ └── spatial_smoothing.py
│ │ └── evaluations/
│ │ ├── __init__.py
│ │ ├── attack_evaluation.py
│ │ ├── black/
│ │ │ ├── __init__.py
│ │ │ └── defense_evaluation.py
│ │ ├── defense_evaluation.py
│ │ ├── neuron_metrics.py
│ │ └── visual_metrics.py
│ ├── fuzz_testing/
│ │ ├── __init__.py
│ │ ├── fuzzing.py
│ │ ├── model_coverage_metrics.py
│ │ ├── scc_readme.md
│ │ └── sensitivity_convergence_coverage.py
│ ├── model_protection/
│ │ ├── __init__.py
│ │ └── obfuscation.py
│ ├── natural_robustness/
│ │ ├── __init__.py
│ │ └── transform/
│ │ ├── __init__.py
│ │ └── image/
│ │ ├── __init__.py
│ │ ├── blur.py
│ │ ├── corruption.py
│ │ ├── luminance.py
│ │ ├── natural_perturb.py
│ │ └── transformation.py
│ ├── privacy/
│ │ ├── __init__.py
│ │ ├── diff_privacy/
│ │ │ ├── __init__.py
│ │ │ ├── mechanisms/
│ │ │ │ ├── __init__.py
│ │ │ │ └── mechanisms.py
│ │ │ ├── monitor/
│ │ │ │ ├── __init__.py
│ │ │ │ └── monitor.py
│ │ │ ├── optimizer/
│ │ │ │ ├── __init__.py
│ │ │ │ └── optimizer.py
│ │ │ └── train/
│ │ │ ├── __init__.py
│ │ │ └── model.py
│ │ ├── evaluation/
│ │ │ ├── __init__.py
│ │ │ ├── _check_config.py
│ │ │ ├── attacker.py
│ │ │ ├── inversion_attack.py
│ │ │ ├── membership_inference.py
│ │ │ ├── model_inversion_attack.py
│ │ │ └── shadow_model_attack.py
│ │ └── sup_privacy/
│ │ ├── __init__.py
│ │ ├── mask_monitor/
│ │ │ ├── __init__.py
│ │ │ └── masker.py
│ │ ├── sup_ctrl/
│ │ │ ├── __init__.py
│ │ │ └── conctrl.py
│ │ └── train/
│ │ ├── __init__.py
│ │ └── model.py
│ ├── reliability/
│ │ ├── __init__.py
│ │ ├── concept_drift/
│ │ │ ├── README.md
│ │ │ ├── __init__.py
│ │ │ ├── concept_drift_check_images.py
│ │ │ └── concept_drift_check_time_series.py
│ │ └── model_fault_injection/
│ │ ├── README.md
│ │ ├── __init__.py
│ │ ├── fault_injection.py
│ │ └── fault_type.py
│ ├── utils/
│ │ ├── __init__.py
│ │ ├── _check_param.py
│ │ ├── logger.py
│ │ └── util.py
│ └── version.py
├── package.sh
├── requirements.txt
├── setup.py
└── tests/
├── __init__.py
└── ut/
├── __init__.py
└── python/
├── __init__.py
├── adv_robustness/
│ ├── __init__.py
│ ├── attacks/
│ │ ├── __init__.py
│ │ ├── black/
│ │ │ ├── __init__.py
│ │ │ ├── test_genetic_attack.py
│ │ │ ├── test_hsja.py
│ │ │ ├── test_nes.py
│ │ │ ├── test_pointwise_attack.py
│ │ │ ├── test_pso_attack.py
│ │ │ └── test_salt_and_pepper_attack.py
│ │ ├── test_batch_generate_attack.py
│ │ ├── test_cw.py
│ │ ├── test_deep_fool.py
│ │ ├── test_gradient_method.py
│ │ ├── test_iterative_gradient_method.py
│ │ ├── test_jsma.py
│ │ └── test_lbfgs.py
│ ├── defenses/
│ │ ├── __init__.py
│ │ ├── test_ad.py
│ │ ├── test_ead.py
│ │ ├── test_nad.py
│ │ └── test_pad.py
│ ├── detectors/
│ │ ├── __init__.py
│ │ ├── black/
│ │ │ ├── __init__.py
│ │ │ └── test_similarity_detector.py
│ │ ├── test_ensemble_detector.py
│ │ ├── test_mag_net.py
│ │ ├── test_region_based_detector.py
│ │ └── test_spatial_smoothing.py
│ └── evaluations/
│ ├── __init__.py
│ ├── black/
│ │ ├── __init__.py
│ │ └── test_black_defense_eval.py
│ ├── test_attack_eval.py
│ ├── test_defense_eval.py
│ └── test_radar_metric.py
├── dataset/
│ ├── concept_test_lenet.npy
│ ├── concept_test_lenet1.npy
│ ├── concept_test_lenet2.npy
│ ├── concept_train_lenet.npy
│ ├── test_images.npy
│ ├── test_labels.npy
│ └── trained_ckpt_file/
│ └── checkpoint_lenet-10_1875.ckpt
├── fuzzing/
│ ├── __init__.py
│ ├── test_coverage_metrics.py
│ └── test_fuzzer.py
├── natural_robustness/
│ └── test_natural_robustness.py
├── privacy/
│ ├── __init__.py
│ ├── diff_privacy/
│ │ ├── __init__.py
│ │ ├── test_mechanisms.py
│ │ ├── test_model_train.py
│ │ ├── test_monitor.py
│ │ └── test_optimizer.py
│ ├── evaluation/
│ │ ├── __init__.py
│ │ ├── test_attacker.py
│ │ ├── test_inversion_attack.py
│ │ └── test_membership_inference.py
│ └── sup_privacy/
│ ├── __init__.py
│ └── test_model_train.py
├── reliability/
│ ├── concept_drift/
│ │ ├── test_concept_drift_images.py
│ │ └── test_concept_drift_time_series.py
│ └── model_fault_injection/
│ └── test_fault_injection.py
└── utils/
├── __init__.py
├── mock_net.py
└── test_log_util.py
SYMBOL INDEX (1573 symbols across 196 files)
FILE: examples/ai_fuzzer/fuzz_testing_and_model_enhense.py
function split_dataset (line 41) | def split_dataset(image, label, proportion):
function example_lenet_mnist_fuzzing (line 55) | def example_lenet_mnist_fuzzing():
FILE: examples/ai_fuzzer/lenet5_mnist_coverage.py
function test_lenet_mnist_coverage (line 31) | def test_lenet_mnist_coverage():
FILE: examples/ai_fuzzer/lenet5_mnist_fuzzing.py
function test_lenet_mnist_fuzzing (line 31) | def test_lenet_mnist_fuzzing():
FILE: examples/ai_fuzzer/lenet5_mnist_scc.py
function datapipe (line 32) | def datapipe(path):
class Net (line 47) | class Net(nn.Cell):
method __init__ (line 49) | def __init__(self):
method construct (line 61) | def construct(self, x):
FILE: examples/common/dataset/data_processing.py
function generate_mnist_dataset (line 24) | def generate_mnist_dataset(data_path, batch_size=32, repeat_size=1,
function vgg_create_dataset100 (line 68) | def vgg_create_dataset100(data_home, image_size, batch_size, rank_id=0, ...
function create_dataset_imagenet (line 120) | def create_dataset_imagenet(path, batch_size=32, repeat_size=20, status=...
function create_dataset_cifar (line 158) | def create_dataset_cifar(data_path, image_height, image_width, repeat_nu...
function generate_dataset_cifar (line 194) | def generate_dataset_cifar(data_path, batch_size, usage, repeat_num=1):
FILE: examples/common/networks/cifar10cnn/cifar10cnn_net.py
function weight_variable (line 21) | def weight_variable():
function conv (line 24) | def conv(in_channels, out_channels, kernel_size, stride=1, padding=0):
function fc_with_initialize (line 31) | def fc_with_initialize(input_channels, out_channels):
class CIFAR10CNN (line 36) | class CIFAR10CNN(nn.Cell):
method __init__ (line 40) | def __init__(self):
method construct (line 100) | def construct(self, x):
method forward_from (line 109) | def forward_from(self, x, layer):
method get_layer_output (line 132) | def get_layer_output(self, x, targetlayer):
FILE: examples/common/networks/cifar10cnn/cifar_train.py
function cifar_train (line 36) | def cifar_train(epoch_size, lr, momentum):
FILE: examples/common/networks/lenet5/lenet5_net.py
function conv (line 18) | def conv(in_channels, out_channels, kernel_size, stride=1, padding=0):
function fc_with_initialize (line 25) | def fc_with_initialize(input_channels, out_channels):
function weight_variable (line 31) | def weight_variable():
class LeNet5 (line 35) | class LeNet5(nn.Cell):
method __init__ (line 39) | def __init__(self):
method construct (line 50) | def construct(self, x):
FILE: examples/common/networks/lenet5/lenet5_net_for_fuzzing.py
function conv (line 22) | def conv(in_channels, out_channels, kernel_size, stride=1, padding=0):
function fc_with_initialize (line 29) | def fc_with_initialize(input_channels, out_channels):
function weight_variable (line 36) | def weight_variable():
class LeNet5 (line 41) | class LeNet5(nn.Cell):
method __init__ (line 45) | def __init__(self):
method construct (line 57) | def construct(self, x):
FILE: examples/common/networks/lenet5/mnist_train.py
function mnist_train (line 34) | def mnist_train(epoch_size, batch_size, lr, momentum):
FILE: examples/common/networks/resnet/resnet.py
function _conv_variance_scaling_initializer (line 26) | def _conv_variance_scaling_initializer(in_channel, out_channel, kernel_s...
function _weight_variable (line 36) | def _weight_variable(shape, factor=0.01):
function _conv3x3 (line 41) | def _conv3x3(in_channel, out_channel, stride=1, use_se=False):
function _conv1x1 (line 51) | def _conv1x1(in_channel, out_channel, stride=1, use_se=False):
function _conv7x7 (line 61) | def _conv7x7(in_channel, out_channel, stride=1, use_se=False):
function _bn (line 71) | def _bn(channel):
function _bn_last (line 76) | def _bn_last(channel):
function _fc (line 81) | def _fc(in_channel, out_channel, use_se=False):
class ResidualBlock (line 91) | class ResidualBlock(nn.Cell):
method __init__ (line 110) | def __init__(self,
method construct (line 160) | def construct(self, x):
class ResNet (line 193) | class ResNet(nn.Cell):
method __init__ (line 218) | def __init__(self,
method _make_layer (line 278) | def _make_layer(self, block, layer_num, in_channel, out_channel, strid...
method construct (line 311) | def construct(self, x):
function resnet50 (line 341) | def resnet50(class_num=10):
function se_resnet50 (line 361) | def se_resnet50(class_num=1001):
function resnet101 (line 382) | def resnet101(class_num=1001):
FILE: examples/common/networks/vgg/crossentropy.py
class CrossEntropy (line 24) | class CrossEntropy(_Loss):
method __init__ (line 27) | def __init__(self, smooth_factor=0., num_classes=1001):
method construct (line 35) | def construct(self, logit, label):
FILE: examples/common/networks/vgg/linear_warmup.py
function linear_warmup_lr (line 20) | def linear_warmup_lr(current_step, warmup_steps, base_lr, init_lr):
FILE: examples/common/networks/vgg/utils/util.py
function get_param_groups (line 18) | def get_param_groups(network):
FILE: examples/common/networks/vgg/utils/var_init.py
function _calculate_gain (line 25) | def _calculate_gain(nonlinearity, param=None):
function _assignment (line 67) | def _assignment(arr, num):
function _calculate_in_and_out (line 81) | def _calculate_in_and_out(arr):
function _select_fan (line 105) | def _select_fan(array, mode):
class KaimingInit (line 115) | class KaimingInit(init.Initializer):
method __init__ (line 129) | def __init__(self, a=0, mode='fan_in', nonlinearity='leaky_relu'):
method _initialize (line 133) | def _initialize(self, arr):
class KaimingUniform (line 137) | class KaimingUniform(KaimingInit):
method _initialize (line 156) | def _initialize(self, arr):
class KaimingNormal (line 165) | class KaimingNormal(KaimingInit):
method _initialize (line 184) | def _initialize(self, arr):
function default_recurisive_init (line 193) | def default_recurisive_init(custom_cell):
FILE: examples/common/networks/vgg/vgg.py
function _make_layer (line 26) | def _make_layer(base, args, batch_norm):
class Vgg (line 53) | class Vgg(nn.Cell):
method __init__ (line 71) | def __init__(self, base, num_classes=1000, batch_norm=False, batch_siz...
method construct (line 91) | def construct(self, x):
method custom_init_weight (line 97) | def custom_init_weight(self):
function vgg16 (line 125) | def vgg16(num_classes=1000, args=None, phase="train"):
FILE: examples/common/networks/vgg/warmup_cosine_annealing_lr.py
function warmup_cosine_annealing_lr (line 24) | def warmup_cosine_annealing_lr(lr, steps_per_epoch, warmup_epochs, max_e...
FILE: examples/common/networks/vgg/warmup_step_lr.py
function lr_steps (line 24) | def lr_steps(global_step, lr_init, lr_max, warmup_epochs, total_epochs, ...
function warmup_step_lr (line 50) | def warmup_step_lr(lr, lr_epochs, steps_per_epoch, warmup_epochs, max_ep...
function multi_step_lr (line 75) | def multi_step_lr(lr, milestones, steps_per_epoch, max_epoch, gamma=0.1):
function step_lr (line 79) | def step_lr(lr, epoch_size, steps_per_epoch, max_epoch, gamma=0.1):
FILE: examples/community/face_adversarial_attack/adversarial_attack.py
class FaceAdversarialAttack (line 32) | class FaceAdversarialAttack():
method __init__ (line 42) | def __init__(self, input_img, target_img, net, seed=None):
method train (line 62) | def train(self, attack_method):
method test_target_attack (line 110) | def test_target_attack(self):
method test_non_target_attack (line 141) | def test_non_target_attack(self):
method _reverse_norm (line 168) | def _reverse_norm(self, image_tensor):
function apply (line 182) | def apply(image_tensor, mask_tensor, reference_tensor):
function create_mask (line 199) | def create_mask(face_image):
function detect_face (line 235) | def detect_face(image):
function load_data (line 258) | def load_data(data):
FILE: examples/community/face_adversarial_attack/loss_design.py
class MyTrainOneStepCell (line 22) | class MyTrainOneStepCell(nn.TrainOneStepCell):
method __init__ (line 35) | def __init__(self, network, optimizer, sens=1.0):
method construct (line 39) | def construct(self, *inputs):
class MyWithLossCellTargetAttack (line 47) | class MyWithLossCellTargetAttack(nn.Cell):
method __init__ (line 49) | def __init__(self, net, loss_fn, input_tensor):
method backbone_network (line 62) | def backbone_network(self):
method construct (line 65) | def construct(self, mask_tensor):
class MyWithLossCellNonTargetAttack (line 76) | class MyWithLossCellNonTargetAttack(nn.Cell):
method __init__ (line 78) | def __init__(self, net, loss_fn, input_tensor):
method backbone_network (line 91) | def backbone_network(self):
method construct (line 94) | def construct(self, mask_tensor):
class FaceLossTargetAttack (line 105) | class FaceLossTargetAttack(nn.Cell):
method __init__ (line 108) | def __init__(self, target_emb):
method construct (line 122) | def construct(self, adversarial_emb):
class FaceLossNoTargetAttack (line 131) | class FaceLossNoTargetAttack(nn.Cell):
method __init__ (line 134) | def __init__(self):
method construct (line 148) | def construct(self, adversarial_emb, input_emb):
FILE: examples/community/query_attack_detector/query_detector.py
class QueryDetector (line 32) | class QueryDetector(Detector):
method __init__ (line 70) | def __init__(self, sample_query, window_size=50, step_size=1, roundto=...
method preprocess (line 91) | def preprocess(self, array, roundto=1, normalized=False):
method hash_img (line 110) | def hash_img(self, img, window_size, roundto, step_size, preprocess=Tr...
method check_img (line 135) | def check_img(self, hashes):
method add_img (line 152) | def add_img(self, img):
method fit (line 171) | def fit(self, inputs, labels=None):
method detect (line 189) | def detect(self, queries):
method gaussian_filter (line 217) | def gaussian_filter(self, img):
method detect_diff (line 228) | def detect_diff(self, inputs):
method transform (line 244) | def transform(self, inputs):
method delete (line 257) | def delete(self):
function hash_helper (line 264) | def hash_helper(arguments): # compute hashes
FILE: examples/community/speech_adversarial_attack/attack.py
function superpose (line 84) | def superpose(audio, noise):
function sr_and_cer (line 110) | def sr_and_cer(sound_data, noise):
function generate_data (line 140) | def generate_data(num, alpha):
class MyAdam (line 212) | class MyAdam(ms.nn.Cell):
method __init__ (line 217) | def __init__(self, param):
method construct (line 227) | def construct(
function superpose_step (line 248) | def superpose_step(sound, noise, start):
function generate (line 274) | def generate(
FILE: examples/community/speech_adversarial_attack/dataset.py
class LoadAudioAndTranscript (line 30) | class LoadAudioAndTranscript:
method __init__ (line 35) | def __init__(self, audio_conf=None, normalize=False, labels=None):
method load_audio (line 45) | def load_audio(path):
method parse_audio (line 58) | def parse_audio(self, audio_path):
method parse_transcript (line 81) | def parse_transcript(self, transcript_path):
class ASRDataset (line 91) | class ASRDataset(LoadAudioAndTranscript):
method __init__ (line 103) | def __init__(
method __getitem__ (line 128) | def __getitem__(self, index):
method __len__ (line 152) | def __len__(self):
class DistributedSampler (line 156) | class DistributedSampler:
method __init__ (line 161) | def __init__(self, dataset, rank, group_size, shuffle=True, seed=0):
method __iter__ (line 171) | def __iter__(self):
method __len__ (line 183) | def __len__(self):
function create_dataset (line 187) | def create_dataset(
FILE: examples/community/speech_adversarial_attack/src/deepspeech2.py
class SequenceWise (line 26) | class SequenceWise(nn.Cell):
method __init__ (line 31) | def __init__(self, module):
method construct (line 38) | def construct(self, x):
method _initialize_weights (line 46) | def _initialize_weights(self):
class MaskConv (line 74) | class MaskConv(nn.Cell):
method __init__ (line 80) | def __init__(self):
method construct (line 107) | def construct(self, x, lengths):
method _initialize_weights (line 113) | def _initialize_weights(self):
class BatchRNN (line 143) | class BatchRNN(nn.Cell):
method __init__ (line 156) | def __init__(
method construct (line 204) | def construct(self, x):
class DeepSpeechModel (line 216) | class DeepSpeechModel(nn.Cell):
method __init__ (line 229) | def __init__(
method construct (line 281) | def construct(self, x, lengths):
method get_seq_lens (line 294) | def get_seq_lens(self, seq_len):
method get_conv_num (line 305) | def get_conv_num(self):
class NetWithLossClass (line 320) | class NetWithLossClass(nn.Cell):
method __init__ (line 325) | def __init__(self, network):
method construct (line 333) | def construct(self, inputs, input_length, target_indices, label_values):
class PredictWithSoftmax (line 344) | class PredictWithSoftmax(nn.Cell):
method __init__ (line 349) | def __init__(self, network):
method construct (line 356) | def construct(self, inputs, input_length):
FILE: examples/community/speech_adversarial_attack/src/greedydecoder.py
class Decoder (line 24) | class Decoder:
method __init__ (line 34) | def __init__(self, labels, blank_index=0):
method wer (line 45) | def wer(str_1, str_2):
method cer (line 66) | def cer(str_1, str_2):
method decode (line 83) | def decode(self, probs, sizes=None):
class MSGreedyDecoder (line 98) | class MSGreedyDecoder(Decoder):
method convert_to_strings (line 103) | def convert_to_strings(
method process_string (line 121) | def process_string(self, sequence, size, remove_repetitions=False):
method decode (line 144) | def decode(self, probs, sizes=None):
FILE: examples/community/speech_adversarial_attack/stft.py
class DFTBase (line 11) | class DFTBase(nn.Cell):
method dft_matrix (line 16) | def dft_matrix(self, num):
method idft_matrix (line 25) | def idft_matrix(self, num):
class STFT (line 35) | class STFT(DFTBase):
method __init__ (line 40) | def __init__(
method construct (line 115) | def construct(self, input_x):
function magphase (line 139) | def magphase(real, imag):
function ms_spectrogram (line 149) | def ms_spectrogram(sound, ms_stft):
FILE: examples/model_protection/qwen2_5/infer/network_patch/qwen2_5_7b_instruct_ms_network_obfuscate.py
class VocabEmbedding (line 29) | class VocabEmbedding(nn.Cell):
method __init__ (line 48) | def __init__(self, num_embeddings, embedding_dim, param_init_type=msty...
method construct (line 58) | def construct(self, input_ids):
function _patched_init (line 64) | def _patched_init(self, config, *args, **kwargs):
function _patched_construct (line 82) | def _patched_construct(self, tokens: Tensor, batch_valid_length=None, ba...
function _patched_infer_convert_outer_weight (line 147) | def _patched_infer_convert_outer_weight(self, src_hf_dir, hf_weight_map):
function _patched_convert_weight_name (line 175) | def _patched_convert_weight_name(self, weight_name: str):
FILE: examples/model_protection/qwen2_5/infer/network_patch/qwen2_5_7b_instruct_ms_network_obfuscate_emb.py
function _patched_init (line 28) | def _patched_init(self, config, *args, **kwargs):
function _patched_construct (line 40) | def _patched_construct(self, tokens: Tensor, batch_valid_length=None, ba...
function _patched_infer_convert_outer_weight (line 103) | def _patched_infer_convert_outer_weight(self, src_hf_dir, hf_weight_map):
function _patched_convert_weight_name (line 126) | def _patched_convert_weight_name(self, weight_name: str):
FILE: examples/model_protection/qwen2_5/infer/qwen2_5_7b_instruct_obfuscate_inference.py
function test_qwen2_5_obfuscate_inference (line 29) | def test_qwen2_5_obfuscate_inference(model_path):
FILE: examples/model_protection/qwen2_5/obfuscation/qwen2_5_7b_instruct_weight_obfuscate.py
function inv_permutation (line 20) | def inv_permutation(p):
function gen_colums_permuate_list (line 26) | def gen_colums_permuate_list(hidden_size, num_heads=None, kv_num_heads=N...
function test_qwen2_5_weight_obfuscate (line 53) | def test_qwen2_5_weight_obfuscate(src_path, saved_path, obf_config_path):
function test_qwen2_5_weight_obfuscate_emb (line 76) | def test_qwen2_5_weight_obfuscate_emb(src_path, saved_path, obf_config_p...
FILE: examples/model_security/model_attacks/black_box/mnist_attack_genetic.py
class ModelToBeAttacked (line 35) | class ModelToBeAttacked(BlackModel):
method __init__ (line 38) | def __init__(self, network):
method predict (line 42) | def predict(self, inputs):
function test_genetic_attack_on_mnist (line 51) | def test_genetic_attack_on_mnist():
FILE: examples/model_security/model_attacks/black_box/mnist_attack_hsja.py
class ModelToBeAttacked (line 32) | class ModelToBeAttacked(BlackModel):
method __init__ (line 35) | def __init__(self, network):
method predict (line 39) | def predict(self, inputs):
function random_target_labels (line 47) | def random_target_labels(true_labels):
function create_target_images (line 58) | def create_target_images(dataset, data_labels, target_labels):
function test_hsja_mnist_attack (line 68) | def test_hsja_mnist_attack():
FILE: examples/model_security/model_attacks/black_box/mnist_attack_nes.py
class ModelToBeAttacked (line 32) | class ModelToBeAttacked(BlackModel):
method __init__ (line 35) | def __init__(self, network):
method predict (line 39) | def predict(self, inputs):
function random_target_labels (line 47) | def random_target_labels(true_labels, labels_list):
function _pseudorandom_target (line 58) | def _pseudorandom_target(index, total_indices, true_class):
function create_target_images (line 67) | def create_target_images(dataset, data_labels, target_labels):
function test_nes_mnist_attack (line 77) | def test_nes_mnist_attack():
FILE: examples/model_security/model_attacks/black_box/mnist_attack_pointwise.py
class ModelToBeAttacked (line 34) | class ModelToBeAttacked(BlackModel):
method __init__ (line 37) | def __init__(self, network):
method predict (line 41) | def predict(self, inputs):
function test_pointwise_attack_on_mnist (line 49) | def test_pointwise_attack_on_mnist():
FILE: examples/model_security/model_attacks/black_box/mnist_attack_pso.py
class ModelToBeAttacked (line 35) | class ModelToBeAttacked(BlackModel):
method __init__ (line 38) | def __init__(self, network):
method predict (line 42) | def predict(self, inputs):
function test_pso_attack_on_mnist (line 51) | def test_pso_attack_on_mnist():
FILE: examples/model_security/model_attacks/black_box/mnist_attack_salt_and_pepper.py
class ModelToBeAttacked (line 34) | class ModelToBeAttacked(BlackModel):
method __init__ (line 37) | def __init__(self, network):
method predict (line 41) | def predict(self, inputs):
function test_salt_and_pepper_attack_on_mnist (line 49) | def test_salt_and_pepper_attack_on_mnist():
FILE: examples/model_security/model_attacks/cv/faster_rcnn/coco_attack_genetic.py
class ModelToBeAttacked (line 40) | class ModelToBeAttacked(BlackModel):
method __init__ (line 43) | def __init__(self, network):
method predict (line 47) | def predict(self, images, img_metas, gt_boxes, gt_labels, gt_num):
FILE: examples/model_security/model_attacks/cv/faster_rcnn/coco_attack_pgd.py
class LossNet (line 43) | class LossNet(Cell):
method construct (line 45) | def construct(self, x1, x2, x3, x4, x5, x6):
class WithLossCell (line 49) | class WithLossCell(Cell):
method __init__ (line 51) | def __init__(self, backbone, loss_fn):
method construct (line 56) | def construct(self, img_data, img_metas, gt_bboxes, gt_labels, gt_num,...
method backbone_network (line 61) | def backbone_network(self):
class GradWrapWithLoss (line 65) | class GradWrapWithLoss(Cell):
method __init__ (line 70) | def __init__(self, network):
method construct (line 75) | def construct(self, *inputs):
FILE: examples/model_security/model_attacks/cv/faster_rcnn/coco_attack_pso.py
class ModelToBeAttacked (line 40) | class ModelToBeAttacked(BlackModel):
method __init__ (line 43) | def __init__(self, network):
method predict (line 47) | def predict(self, images, img_metas, gt_boxes, gt_labels, gt_num):
FILE: examples/model_security/model_attacks/cv/faster_rcnn/src/FasterRcnn/anchor_generator.py
class AnchorGenerator (line 19) | class AnchorGenerator():
method __init__ (line 21) | def __init__(self, base_size, scales, ratios, scale_major=True, ctr=No...
method gen_base_anchors (line 30) | def gen_base_anchors(self):
method _meshgrid (line 58) | def _meshgrid(self, x, y, row_major=True):
method grid_anchors (line 67) | def grid_anchors(self, featmap_size, stride=16):
FILE: examples/model_security/model_attacks/cv/faster_rcnn/src/FasterRcnn/bbox_assign_sample.py
class BboxAssignSample (line 26) | class BboxAssignSample(nn.Cell):
method __init__ (line 47) | def __init__(self, config, batch_size, num_bboxes, add_gt_as_proposals):
method construct (line 102) | def construct(self, gt_bboxes_i, gt_labels_i, valid_mask, bboxes, gt_v...
FILE: examples/model_security/model_attacks/cv/faster_rcnn/src/FasterRcnn/bbox_assign_sample_stage2.py
class BboxAssignSampleForRcnn (line 26) | class BboxAssignSampleForRcnn(nn.Cell):
method __init__ (line 47) | def __init__(self, config, batch_size, num_bboxes, add_gt_as_proposals):
method construct (line 112) | def construct(self, gt_bboxes_i, gt_labels_i, valid_mask, bboxes, gt_v...
FILE: examples/model_security/model_attacks/cv/faster_rcnn/src/FasterRcnn/faster_rcnn_r50.py
class Faster_Rcnn_Resnet50 (line 35) | class Faster_Rcnn_Resnet50(nn.Cell):
method __init__ (line 54) | def __init__(self, config):
method construct (line 197) | def construct(self, img_data, img_metas, gt_bboxes, gt_labels, gt_vali...
method get_det_bboxes (line 299) | def get_det_bboxes(self, cls_logits, reg_logits, mask_logits, rois, im...
method multiclass_nms (line 331) | def multiclass_nms(self, boxes_all, scores_all, mask_all):
method get_anchors (line 408) | def get_anchors(self, featmap_sizes):
FILE: examples/model_security/model_attacks/cv/faster_rcnn/src/FasterRcnn/fpn_neck.py
function bias_init_zeros (line 29) | def bias_init_zeros(shape):
function _conv (line 33) | def _conv(in_channels, out_channels, kernel_size=3, stride=1, padding=0,...
class FeatPyramidNeck (line 43) | class FeatPyramidNeck(nn.Cell):
method __init__ (line 68) | def __init__(self,
method construct (line 94) | def construct(self, inputs):
FILE: examples/model_security/model_attacks/cv/faster_rcnn/src/FasterRcnn/proposal_generator.py
class Proposal (line 30) | class Proposal(nn.Cell):
method __init__ (line 49) | def __init__(self,
method set_train_local (line 113) | def set_train_local(self, config, training=True):
method construct (line 140) | def construct(self, rpn_cls_score_total, rpn_bbox_pred_total, anchor_l...
method get_bboxes_single (line 158) | def get_bboxes_single(self, cls_scores, bbox_preds, mlvl_anchors):
FILE: examples/model_security/model_attacks/cv/faster_rcnn/src/FasterRcnn/rcnn.py
class DenseNoTranpose (line 28) | class DenseNoTranpose(nn.Cell):
method __init__ (line 30) | def __init__(self, input_channels, output_channels, weight_init):
method construct (line 40) | def construct(self, x):
class Rcnn (line 45) | class Rcnn(nn.Cell):
method __init__ (line 64) | def __init__(self,
method construct (line 129) | def construct(self, featuremap, bbox_targets, labels, mask):
method loss (line 150) | def loss(self, cls_score, bbox_pred, bbox_targets, bbox_weights, label...
FILE: examples/model_security/model_attacks/cv/faster_rcnn/src/FasterRcnn/resnet50.py
function weight_init_ones (line 30) | def weight_init_ones(shape):
function _conv (line 35) | def _conv(in_channels, out_channels, kernel_size=3, stride=1, padding=0,...
function _BatchNorm2dInit (line 44) | def _BatchNorm2dInit(out_chls, momentum=0.1, affine=True, use_batch_stat...
class ResNetFea (line 56) | class ResNetFea(nn.Cell):
method __init__ (line 76) | def __init__(self,
method _make_layer (line 127) | def _make_layer(self, block, layer_num, in_channel, out_channel, strid...
method construct (line 147) | def construct(self, x):
class ResidualBlockUsing (line 164) | class ResidualBlockUsing(nn.Cell):
method __init__ (line 185) | def __init__(self,
method construct (line 229) | def construct(self, x):
FILE: examples/model_security/model_attacks/cv/faster_rcnn/src/FasterRcnn/roi_align.py
class ROIAlign (line 28) | class ROIAlign(nn.Cell):
method __init__ (line 38) | def __init__(self,
method construct (line 51) | def construct(self, features, rois):
method __repr__ (line 54) | def __repr__(self):
class SingleRoIExtractor (line 61) | class SingleRoIExtractor(nn.Cell):
method __init__ (line 77) | def __init__(self,
method set_train_local (line 109) | def set_train_local(self, config, training=True):
method num_inputs (line 127) | def num_inputs(self):
method init_weights (line 130) | def init_weights(self):
method log2 (line 133) | def log2(self, value):
method build_roi_layers (line 136) | def build_roi_layers(self, featmap_strides):
method _c_map_roi_levels (line 145) | def _c_map_roi_levels(self, rois):
method construct (line 170) | def construct(self, rois, feat1, feat2, feat3, feat4):
FILE: examples/model_security/model_attacks/cv/faster_rcnn/src/FasterRcnn/rpn.py
class RpnRegClsBlock (line 30) | class RpnRegClsBlock(nn.Cell):
method __init__ (line 49) | def __init__(self,
method construct (line 70) | def construct(self, x):
class RPN (line 79) | class RPN(nn.Cell):
method __init__ (line 98) | def __init__(self,
method _make_rpn_layer (line 153) | def _make_rpn_layer(self, num_layers, in_channels, feat_channels, num_...
method construct (line 200) | def construct(self, inputs, img_metas, anchor_list, gt_bboxes, gt_labe...
FILE: examples/model_security/model_attacks/cv/faster_rcnn/src/dataset.py
function bbox_overlaps (line 34) | def bbox_overlaps(bboxes1, bboxes2, mode='iou'):
class PhotoMetricDistortion (line 80) | class PhotoMetricDistortion:
method __init__ (line 83) | def __init__(self,
method __call__ (line 93) | def __call__(self, img, boxes, labels):
class Expand (line 142) | class Expand:
method __init__ (line 145) | def __init__(self, mean=(0, 0, 0), to_rgb=True, ratio_range=(1, 4)):
method __call__ (line 152) | def __call__(self, img, boxes, labels):
function rescale_column (line 168) | def rescale_column(img, img_shape, gt_bboxes, gt_label, gt_num):
function resize_column (line 184) | def resize_column(img, img_shape, gt_bboxes, gt_label, gt_num):
function resize_column_test (line 202) | def resize_column_test(img, img_shape, gt_bboxes, gt_label, gt_num):
function impad_to_multiple_column (line 220) | def impad_to_multiple_column(img, img_shape, gt_bboxes, gt_label, gt_num):
function imnormalize_column (line 227) | def imnormalize_column(img, img_shape, gt_bboxes, gt_label, gt_num):
function flip_column (line 234) | def flip_column(img, img_shape, gt_bboxes, gt_label, gt_num):
function flipped_generation (line 247) | def flipped_generation(img, img_shape, gt_bboxes, gt_label, gt_num):
function image_bgr_rgb (line 259) | def image_bgr_rgb(img, img_shape, gt_bboxes, gt_label, gt_num):
function transpose_column (line 264) | def transpose_column(img, img_shape, gt_bboxes, gt_label, gt_num):
function photo_crop_column (line 276) | def photo_crop_column(img, img_shape, gt_bboxes, gt_label, gt_num):
function expand_column (line 284) | def expand_column(img, img_shape, gt_bboxes, gt_label, gt_num):
function preprocess_fn (line 292) | def preprocess_fn(image, box, is_training):
function create_coco_label (line 344) | def create_coco_label(is_training):
function anno_parser (line 395) | def anno_parser(annos_str):
function filter_valid_data (line 404) | def filter_valid_data(image_dir, anno_path):
function data_to_mindrecord_byte_image (line 426) | def data_to_mindrecord_byte_image(dataset="coco", is_training=True, pref...
function create_fasterrcnn_dataset (line 451) | def create_fasterrcnn_dataset(mindrecord_file, batch_size=2, repeat_num=...
FILE: examples/model_security/model_attacks/cv/faster_rcnn/src/lr_schedule.py
function linear_warmup_learning_rate (line 18) | def linear_warmup_learning_rate(current_step, warmup_steps, base_lr, ini...
function a_cosine_learning_rate (line 23) | def a_cosine_learning_rate(current_step, base_lr, warmup_steps, decay_st...
function dynamic_lr (line 28) | def dynamic_lr(config, rank_size=1):
FILE: examples/model_security/model_attacks/cv/faster_rcnn/src/network_define.py
class LossCallBack (line 32) | class LossCallBack(Callback):
method __init__ (line 45) | def __init__(self, per_print_times=1, rank_id=0):
method step_end (line 64) | def step_end(self, run_context):
class LossNet (line 115) | class LossNet(nn.Cell):
method construct (line 117) | def construct(self, x1, x2, x3, x4, x5, x6):
class WithLossCell (line 120) | class WithLossCell(nn.Cell):
method __init__ (line 128) | def __init__(self, backbone, loss_fn):
method construct (line 133) | def construct(self, x, img_shape, gt_bboxe, gt_label, gt_num):
method backbone_network (line 138) | def backbone_network(self):
class TrainOneStepCell (line 148) | class TrainOneStepCell(nn.Cell):
method __init__ (line 164) | def __init__(self, network, network_backbone, optimizer, sens=1.0, red...
method construct (line 178) | def construct(self, x, img_shape, gt_bboxe, gt_label, gt_num):
FILE: examples/model_security/model_attacks/cv/faster_rcnn/src/util.py
function coco_eval (line 41) | def coco_eval(result_files, result_types, coco, max_dets=(100, 300, 1000...
function xyxy2xywh (line 108) | def xyxy2xywh(bbox):
function bbox2result_1image (line 117) | def bbox2result_1image(bboxes, labels, num_classes):
function proposal2json (line 134) | def proposal2json(dataset, results):
function det2json (line 151) | def det2json(dataset, results):
function segm2json (line 172) | def segm2json(dataset, results):
function results2json (line 206) | def results2json(dataset, results, out_file):
FILE: examples/model_security/model_attacks/cv/yolov3_darknet53/coco_attack_deepfool.py
function parse_args (line 37) | def parse_args():
function conver_testing_shape (line 56) | def conver_testing_shape(args):
class SolveOutput (line 62) | class SolveOutput(Cell):
method __init__ (line 64) | def __init__(self, network):
method construct (line 69) | def construct(self, image, input_shape):
function test (line 78) | def test():
FILE: examples/model_security/model_attacks/cv/yolov3_darknet53/src/config.py
class ConfigYOLOV3DarkNet53 (line 18) | class ConfigYOLOV3DarkNet53:
FILE: examples/model_security/model_attacks/cv/yolov3_darknet53/src/convert_weight.py
function load_weight (line 24) | def load_weight(weights_file):
function build_network (line 33) | def build_network():
function convert (line 41) | def convert(weights_file, output_file):
FILE: examples/model_security/model_attacks/cv/yolov3_darknet53/src/darknet.py
function conv_block (line 22) | def conv_block(in_channels,
class ResidualBlock (line 44) | class ResidualBlock(nn.Cell):
method __init__ (line 59) | def __init__(self,
method construct (line 69) | def construct(self, x):
class DarkNet (line 78) | class DarkNet(nn.Cell):
method __init__ (line 99) | def __init__(self,
method _make_layer (line 157) | def _make_layer(self, block, layer_num, in_channel, out_channel):
method construct (line 179) | def construct(self, x):
method get_out_channels (line 196) | def get_out_channels(self):
function darknet53 (line 200) | def darknet53():
FILE: examples/model_security/model_attacks/cv/yolov3_darknet53/src/distributed_sampler.py
class DistributedSampler (line 21) | class DistributedSampler:
method __init__ (line 23) | def __init__(self, dataset_size, num_replicas=None, rank=None, shuffle...
method __iter__ (line 38) | def __iter__(self):
method __len__ (line 59) | def __len__(self):
FILE: examples/model_security/model_attacks/cv/yolov3_darknet53/src/initializer.py
function calculate_gain (line 25) | def calculate_gain(nonlinearity, param=None):
function _assignment (line 67) | def _assignment(arr, num):
function _calculate_correct_fan (line 81) | def _calculate_correct_fan(array, mode):
function kaiming_uniform_ (line 91) | def kaiming_uniform_(arr, a=0, mode='fan_in', nonlinearity='leaky_relu'):
function _calculate_fan_in_and_fan_out (line 125) | def _calculate_fan_in_and_fan_out(arr):
class KaimingUniform (line 142) | class KaimingUniform(MeInitializer):
method __init__ (line 144) | def __init__(self, a=0, mode='fan_in', nonlinearity='leaky_relu'):
method _initialize (line 150) | def _initialize(self, arr):
function default_recurisive_init (line 155) | def default_recurisive_init(custom_cell):
function load_yolov3_params (line 181) | def load_yolov3_params(args, network):
FILE: examples/model_security/model_attacks/cv/yolov3_darknet53/src/logger.py
class LOGGER (line 22) | class LOGGER(logging.Logger):
method __init__ (line 30) | def __init__(self, logger_name, rank=0):
method setup_logging_file (line 40) | def setup_logging_file(self, log_dir, rank=0):
method info (line 53) | def info(self, msg, *args, **kwargs):
method save_args (line 57) | def save_args(self, args):
function get_logger (line 65) | def get_logger(path, rank):
FILE: examples/model_security/model_attacks/cv/yolov3_darknet53/src/loss.py
class XYLoss (line 20) | class XYLoss(nn.Cell):
method __init__ (line 22) | def __init__(self):
method construct (line 27) | def construct(self, object_mask, box_loss_scale, predict_xy, true_xy):
class WHLoss (line 33) | class WHLoss(nn.Cell):
method __init__ (line 35) | def __init__(self):
method construct (line 40) | def construct(self, object_mask, box_loss_scale, predict_wh, true_wh):
class ConfidenceLoss (line 46) | class ConfidenceLoss(nn.Cell):
method __init__ (line 48) | def __init__(self):
method construct (line 53) | def construct(self, object_mask, predict_confidence, ignore_mask):
class ClassLoss (line 60) | class ClassLoss(nn.Cell):
method __init__ (line 62) | def __init__(self):
method construct (line 67) | def construct(self, object_mask, predict_class, class_probs):
FILE: examples/model_security/model_attacks/cv/yolov3_darknet53/src/lr_scheduler.py
function linear_warmup_lr (line 24) | def linear_warmup_lr(current_step, warmup_steps, base_lr, init_lr):
function warmup_step_lr (line 31) | def warmup_step_lr(lr, lr_epochs, steps_per_epoch, warmup_epochs, max_ep...
function multi_step_lr (line 56) | def multi_step_lr(lr, milestones, steps_per_epoch, max_epoch, gamma=0.1):
function step_lr (line 60) | def step_lr(lr, epoch_size, steps_per_epoch, max_epoch, gamma=0.1):
function warmup_cosine_annealing_lr (line 68) | def warmup_cosine_annealing_lr(lr, steps_per_epoch, warmup_epochs, max_e...
function warmup_cosine_annealing_lr_V2 (line 87) | def warmup_cosine_annealing_lr_V2(lr, steps_per_epoch, warmup_epochs, ma...
function warmup_cosine_annealing_lr_sample (line 118) | def warmup_cosine_annealing_lr_sample(lr, steps_per_epoch, warmup_epochs...
function get_lr (line 149) | def get_lr(args):
FILE: examples/model_security/model_attacks/cv/yolov3_darknet53/src/transforms.py
function _rand (line 27) | def _rand(a=0., b=1.):
function bbox_iou (line 31) | def bbox_iou(bbox_a, bbox_b, offset=0):
function statistic_normalize_img (line 64) | def statistic_normalize_img(img, statistic_norm):
function get_interp_method (line 77) | def get_interp_method(interp, sizes=()):
function pil_image_reshape (line 125) | def pil_image_reshape(interp):
function _preprocess_true_boxes (line 137) | def _preprocess_true_boxes(true_boxes, anchors, in_shape, num_classes,
function _reshape_data (line 224) | def _reshape_data(image, image_size):
function color_distortion (line 242) | def color_distortion(img, hue, sat, val, device_num):
function filp_pil_image (line 264) | def filp_pil_image(img):
function convert_gray_to_color (line 268) | def convert_gray_to_color(img):
function _is_iou_satisfied_constraint (line 275) | def _is_iou_satisfied_constraint(min_iou, max_iou, box, crop_box):
function _choose_candidate_by_constraints (line 280) | def _choose_candidate_by_constraints(max_trial, input_w, input_h, image_...
function _correct_bbox_by_candidates (line 332) | def _correct_bbox_by_candidates(candidates, input_w, input_h, image_w,
function _data_aug (line 372) | def _data_aug(image, box, jitter, hue, sat, val, image_input_size, max_b...
function preprocess_fn (line 435) | def preprocess_fn(image, box, config, input_size, device_num):
function reshape_fn (line 451) | def reshape_fn(image, img_id, config):
class MultiScaleTrans (line 457) | class MultiScaleTrans:
method __init__ (line 459) | def __init__(self, config, device_num):
method generate_seed_list (line 476) | def generate_seed_list(self, init_seed=1234, seed_num=int(1e6), seed_r...
method __call__ (line 484) | def __call__(self, imgs, annos, x1, x2, x3, x4, x5, x6, batchInfo):
function thread_batch_preprocess_true_box (line 523) | def thread_batch_preprocess_true_box(annos, config, input_shape, result_...
function batch_preprocess_true_box (line 541) | def batch_preprocess_true_box(annos, config, input_shape):
function batch_preprocess_true_box_single (line 574) | def batch_preprocess_true_box_single(annos, config, input_shape):
FILE: examples/model_security/model_attacks/cv/yolov3_darknet53/src/util.py
class AverageMeter (line 23) | class AverageMeter:
method __init__ (line 26) | def __init__(self, name, fmt=':f', tb_writer=None):
method reset (line 37) | def reset(self):
method update (line 43) | def update(self, val, n=1):
method __str__ (line 52) | def __str__(self):
function load_backbone (line 57) | def load_backbone(net, ckpt_path, args):
function default_wd_filter (line 116) | def default_wd_filter(x):
function get_param_groups (line 132) | def get_param_groups(network):
class ShapeRecord (line 153) | class ShapeRecord:
method __init__ (line 155) | def __init__(self):
method set (line 170) | def set(self, shape):
method show (line 177) | def show(self, logger):
function keep_loss_fp32 (line 183) | def keep_loss_fp32(network):
FILE: examples/model_security/model_attacks/cv/yolov3_darknet53/src/yolo.py
function _conv_bn_relu (line 34) | def _conv_bn_relu(in_channel,
class YoloBlock (line 58) | class YoloBlock(nn.Cell):
method __init__ (line 74) | def __init__(self, in_channels, out_chls, out_channels):
method construct (line 89) | def construct(self, x):
class YOLOv3 (line 103) | class YOLOv3(nn.Cell):
method __init__ (line 123) | def __init__(self, backbone_shape, backbone, out_channel):
method construct (line 140) | def construct(self, x):
class DetectionBlock (line 163) | class DetectionBlock(nn.Cell):
method __init__ (line 179) | def __init__(self, scale, config=ConfigYOLOV3DarkNet53(), is_training=...
method construct (line 201) | def construct(self, x, input_shape):
class Iou (line 242) | class Iou(nn.Cell):
method __init__ (line 244) | def __init__(self):
method construct (line 249) | def construct(self, box1, box2):
class YoloLossBlock (line 276) | class YoloLossBlock(nn.Cell):
method __init__ (line 280) | def __init__(self, scale, config=ConfigYOLOV3DarkNet53()):
method construct (line 302) | def construct(self, grid, prediction, pred_xy, pred_wh, y_true, gt_box...
class YOLOV3DarkNet53 (line 353) | class YOLOV3DarkNet53(nn.Cell):
method __init__ (line 367) | def __init__(self, is_training):
method construct (line 384) | def construct(self, x, input_shape):
class YoloWithLossCell (line 393) | class YoloWithLossCell(nn.Cell):
method __init__ (line 395) | def __init__(self, network):
method construct (line 403) | def construct(self, x, y_true_0, y_true_1, y_true_2, gt_0, gt_1, gt_2,...
class TrainingWrapper (line 411) | class TrainingWrapper(nn.Cell):
method __init__ (line 413) | def __init__(self, network, optimizer, sens=1.0):
method construct (line 434) | def construct(self, *args):
FILE: examples/model_security/model_attacks/cv/yolov3_darknet53/src/yolo_dataset.py
function _has_only_empty_bbox (line 34) | def _has_only_empty_bbox(anno):
function _count_visible_keypoints (line 38) | def _count_visible_keypoints(anno):
function has_valid_annotation (line 42) | def has_valid_annotation(anno):
class COCOYoloDataset (line 61) | class COCOYoloDataset:
method __init__ (line 63) | def __init__(self, root, ann_file, remove_images_without_annotations=T...
method __getitem__ (line 90) | def __getitem__(self, index):
method __len__ (line 135) | def __len__(self):
method _convetTopDown (line 138) | def _convetTopDown(self, bbox):
function create_yolo_dataset (line 146) | def create_yolo_dataset(image_dir, anno_path, batch_size, max_epoch, dev...
FILE: examples/model_security/model_attacks/white_box/mnist_attack_cw.py
function test_carlini_wagner_attack (line 35) | def test_carlini_wagner_attack():
FILE: examples/model_security/model_attacks/white_box/mnist_attack_deepfool.py
function test_deepfool_attack (line 35) | def test_deepfool_attack():
FILE: examples/model_security/model_attacks/white_box/mnist_attack_fgsm.py
function test_fast_gradient_sign_method (line 36) | def test_fast_gradient_sign_method():
FILE: examples/model_security/model_attacks/white_box/mnist_attack_jsma.py
function test_jsma_attack (line 35) | def test_jsma_attack():
FILE: examples/model_security/model_attacks/white_box/mnist_attack_lbfgs.py
function test_lbfgs_attack (line 36) | def test_lbfgs_attack():
FILE: examples/model_security/model_attacks/white_box/mnist_attack_mdi2fgsm.py
function test_momentum_diverse_input_iterative_method (line 36) | def test_momentum_diverse_input_iterative_method():
FILE: examples/model_security/model_attacks/white_box/mnist_attack_pgd.py
function test_projected_gradient_descent_method (line 36) | def test_projected_gradient_descent_method():
FILE: examples/model_security/model_attacks/white_box/mnist_attack_vmifgsm.py
function test_variance_tuning_momentum_iterative_method (line 35) | def test_variance_tuning_momentum_iterative_method():
FILE: examples/model_security/model_defenses/mnist_defense_nad.py
function test_nad_method (line 37) | def test_nad_method():
FILE: examples/model_security/model_defenses/mnist_evaluation.py
function get_detector (line 46) | def get_detector(train_images):
class EncoderNet (line 53) | class EncoderNet(Cell):
method __init__ (line 58) | def __init__(self, encode_dim):
method construct (line 63) | def construct(self, inputs):
method get_encode_dim (line 73) | def get_encode_dim(self):
class ModelToBeAttacked (line 83) | class ModelToBeAttacked(BlackModel):
method __init__ (line 88) | def __init__(self, network, defense=False, train_images=None):
method predict (line 98) | def predict(self, inputs):
method get_detected_result (line 127) | def get_detected_result(self):
function test_defense_evaluation (line 131) | def test_defense_evaluation():
FILE: examples/model_security/model_defenses/mnist_similarity_detector.py
class ModelToBeAttacked (line 37) | class ModelToBeAttacked(BlackModel):
method __init__ (line 42) | def __init__(self, network):
method predict (line 47) | def predict(self, inputs):
method get_queries (line 63) | def get_queries(self):
class EncoderNet (line 67) | class EncoderNet(Cell):
method __init__ (line 72) | def __init__(self, encode_dim):
method construct (line 77) | def construct(self, inputs):
method get_encode_dim (line 87) | def get_encode_dim(self):
function test_similarity_detector (line 97) | def test_similarity_detector():
FILE: examples/model_security/neuron_sensitivity/mnist_neuron_sensitivity.py
function test_neuron_sensitivity (line 41) | def test_neuron_sensitivity():
FILE: examples/natural_robustness/natural_robustness_example.py
function test_perspective (line 24) | def test_perspective(image):
function test_uniform_noise (line 34) | def test_uniform_noise(image):
function test_gaussian_noise (line 42) | def test_gaussian_noise(image):
function test_contrast (line 50) | def test_contrast(image):
function test_gaussian_blur (line 58) | def test_gaussian_blur(image):
function test_salt_and_pepper_noise (line 66) | def test_salt_and_pepper_noise(image):
function test_translate (line 74) | def test_translate(image):
function test_scale (line 82) | def test_scale(image):
function test_shear (line 90) | def test_shear(image):
function test_rotate (line 98) | def test_rotate(image):
function test_curve (line 106) | def test_curve(image):
function test_natural_noise (line 114) | def test_natural_noise(image):
function test_gradient_luminance (line 122) | def test_gradient_luminance(image):
function test_motion_blur (line 137) | def test_motion_blur(image):
function test_gradient_blur (line 147) | def test_gradient_blur(image):
FILE: examples/natural_robustness/serving/client/serving_client.py
function perturb (line 28) | def perturb(perturb_config, address):
FILE: examples/natural_robustness/serving/server/perturbation/servable_config.py
function check_inputs (line 45) | def check_inputs(img, perturb_config, methods_number, outputs_number):
function perturb (line 71) | def perturb(img, perturb_config, methods_number, outputs_number):
function natural_perturbation (line 105) | def natural_perturbation(img, perturb_config, methods_number, outputs_nu...
FILE: examples/natural_robustness/serving/server/serving_server.py
function start (line 22) | def start(address):
FILE: examples/privacy/diff_privacy/lenet5_dp.py
function generate_mnist_dataset (line 44) | def generate_mnist_dataset(data_path, batch_size=32, repeat_size=1,
FILE: examples/privacy/diff_privacy/lenet5_dp_ada_gaussian.py
function generate_mnist_dataset (line 44) | def generate_mnist_dataset(data_path, batch_size=32, repeat_size=1,
FILE: examples/privacy/diff_privacy/lenet5_dp_ada_sgd_graph.py
function generate_mnist_dataset (line 44) | def generate_mnist_dataset(data_path, batch_size=32, repeat_size=1,
FILE: examples/privacy/diff_privacy/lenet5_dp_optimizer.py
function generate_mnist_dataset (line 45) | def generate_mnist_dataset(data_path, batch_size=32, repeat_size=1,
FILE: examples/privacy/inversion_attack/cifar_black_box.py
function cifar_inversion_attack (line 39) | def cifar_inversion_attack(net, inv_net, ckptpath):
FILE: examples/privacy/inversion_attack/cifar_shadow_attack.py
function cifar_inversion_attack (line 37) | def cifar_inversion_attack(net, shadow_net, ckptpath):
FILE: examples/privacy/inversion_attack/inversion_net.py
class LeNetDecoderConv1 (line 7) | class LeNetDecoderConv1(nn.Cell):
method __init__ (line 11) | def __init__(self):
method construct (line 20) | def construct(self, x):
class LeNetDecoderReLU2 (line 24) | class LeNetDecoderReLU2(nn.Cell):
method __init__ (line 28) | def __init__(self):
method construct (line 49) | def construct(self, x):
class CIFAR10CNNDecoderConv11 (line 56) | class CIFAR10CNNDecoderConv11(nn.Cell):
method __init__ (line 60) | def __init__(self):
method construct (line 70) | def construct(self, x):
class CIFAR10CNNDecoderReLU22 (line 75) | class CIFAR10CNNDecoderReLU22(nn.Cell):
method __init__ (line 79) | def __init__(self):
method construct (line 99) | def construct(self, x):
class CIFAR10CNNDecoderReLU32 (line 106) | class CIFAR10CNNDecoderReLU32(nn.Cell):
method __init__ (line 110) | def __init__(self):
method construct (line 140) | def construct(self, x):
FILE: examples/privacy/inversion_attack/mnist_inversion_attack.py
class LeNet5_part (line 36) | class LeNet5_part(nn.Cell):
method __init__ (line 40) | def __init__(self):
method construct (line 51) | def construct(self, x):
function mnist_inversion_attack (line 61) | def mnist_inversion_attack(net):
FILE: examples/privacy/inversion_attack/shadow_net.py
class LeNetAlternativeConv1 (line 8) | class LeNetAlternativeConv1(nn.Cell):
method __init__ (line 12) | def __init__(self):
method construct (line 34) | def construct(self, x):
class LeNetAlternativeConv1Arch2 (line 40) | class LeNetAlternativeConv1Arch2(nn.Cell):
method __init__ (line 44) | def __init__(self):
method construct (line 66) | def construct(self, x):
class LeNetAlternativeReLU1 (line 72) | class LeNetAlternativeReLU1(nn.Cell):
method __init__ (line 76) | def __init__(self):
method construct (line 94) | def construct(self, x):
class LeNetAlternativePool1 (line 100) | class LeNetAlternativePool1(nn.Cell):
method __init__ (line 104) | def __init__(self):
method construct (line 126) | def construct(self, x):
class LeNetAlternativeConv2 (line 132) | class LeNetAlternativeConv2(nn.Cell):
method __init__ (line 136) | def __init__(self):
method construct (line 166) | def construct(self, x):
class LeNetAlternativeReLU2 (line 172) | class LeNetAlternativeReLU2(nn.Cell):
method __init__ (line 176) | def __init__(self):
method construct (line 210) | def construct(self, x):
class LeNetAlternativePool2 (line 216) | class LeNetAlternativePool2(nn.Cell):
method __init__ (line 220) | def __init__(self):
method construct (line 258) | def construct(self, x):
class LeNetAlternativeFc1 (line 264) | class LeNetAlternativeFc1(nn.Cell):
method __init__ (line 268) | def __init__(self):
method construct (line 311) | def construct(self, x):
class LeNetAlternativeFc1Act (line 320) | class LeNetAlternativeFc1Act(nn.Cell):
method __init__ (line 324) | def __init__(self):
method construct (line 371) | def construct(self, x):
class CIFAR10CNNAlternativeConv11 (line 380) | class CIFAR10CNNAlternativeConv11(nn.Cell):
method __init__ (line 384) | def __init__(self):
method construct (line 399) | def construct(self, x):
method getlayeroutput (line 404) | def getlayeroutput(self, x, targetlayer):
class CIFAR10CNNAlternativeConv11Arch2 (line 414) | class CIFAR10CNNAlternativeConv11Arch2(nn.Cell):
method __init__ (line 418) | def __init__(self):
method construct (line 443) | def construct(self, x):
method getlayeroutput (line 448) | def getlayeroutput(self, x, targetlayer):
class CIFAR10CNNAlternativeReLU22 (line 458) | class CIFAR10CNNAlternativeReLU22(nn.Cell):
method __init__ (line 462) | def __init__(self):
method construct (line 527) | def construct(self, x):
method getlayeroutput (line 532) | def getlayeroutput(self, x, targetlayer):
class CIFAR10CNNAlternativeReLU22Arch2 (line 542) | class CIFAR10CNNAlternativeReLU22Arch2(nn.Cell):
method __init__ (line 546) | def __init__(self):
method construct (line 579) | def construct(self, x):
method getlayeroutput (line 584) | def getlayeroutput(self, x, targetlayer):
class CIFAR10CNNAlternativeReLU32 (line 594) | class CIFAR10CNNAlternativeReLU32(nn.Cell):
method __init__ (line 598) | def __init__(self):
method construct (line 691) | def construct(self, x):
method getlayeroutput (line 696) | def getlayeroutput(self, x, targetlayer):
FILE: examples/privacy/membership_inference/eval.py
class ParameterReduce (line 35) | class ParameterReduce(nn.Cell):
method __init__ (line 37) | def __init__(self):
method construct (line 42) | def construct(self, x):
function parse_args (line 49) | def parse_args(cloud_args=None):
function merge_args (line 88) | def merge_args(args, cloud_args):
function test (line 102) | def test(cloud_args=None):
FILE: examples/privacy/membership_inference/train.py
function parse_args (line 49) | def parse_args(cloud_args=None):
function merge_args (line 105) | def merge_args(args_opt, cloud_args):
FILE: examples/privacy/sup_privacy/sup_privacy.py
function generate_mnist_dataset (line 46) | def generate_mnist_dataset(data_path, batch_size=32, repeat_size=1, samp...
function mnist_suppress_train (line 87) | def mnist_suppress_train(epoch_size=10, start_epoch=3, lr=0.05, samples=...
FILE: mindarmour/__init__.py
function _mindspore_version_check (line 53) | def _mindspore_version_check():
FILE: mindarmour/adv_robustness/attacks/attack.py
class Attack (line 31) | class Attack:
method __init__ (line 36) | def __init__(self):
method batch_generate (line 39) | def batch_generate(self, inputs, labels, batch_size=64):
method generate (line 92) | def generate(self, inputs, labels):
method _reduction (line 111) | def _reduction(x_ori, q_times, label, best_position, model, targeted_a...
method _fast_reduction (line 157) | def _fast_reduction(self, x_ori, best_position, q_times, auxiliary_inp...
method _detection_scores (line 201) | def _detection_scores(inputs, gt_boxes, gt_labels, model):
FILE: mindarmour/adv_robustness/attacks/black/black_model.py
class BlackModel (line 27) | class BlackModel:
method __init__ (line 32) | def __init__(self):
method predict (line 36) | def predict(self, inputs):
method is_adversarial (line 53) | def is_adversarial(self, data, label, is_targeted):
FILE: mindarmour/adv_robustness/attacks/black/genetic_attack.py
class GeneticAttack (line 31) | class GeneticAttack(Attack):
method __init__ (line 102) | def __init__(self, model, model_type='classification', targeted=True, ...
method _mutation (line 143) | def _mutation(self, cur_pop, step_noise=0.01, prob=0.005):
method _compute_next_generation (line 167) | def _compute_next_generation(self, cur_pop, fit_vals, x_ori):
method _generate_classification (line 228) | def _generate_classification(self, inputs, labels):
method _generate_detection (line 331) | def _generate_detection(self, inputs, labels):
method generate (line 433) | def generate(self, inputs, labels):
FILE: mindarmour/adv_robustness/attacks/black/hop_skip_jump_attack.py
function _clip_image (line 31) | def _clip_image(image, clip_min, clip_max):
class HopSkipJumpAttack (line 38) | class HopSkipJumpAttack(Attack):
method __init__ (line 112) | def __init__(self, model, init_num_evals=100, max_num_evals=1000,
method _generate_one (line 151) | def _generate_one(self, sample):
method set_target_images (line 178) | def set_target_images(self, target_images):
method generate (line 187) | def generate(self, inputs, labels):
method _hsja (line 230) | def _hsja(self, sample, target_label, target_image, dim, theta):
method _decision_function (line 342) | def _decision_function(self, images, original_label, target_label):
method _compute_distance (line 362) | def _compute_distance(self, original_img, perturbation_img):
method _approximate_gradient (line 372) | def _approximate_gradient(self, sample, num_evals, original_label,
method _project (line 413) | def _project(self, original_image, perturbed_images, alphas):
method _binary_search_batch (line 427) | def _binary_search_batch(self, original_image, perturbed_images,
method _initialize (line 470) | def _initialize(self, sample, original_label, target_label):
method _geometric_progression_for_stepsize (line 505) | def _geometric_progression_for_stepsize(self, perturbed, update, dist,
method _select_delta (line 524) | def _select_delta(self, dist_post_update, current_iteration, dim, theta):
FILE: mindarmour/adv_robustness/attacks/black/natural_evolutionary_strategy.py
function _bound (line 31) | def _bound(image, epislon):
class NES (line 37) | class NES(Attack):
method __init__ (line 120) | def __init__(self, model, scene, max_queries=10000, top_k=-1, num_clas...
method generate (line 154) | def generate(self, inputs, labels):
method set_target_images (line 206) | def set_target_images(self, target_images):
method _generate_one (line 215) | def _generate_one(self, origin_image, target_label, target_image):
method _plateau_annealing (line 323) | def _plateau_annealing(self, last_loss):
method _softmax_cross_entropy_with_logit (line 332) | def _softmax_cross_entropy_with_logit(self, logit):
method _query_limit_loss (line 341) | def _query_limit_loss(self, eval_points, noise):
method _partial_info_loss (line 350) | def _partial_info_loss(self, eval_points, noise):
method _label_only_loss (line 363) | def _label_only_loss(self, origin_image, eval_points, noise):
method _preds_in_top_k (line 384) | def _preds_in_top_k(self, target_class, prop_adv_):
method _get_grad (line 394) | def _get_grad(self, origin_image, eval_points, noise):
FILE: mindarmour/adv_robustness/attacks/black/pointwise_attack.py
class PointWiseAttack (line 30) | class PointWiseAttack(Attack):
method __init__ (line 81) | def __init__(self, model, max_iter=1000, search_iter=10, is_targeted=F...
method generate (line 93) | def generate(self, inputs, labels):
method _decision_optimize (line 141) | def _decision_optimize(self, unperturbed_img, input_label, perturbed_i...
method _binary_search (line 237) | def _binary_search(self, perturbed_img, unperturbed_img, ite_ind, inpu...
method _initialize_starting_point (line 268) | def _initialize_starting_point(self, inputs, labels):
method _get_threthod (line 284) | def _get_threthod(self):
FILE: mindarmour/adv_robustness/attacks/black/pso_attack.py
class PSOAttack (line 31) | class PSOAttack(Attack):
method __init__ (line 101) | def __init__(self, model, model_type='classification', targeted=False,...
method _fitness (line 135) | def _fitness(self, confi_ori, confi_adv, x_ori, x_adv):
method _confidence_cla (line 165) | def _confidence_cla(self, inputs, labels):
method _mutation_op (line 185) | def _mutation_op(self, cur_pop):
method _check_best_fitness (line 203) | def _check_best_fitness(self, best_fitness, iters):
method _update_best_fit_position (line 211) | def _update_best_fit_position(self, fit_value, par_best_fit, par_best_...
method _generate_classification (line 221) | def _generate_classification(self, inputs, labels):
method _generate_detection (line 359) | def _generate_detection(self, inputs, labels):
method generate (line 486) | def generate(self, inputs, labels):
FILE: mindarmour/adv_robustness/attacks/black/salt_and_pepper_attack.py
class SaltAndPepperNoiseAttack (line 30) | class SaltAndPepperNoiseAttack(Attack):
method __init__ (line 75) | def __init__(self, model, bounds=(0.0, 1.0), max_iter=100, is_targeted...
method generate (line 85) | def generate(self, inputs, labels):
method _generate_one (line 120) | def _generate_one(self, one_input, label, epsilons=10):
FILE: mindarmour/adv_robustness/attacks/carlini_wagner.py
function _best_logits_of_other_class (line 33) | def _best_logits_of_other_class(logits, target_class, value=1):
class CarliniWagnerL2Attack (line 59) | class CarliniWagnerL2Attack(Attack):
method __init__ (line 117) | def __init__(self, network, num_classes, box_min=0.0, box_max=1.0,
method _loss_function (line 142) | def _loss_function(self, logits, new_x, org_x, org_or_target_class,
method _to_attack_space (line 210) | def _to_attack_space(self, inputs):
method _to_model_space (line 232) | def _to_model_space(self, inputs):
method _check_success (line 257) | def _check_success(self, logits, labels):
method generate (line 265) | def generate(self, inputs, labels):
method _update_bounds (line 354) | def _update_bounds(self, samples_num, adv_flag, const, upper_bound, lo...
class _AdamOptimizer (line 371) | class _AdamOptimizer:
method __init__ (line 382) | def __init__(self, shape):
method __call__ (line 387) | def __call__(self, gradient, learning_rate=0.001,
FILE: mindarmour/adv_robustness/attacks/deep_fool.py
class _GetLogits (line 34) | class _GetLogits(Cell):
method __init__ (line 35) | def __init__(self, network):
method construct (line 39) | def construct(self, *inputs):
function _deepfool_detection_scores (line 44) | def _deepfool_detection_scores(inputs, gt_boxes, gt_labels, network):
function _is_success (line 88) | def _is_success(inputs, gt_boxes, gt_labels, network, gt_object_nums, re...
class DeepFool (line 93) | class DeepFool(Attack):
method __init__ (line 142) | def __init__(self, network, num_classes, model_type='classification',
method generate (line 168) | def generate(self, inputs, labels):
method _update_image (line 193) | def _update_image(self, x_origin, r_tot):
method _generate_detection (line 203) | def _generate_detection(self, inputs, labels):
method _generate_classification (line 265) | def _generate_classification(self, inputs, labels):
method _normalize_r_i (line 323) | def _normalize_r_i(self, diff_w, weight):
FILE: mindarmour/adv_robustness/attacks/gradient_method.py
class GradientMethod (line 34) | class GradientMethod(Attack):
method __init__ (line 50) | def __init__(self, network, eps=0.07, alpha=None, bounds=None,
method generate (line 73) | def generate(self, inputs, labels):
method _gradient (line 107) | def _gradient(self, inputs, labels):
class FastGradientMethod (line 126) | class FastGradientMethod(GradientMethod):
method __init__ (line 167) | def __init__(self, network, eps=0.07, alpha=None, bounds=(0.0, 1.0),
method _gradient (line 178) | def _gradient(self, inputs, labels):
class RandomFastGradientMethod (line 202) | class RandomFastGradientMethod(FastGradientMethod):
method __init__ (line 247) | def __init__(self, network, eps=0.07, alpha=0.035, bounds=(0.0, 1.0),
class FastGradientSignMethod (line 260) | class FastGradientSignMethod(GradientMethod):
method __init__ (line 299) | def __init__(self, network, eps=0.07, alpha=None, bounds=(0.0, 1.0),
method _gradient (line 308) | def _gradient(self, inputs, labels):
class RandomFastGradientSignMethod (line 333) | class RandomFastGradientSignMethod(FastGradientSignMethod):
method __init__ (line 376) | def __init__(self, network, eps=0.07, alpha=0.035, bounds=(0.0, 1.0),
class LeastLikelyClassMethod (line 388) | class LeastLikelyClassMethod(FastGradientSignMethod):
method __init__ (line 424) | def __init__(self, network, eps=0.07, alpha=None, bounds=(0.0, 1.0),
class RandomLeastLikelyClassMethod (line 434) | class RandomLeastLikelyClassMethod(FastGradientSignMethod):
method __init__ (line 475) | def __init__(self, network, eps=0.07, alpha=0.035, bounds=(0.0, 1.0),
FILE: mindarmour/adv_robustness/attacks/iterative_gradient_method.py
function _reshape_l1_projection (line 38) | def _reshape_l1_projection(values, eps=3):
function _projection (line 75) | def _projection(values, eps, clip_diff, norm_level):
class IterativeGradientMethod (line 108) | class IterativeGradientMethod(Attack):
method __init__ (line 124) | def __init__(self, network, eps=0.3, eps_iter=0.1, bounds=(0.0, 1.0), ...
method generate (line 142) | def generate(self, inputs, labels):
class BasicIterativeMethod (line 162) | class BasicIterativeMethod(IterativeGradientMethod):
method __init__ (line 202) | def __init__(self, network, eps=0.3, eps_iter=0.1, bounds=(0.0, 1.0),
method generate (line 217) | def generate(self, inputs, labels):
class MomentumIterativeMethod (line 261) | class MomentumIterativeMethod(IterativeGradientMethod):
method __init__ (line 307) | def __init__(self, network, eps=0.3, eps_iter=0.1, bounds=(0.0, 1.0),
method generate (line 320) | def generate(self, inputs, labels):
method _gradient (line 375) | def _gradient(self, inputs, labels):
class ProjectedGradientDescent (line 404) | class ProjectedGradientDescent(BasicIterativeMethod):
method __init__ (line 450) | def __init__(self, network, eps=0.3, eps_iter=0.1, bounds=(0.0, 1.0),
method generate (line 461) | def generate(self, inputs, labels):
class AutoProjectedGradientDescent (line 502) | class AutoProjectedGradientDescent(BasicIterativeMethod):
method __init__ (line 554) | def __init__(self, network, eps=8 / 255, eps_iter=0.1, bounds=(0.0, 1....
method generate (line 567) | def generate(self, inputs, labels):
method _optimize_attack (line 633) | def _optimize_attack(self, x_adv, x_best, x_best_adv, x_adv_old, momen...
method _check_oscillation (line 701) | def _check_oscillation(self, x, j, k, k3=0.75):
class DiverseInputIterativeMethod (line 713) | class DiverseInputIterativeMethod(BasicIterativeMethod):
method __init__ (line 752) | def __init__(self, network, eps=0.3, bounds=(0.0, 1.0),
class MomentumDiverseInputIterativeMethod (line 767) | class MomentumDiverseInputIterativeMethod(MomentumIterativeMethod):
method __init__ (line 809) | def __init__(self, network, eps=0.3, bounds=(0.0, 1.0),
function _transform_inputs (line 824) | def _transform_inputs(inputs, prob, low=29, high=33, full_aug=False):
class VarianceTuningMomentumIterativeMethod (line 866) | class VarianceTuningMomentumIterativeMethod(MomentumIterativeMethod):
method __init__ (line 912) | def __init__(self, network, eps=0.3, eps_iter=0.1, bounds=(0.0, 1.0),
method generate (line 927) | def generate(self, inputs, labels):
class VarianceTuningNesterovIterativeMethod (line 972) | class VarianceTuningNesterovIterativeMethod(MomentumIterativeMethod):
method __init__ (line 1023) | def __init__(self, network, eps=8/255, eps_iter=2/255, bounds=(0.0, 1.0),
method generate (line 1038) | def generate(self, inputs, labels):
FILE: mindarmour/adv_robustness/attacks/jsma.py
class JSMAAttack (line 33) | class JSMAAttack(Attack):
method __init__ (line 76) | def __init__(self, network, num_classes, box_min=0.0, box_max=1.0,
method _saliency_map (line 94) | def _saliency_map(self, data, bit_map, target):
method _generate_one (line 136) | def _generate_one(self, data, target):
method generate (line 187) | def generate(self, inputs, labels):
FILE: mindarmour/adv_robustness/attacks/lbfgs.py
class LBFGS (line 35) | class LBFGS(Attack):
method __init__ (line 80) | def __init__(self, network, eps=1e-5, bounds=(0.0, 1.0), is_targeted=T...
method generate (line 105) | def generate(self, inputs, labels):
method _forward_one (line 126) | def _forward_one(self, cur_input):
method _gradient (line 132) | def _gradient(self, cur_input, labels, shape):
method _loss (line 144) | def _loss(self, cur_input, start_input, cur_eps, shape, labels):
method _lbfgsb (line 169) | def _lbfgsb(self, start_input, cur_eps, shape, labels, bounds):
method _optimize (line 210) | def _optimize(self, start_input, labels, epsilon):
FILE: mindarmour/adv_robustness/defenses/adversarial_defense.py
class AdversarialDefense (line 29) | class AdversarialDefense(Defense):
method __init__ (line 67) | def __init__(self, network, loss_fn=None, optimizer=None):
method defense (line 83) | def defense(self, inputs, labels):
class AdversarialDefenseWithAttacks (line 100) | class AdversarialDefenseWithAttacks(AdversarialDefense):
method __init__ (line 152) | def __init__(self, network, attacks, loss_fn=None, optimizer=None,
method defense (line 167) | def defense(self, inputs, labels):
class EnsembleAdversarialDefense (line 199) | class EnsembleAdversarialDefense(AdversarialDefenseWithAttacks):
method __init__ (line 251) | def __init__(self, network, attacks, loss_fn=None, optimizer=None,
FILE: mindarmour/adv_robustness/defenses/defense.py
class Defense (line 27) | class Defense:
method __init__ (line 36) | def __init__(self, network):
method defense (line 40) | def defense(self, inputs, labels):
method batch_defense (line 57) | def batch_defense(self, inputs, labels, batch_size=32, epochs=5):
FILE: mindarmour/adv_robustness/defenses/natural_adversarial_defense.py
class NaturalAdversarialDefense (line 21) | class NaturalAdversarialDefense(AdversarialDefenseWithAttacks):
method __init__ (line 66) | def __init__(self, network, loss_fn=None, optimizer=None,
FILE: mindarmour/adv_robustness/defenses/projected_adversarial_defense.py
class ProjectedAdversarialDefense (line 21) | class ProjectedAdversarialDefense(AdversarialDefenseWithAttacks):
method __init__ (line 72) | def __init__(self,
FILE: mindarmour/adv_robustness/detectors/black/similarity_detector.py
function _pairwise_distances (line 33) | def _pairwise_distances(x_input, y_input):
class SimilarityDetector (line 53) | class SimilarityDetector(Detector):
method __init__ (line 104) | def __init__(self, trans_model, max_k_neighbor=1000, chunk_size=1000,
method fit (line 123) | def fit(self, inputs, labels=None):
method detect (line 179) | def detect(self, inputs):
method _process_query (line 202) | def _process_query(self, query):
method clear_buffer (line 233) | def clear_buffer(self):
method set_threshold (line 240) | def set_threshold(self, num_of_neighbors, threshold):
method get_detection_interval (line 252) | def get_detection_interval(self):
method get_detected_queries (line 265) | def get_detected_queries(self):
method detect_diff (line 275) | def detect_diff(self, inputs):
method transform (line 293) | def transform(self, inputs):
FILE: mindarmour/adv_robustness/detectors/detector.py
class Detector (line 25) | class Detector:
method __init__ (line 29) | def __init__(self):
method fit (line 34) | def fit(self, inputs, labels=None):
method detect (line 53) | def detect(self, inputs):
method detect_diff (line 70) | def detect_diff(self, inputs):
method transform (line 88) | def transform(self, inputs):
FILE: mindarmour/adv_robustness/detectors/ensemble_detector.py
class EnsembleDetector (line 28) | class EnsembleDetector(Detector):
method __init__ (line 69) | def __init__(self, detectors, policy="vote"):
method fit (line 76) | def fit(self, inputs, labels=None):
method detect (line 93) | def detect(self, inputs):
method detect_diff (line 129) | def detect_diff(self, inputs):
method transform (line 145) | def transform(self, inputs):
FILE: mindarmour/adv_robustness/detectors/mag_net.py
class ErrorBasedDetector (line 34) | class ErrorBasedDetector(Detector):
method __init__ (line 69) | def __init__(self, auto_encoder, false_positive_rate=0.01,
method fit (line 81) | def fit(self, inputs, labels=None):
method detect (line 101) | def detect(self, inputs):
method detect_diff (line 120) | def detect_diff(self, inputs):
method transform (line 137) | def transform(self, inputs):
method set_threshold (line 154) | def set_threshold(self, threshold):
class DivergenceBasedDetector (line 164) | class DivergenceBasedDetector(ErrorBasedDetector):
method __init__ (line 214) | def __init__(self, auto_encoder, model, option="jsd",
method detect_diff (line 227) | def detect_diff(self, inputs):
function _jsd (line 260) | def _jsd(prob_dist_p, prob_dist_q):
FILE: mindarmour/adv_robustness/detectors/region_based_detector.py
class RegionBasedDetector (line 35) | class RegionBasedDetector(Detector):
method __init__ (line 79) | def __init__(self, model, number_points=10, initial_radius=0.0,
method set_radius (line 94) | def set_radius(self, radius):
method fit (line 105) | def fit(self, inputs, labels=None):
method _generate_hyper_cube (line 151) | def _generate_hyper_cube(self, inputs, radius):
method _rc_forward (line 169) | def _rc_forward(self, inputs, radius):
method detect (line 197) | def detect(self, inputs):
method detect_diff (line 225) | def detect_diff(self, inputs):
method transform (line 243) | def transform(self, inputs):
FILE: mindarmour/adv_robustness/detectors/spatial_smoothing.py
function _median_filter_np (line 33) | def _median_filter_np(inputs, size=2):
class SpatialSmoothing (line 38) | class SpatialSmoothing(Detector):
method __init__ (line 77) | def __init__(self, model, ksize=3, is_local_smooth=True,
method fit (line 91) | def fit(self, inputs, labels=None):
method detect (line 115) | def detect(self, inputs):
method detect_diff (line 138) | def detect_diff(self, inputs):
method transform (line 155) | def transform(self, inputs):
method set_threshold (line 159) | def set_threshold(self, threshold):
method _dist (line 168) | def _dist(self, before, after):
FILE: mindarmour/adv_robustness/evaluations/attack_evaluation.py
class AttackEvaluate (line 29) | class AttackEvaluate:
method __init__ (line 69) | def __init__(self, inputs, labels, adv_inputs, adv_preds,
method mis_classification_rate (line 101) | def mis_classification_rate(self):
method avg_conf_adv_class (line 110) | def avg_conf_adv_class(self):
method avg_conf_true_class (line 125) | def avg_conf_true_class(self):
method avg_lp_distance (line 138) | def avg_lp_distance(self):
method avg_ssim (line 167) | def avg_ssim(self):
method nte (line 189) | def nte(self):
FILE: mindarmour/adv_robustness/evaluations/black/defense_evaluation.py
class BlackDefenseEvaluate (line 27) | class BlackDefenseEvaluate:
method __init__ (line 89) | def __init__(self, raw_preds, def_preds, raw_query_counts, def_query_c...
method qcv (line 128) | def qcv(self):
method asv (line 152) | def asv(self):
method fpr (line 172) | def fpr(self):
method qrv (line 188) | def qrv(self):
FILE: mindarmour/adv_robustness/evaluations/defense_evaluation.py
class DefenseEvaluate (line 29) | class DefenseEvaluate:
method __init__ (line 59) | def __init__(self, raw_preds, def_preds, true_labels):
method cav (line 67) | def cav(self):
method crr (line 81) | def crr(self):
method csr (line 94) | def csr(self):
method ccv (line 107) | def ccv(self):
method cos (line 130) | def cos(self):
FILE: mindarmour/adv_robustness/evaluations/neuron_metrics.py
class NeuronMetric (line 29) | class NeuronMetric:
method __init__ (line 55) | def __init__(self, model, inputs, adv_inputs, hook_names):
method neuron_sensitivity (line 85) | def neuron_sensitivity(self):
FILE: mindarmour/adv_robustness/evaluations/visual_metrics.py
class RadarMetric (line 31) | class RadarMetric:
method __init__ (line 63) | def __init__(self, metrics_name, metrics_data, labels, title, scale='h...
method show (line 93) | def show(self):
FILE: mindarmour/fuzz_testing/fuzzing.py
function _select_next (line 39) | def _select_next(initial_seeds):
function _coverage_gains (line 47) | def _coverage_gains(pre_coverage, coverages):
function _is_trans_valid (line 65) | def _is_trans_valid(seed, mutate_sample):
function _gain_threshold (line 89) | def _gain_threshold(coverage):
class Fuzzer (line 98) | class Fuzzer:
method __init__ (line 181) | def __init__(self, target_model):
method fuzzing (line 221) | def fuzzing(self, mutate_config, initial_seeds, coverage, evaluate=Tru...
method _get_coverages_and_predict (line 340) | def _get_coverages_and_predict(self, mutate_samples, coverage):
method _metamorphic_mutate (line 352) | def _metamorphic_mutate(self, seed, mutates, mutate_config, mutate_num...
method _check_mutate_config (line 392) | def _check_mutate_config(self, mutate_config):
method _check_attack_params (line 431) | def _check_attack_params(self, method, params):
method _init_mutates (line 459) | def _init_mutates(self, mutate_config):
method _evaluate (line 477) | def _evaluate(self, fuzz_samples, true_labels, fuzz_preds, fuzz_strate...
class SensitivityMaximizingFuzzer (line 515) | class SensitivityMaximizingFuzzer(Fuzzer):
method __init__ (line 599) | def __init__(self, target_model):
method fuzzing (line 603) | def fuzzing(self, mutate_config, initial_seeds,
method _get_coverages_and_predict (line 754) | def _get_coverages_and_predict(self, mutate_samples, coverage):
method _evaluate (line 764) | def _evaluate(self, fuzz_samples, true_labels, fuzz_preds, fuzz_strate...
FILE: mindarmour/fuzz_testing/model_coverage_metrics.py
class CoverageMetrics (line 35) | class CoverageMetrics:
method __init__ (line 54) | def __init__(self, model, incremental=False, batch_size=32):
method get_metrics (line 61) | def get_metrics(self, dataset):
method _init_neuron_activate_table (line 76) | def _init_neuron_activate_table(self, data):
method _get_bounds (line 100) | def _get_bounds(self, train_dataset):
method _activate_rate (line 135) | def _activate_rate(self):
class NeuronCoverage (line 149) | class NeuronCoverage(CoverageMetrics):
method __init__ (line 161) | def __init__(self, model, threshold=0.1, incremental=False, batch_size...
method get_metrics (line 167) | def get_metrics(self, dataset):
class TopKNeuronCoverage (line 241) | class TopKNeuronCoverage(CoverageMetrics):
method __init__ (line 254) | def __init__(self, model, top_k=3, incremental=False, batch_size=32):
method get_metrics (line 258) | def get_metrics(self, dataset):
class SuperNeuronActivateCoverage (line 334) | class SuperNeuronActivateCoverage(CoverageMetrics):
method __init__ (line 346) | def __init__(self, model, train_dataset, incremental=False, batch_size...
method get_metrics (line 351) | def get_metrics(self, dataset):
class NeuronBoundsCoverage (line 427) | class NeuronBoundsCoverage(SuperNeuronActivateCoverage):
method __init__ (line 441) | def __init__(self, model, train_dataset, incremental=False, batch_size...
method get_metrics (line 444) | def get_metrics(self, dataset):
class KMultisectionNeuronCoverage (line 521) | class KMultisectionNeuronCoverage(SuperNeuronActivateCoverage):
method __init__ (line 534) | def __init__(self, model, train_dataset, segmented_num=100, incrementa...
method _init_k_multisection_table (line 542) | def _init_k_multisection_table(self, data):
method get_metrics (line 552) | def get_metrics(self, dataset):
FILE: mindarmour/fuzz_testing/sensitivity_convergence_coverage.py
class SensitivityConvergenceCoverage (line 32) | class SensitivityConvergenceCoverage(CoverageMetrics):
method __init__ (line 48) | def __init__(self, model, threshold=0.5, incremental=False, batch_size...
method get_metrics (line 58) | def get_metrics(self, dataset):
method _get_sensitive_neruon_idx (line 141) | def _get_sensitive_neruon_idx(self, dataset):
method _scc (line 159) | def _scc(self, sensitivity_list, size, threshold=0):
method _proposal (line 182) | def _proposal(self, x, stepsize):
method _p_acc_mh (line 195) | def _p_acc_mh(self, x_new, x_old, log_prob):
method _log_prob (line 207) | def _log_prob(self, x):
method _sample_mh (line 217) | def _sample_mh(self, x_old, log_prob, stepsize):
method _build_mh_chain (line 238) | def _build_mh_chain(self, init, stepsize, n_total, log_prob):
FILE: mindarmour/model_protection/obfuscation.py
function _check_dir_path (line 45) | def _check_dir_path(name, dir_path):
function _check_ops_info (line 54) | def _check_ops_info(ops_info):
function _check_new_input_info (line 71) | def _check_new_input_info(insert_new_input):
function _check_obf_metadata_config (line 83) | def _check_obf_metadata_config(config):
function _check_weight_obf_config (line 105) | def _check_weight_obf_config(config):
function _check_network_obf_config (line 117) | def _check_network_obf_config(config):
function _check_valid_obf_config (line 133) | def _check_valid_obf_config(obf_config, config_type):
function _check_valid_obf_config (line 164) | def _check_valid_obf_config(obf_config):
class ModelObfuscator (line 192) | class ModelObfuscator:
method __init__ (line 213) | def __init__(self, obf_config, obfuscate_scale):
method _gen_obfuscate_tensor (line 220) | def _gen_obfuscate_tensor(self, tensor_shape, tensor_type='rearrange'):
method _get_real_name (line 233) | def _get_real_name(self, src_name, tag, substitute):
method _gen_obf_metadata (line 241) | def _gen_obf_metadata(self, obf_metadata_config):
method set_metadata (line 268) | def set_metadata(self, new_metadata):
method set_save_metadata_mapping (line 274) | def set_save_metadata_mapping(self, new_mapping):
method _obfuscate_params (line 277) | def _obfuscate_params(self, params, obf_metadata, obf_config, not_obfu...
method _obfuscate_safetensor_files (line 374) | def _obfuscate_safetensor_files(self, src_path, saved_path='./'):
method obfuscate_weight_files (line 395) | def obfuscate_weight_files(self, src_path, saved_path='./', file_forma...
method _obfuscate_single_file (line 420) | def _obfuscate_single_file(self, src_file, obf_metadata, obf_config, s...
FILE: mindarmour/natural_robustness/transform/image/blur.py
class GaussianBlur (line 29) | class GaussianBlur(_NaturalPerturb):
method __init__ (line 47) | def __init__(self, ksize=2, auto_param=False):
method __call__ (line 56) | def __call__(self, image):
class MotionBlur (line 73) | class MotionBlur(_NaturalPerturb):
method __init__ (line 95) | def __init__(self, degree=5, angle=45, auto_param=False):
method __call__ (line 106) | def __call__(self, image):
class GradientBlur (line 130) | class GradientBlur(_NaturalPerturb):
method __init__ (line 153) | def __init__(self, point, kernel_num=3, center=True, auto_param=False):
method _auto_param (line 161) | def _auto_param(self, h, w):
method __call__ (line 166) | def __call__(self, image):
FILE: mindarmour/natural_robustness/transform/image/corruption.py
class UniformNoise (line 29) | class UniformNoise(_NaturalPerturb):
method __init__ (line 48) | def __init__(self, factor=0.1, auto_param=False):
method __call__ (line 55) | def __call__(self, image):
class GaussianNoise (line 76) | class GaussianNoise(_NaturalPerturb):
method __init__ (line 95) | def __init__(self, factor=0.1, auto_param=False):
method __call__ (line 102) | def __call__(self, image):
class SaltAndPepperNoise (line 122) | class SaltAndPepperNoise(_NaturalPerturb):
method __init__ (line 141) | def __init__(self, factor=0, auto_param=False):
method __call__ (line 148) | def __call__(self, image):
class NaturalNoise (line 170) | class NaturalNoise(_NaturalPerturb):
method __init__ (line 193) | def __init__(self, ratio=0.0002, k_x_range=(1, 5), k_y_range=(3, 25), ...
method __call__ (line 202) | def __call__(self, image):
FILE: mindarmour/natural_robustness/transform/image/luminance.py
class Contrast (line 30) | class Contrast(_NaturalPerturb):
method __init__ (line 51) | def __init__(self, alpha=1, beta=0, auto_param=False):
method __call__ (line 60) | def __call__(self, image):
function _circle_gradient_mask (line 77) | def _circle_gradient_mask(img_src, color_start, color_end, scope=0.5, po...
function _line_gradient_mask (line 135) | def _line_gradient_mask(image, start_pos=None, start_color=(0, 0, 0), en...
class GradientLuminance (line 202) | class GradientLuminance(_NaturalPerturb):
method __init__ (line 234) | def __init__(self, color_start=(0, 0, 0), color_end=(255, 255, 255), s...
method _set_auto_param (line 258) | def _set_auto_param(self, w, h):
method __call__ (line 267) | def __call__(self, image):
FILE: mindarmour/natural_robustness/transform/image/natural_perturb.py
function _chw_to_hwc (line 26) | def _chw_to_hwc(img):
function _is_hwc (line 41) | def _is_hwc(img):
function _is_chw (line 59) | def _is_chw(img):
function _is_rgb (line 77) | def _is_rgb(img):
function _is_normalized (line 95) | def _is_normalized(img):
class _NaturalPerturb (line 114) | class _NaturalPerturb:
method __init__ (line 119) | def __init__(self):
method _check (line 122) | def _check(self, image):
method _original_format (line 144) | def _original_format(self, image, chw, normalized, gray3dim):
method __call__ (line 156) | def __call__(self, image):
FILE: mindarmour/natural_robustness/transform/image/transformation.py
class Translate (line 29) | class Translate(_NaturalPerturb):
method __init__ (line 51) | def __init__(self, x_bias=0, y_bias=0, auto_param=False):
method __call__ (line 59) | def __call__(self, image):
class Scale (line 78) | class Scale(_NaturalPerturb):
method __init__ (line 100) | def __init__(self, factor_x=1, factor_y=1, auto_param=False):
method __call__ (line 109) | def __call__(self, image):
class Shear (line 128) | class Shear(_NaturalPerturb):
method __init__ (line 151) | def __init__(self, factor=0.2, direction='horizontal', auto_param=False):
method __call__ (line 163) | def __call__(self, image):
class Rotate (line 190) | class Rotate(_NaturalPerturb):
method __init__ (line 209) | def __init__(self, angle=20, auto_param=False):
method __call__ (line 216) | def __call__(self, image):
class Perspective (line 246) | class Perspective(_NaturalPerturb):
method __init__ (line 266) | def __init__(self, ori_pos, dst_pos, auto_param=False):
method _set_auto_param (line 274) | def _set_auto_param(self, w, h):
method __call__ (line 283) | def __call__(self, image):
class Curve (line 304) | class Curve(_NaturalPerturb):
method __init__ (line 326) | def __init__(self, curves=3, depth=10, mode='vertical', auto_param=Fal...
method _set_auto_params (line 338) | def _set_auto_params(self, height, width):
method __call__ (line 347) | def __call__(self, image):
FILE: mindarmour/privacy/diff_privacy/mechanisms/mechanisms.py
class ClipMechanismsFactory (line 36) | class ClipMechanismsFactory:
method __init__ (line 46) | def __init__(self):
method create (line 50) | def create(mech_name, decay_policy='Linear', learning_rate=0.001,
class NoiseMechanismsFactory (line 98) | class NoiseMechanismsFactory:
method __init__ (line 106) | def __init__(self):
method create (line 110) | def create(mech_name, norm_bound=1.0, initial_noise_multiplier=1.0, se...
class _Mechanisms (line 158) | class _Mechanisms(Cell):
method construct (line 164) | def construct(self, gradients):
class NoiseGaussianRandom (line 170) | class NoiseGaussianRandom(_Mechanisms):
method __init__ (line 199) | def __init__(self, norm_bound=1.0, initial_noise_multiplier=1.0, seed=...
method construct (line 215) | def construct(self, gradients):
class NoiseAdaGaussianRandom (line 231) | class NoiseAdaGaussianRandom(NoiseGaussianRandom):
method __init__ (line 265) | def __init__(self, norm_bound=1.0, initial_noise_multiplier=1.0, seed=...
method construct (line 279) | def construct(self, gradients):
class _MechanismsParamsUpdater (line 295) | class _MechanismsParamsUpdater(Cell):
method __init__ (line 312) | def __init__(self, decay_policy, decay_rate, cur_noise_multiplier, ini...
method construct (line 327) | def construct(self):
class AdaClippingWithGaussianRandom (line 349) | class AdaClippingWithGaussianRandom(Cell):
method __init__ (line 391) | def __init__(self, decay_policy='Linear', learning_rate=0.001,
method construct (line 419) | def construct(self, empirical_fraction, norm_bound):
FILE: mindarmour/privacy/diff_privacy/monitor/monitor.py
class PrivacyMonitorFactory (line 28) | class PrivacyMonitorFactory:
method __init__ (line 35) | def __init__(self):
method create (line 39) | def create(policy, *args, **kwargs):
class RDPMonitor (line 70) | class RDPMonitor(Callback):
method __init__ (line 126) | def __init__(self, num_samples, batch_size, initial_noise_multiplier=1.5,
method max_epoch_suggest (line 193) | def max_epoch_suggest(self):
method step_end (line 228) | def step_end(self, run_context):
method _compute_privacy_steps (line 258) | def _compute_privacy_steps(self, steps):
method _compute_rdp (line 296) | def _compute_rdp(self, sample_rate, noise_stddev):
method _compute_privacy_budget (line 312) | def _compute_privacy_budget(self, rdp):
method _compute_delta (line 328) | def _compute_delta(self, rdp):
method _compute_eps (line 344) | def _compute_eps(self, rdp):
class ZCDPMonitor (line 360) | class ZCDPMonitor(Callback):
method __init__ (line 409) | def __init__(self, num_samples, batch_size, initial_noise_multiplier=1.5,
method max_epoch_suggest (line 445) | def max_epoch_suggest(self):
method step_end (line 467) | def step_end(self, run_context):
method _compute_privacy_steps (line 492) | def _compute_privacy_steps(self, steps):
method _compute_zcdp (line 524) | def _compute_zcdp(self, noise_stddev):
method _compute_eps (line 537) | def _compute_eps(self, zcdp):
function _compute_rdp_with_order (line 552) | def _compute_rdp_with_order(sample_rate, noise_stddev, order):
function _log_add (line 603) | def _log_add(x, y):
function _log_subtract (line 614) | def _log_subtract(x, y):
FILE: mindarmour/privacy/diff_privacy/optimizer/optimizer.py
function tensor_grad_scale (line 37) | def tensor_grad_scale(scale, grad):
class _TupleAdd (line 42) | class _TupleAdd(nn.Cell):
method __init__ (line 43) | def __init__(self):
method construct (line 48) | def construct(self, input1, input2):
class DPOptimizerClassFactory (line 54) | class DPOptimizerClassFactory:
method __init__ (line 82) | def __init__(self, micro_batches=2):
method set_mechanisms (line 87) | def set_mechanisms(self, policy, *args, **kwargs):
method create (line 97) | def create(self, policy):
method _get_dp_optimizer_class (line 122) | def _get_dp_optimizer_class(self, opt_class):
FILE: mindarmour/privacy/diff_privacy/train/model.py
function tensor_grad_scale (line 61) | def tensor_grad_scale(scale, grad):
class DPModel (line 66) | class DPModel(Model):
method __init__ (line 95) | def __init__(self, micro_batches=2, norm_bound=1.0, noise_mech=None,
method _amp_build_train_network (line 147) | def _amp_build_train_network(self, network, optimizer, loss_fn=None,
method _build_train_network (line 227) | def _build_train_network(self):
class _ClipGradients (line 271) | class _ClipGradients(nn.Cell):
method __init__ (line 285) | def __init__(self):
method construct (line 292) | def construct(self, grads, clip_norm, cur_norm=None):
class _TupleAdd (line 313) | class _TupleAdd(nn.Cell):
method __init__ (line 314) | def __init__(self):
method construct (line 319) | def construct(self, input1, input2):
class _TrainOneStepWithLossScaleCell (line 325) | class _TrainOneStepWithLossScaleCell(Cell):
method __init__ (line 364) | def __init__(self, network, optimizer, scale_update_cell=None,
method construct (line 436) | def construct(self, data, label, sens=None):
class _TrainOneStepCell (line 550) | class _TrainOneStepCell(Cell):
method __init__ (line 581) | def __init__(self, network, optimizer, norm_bound=1.0, sens=1.0,
method construct (line 639) | def construct(self, data, label):
FILE: mindarmour/privacy/evaluation/_check_config.py
function _is_positive_int (line 28) | def _is_positive_int(item):
function _is_non_negative_int (line 35) | def _is_non_negative_int(item):
function _is_positive_float (line 42) | def _is_positive_float(item):
function _is_non_negative_float (line 49) | def _is_non_negative_float(item):
function _is_range_0_1_float (line 56) | def _is_range_0_1_float(item):
function _is_positive_int_tuple (line 62) | def _is_positive_int_tuple(item):
function _is_dict (line 72) | def _is_dict(item):
function _is_list (line 77) | def _is_list(item):
function _is_str (line 82) | def _is_str(item):
function _check_config (line 156) | def _check_config(attack_config, config_checklist):
function verify_config_params (line 207) | def verify_config_params(attack_config):
FILE: mindarmour/privacy/evaluation/attacker.py
function _attack_knn (line 34) | def _attack_knn(features, labels, param_grid, n_jobs):
function _attack_lr (line 56) | def _attack_lr(features, labels, param_grid, n_jobs):
function _attack_mlpc (line 78) | def _attack_mlpc(features, labels, param_grid, n_jobs):
function _attack_rf (line 100) | def _attack_rf(features, labels, random_grid, n_jobs):
function _get_attack_model (line 123) | def _get_attack_model(features, labels, config, n_jobs=-1):
FILE: mindarmour/privacy/evaluation/inversion_attack.py
class InversionLoss (line 36) | class InversionLoss(Cell):
method __init__ (line 45) | def __init__(self, network, weights):
method construct (line 54) | def construct(self, input_data, target_features):
class ImageInversionAttack (line 94) | class ImageInversionAttack:
method __init__ (line 139) | def __init__(self, network, input_shape, input_bound, loss_weights=(1,...
method generate (line 155) | def generate(self, target_features, iters=100):
method evaluate (line 200) | def evaluate(self, original_images, inversion_images, labels=None, new...
FILE: mindarmour/privacy/evaluation/membership_inference.py
function _eval_info (line 35) | def _eval_info(pred, truth, option):
function _softmax_cross_entropy (line 74) | def _softmax_cross_entropy(logits, labels, epsilon=1e-12):
class MembershipInference (line 95) | class MembershipInference:
method __init__ (line 160) | def __init__(self, model, n_jobs=-1):
method train (line 171) | def train(self, dataset_train, dataset_test, attack_config):
method eval (line 209) | def eval(self, dataset_train, dataset_test, metrics):
method _transform (line 244) | def _transform(self, dataset_train, dataset_test):
method _generate (line 268) | def _generate(self, input_dataset, label):
FILE: mindarmour/privacy/evaluation/model_inversion_attack.py
class ModelInversionLoss (line 32) | class ModelInversionLoss(nn.Cell):
method __init__ (line 42) | def __init__(self, network, invnet, loss_fn, target_layer='conv1'):
method construct (line 50) | def construct(self, inputs):
class ModelInversionAttack (line 57) | class ModelInversionAttack:
method __init__ (line 73) | def __init__(self, network, inv_network, input_shape, ckpoint_path=Non...
method check_inv_network (line 85) | def check_inv_network(self, input_shape):
method train_inversion_model (line 96) | def train_inversion_model(self, dataset, epochs=50, learningrate=1e-3,...
method evaluate (line 135) | def evaluate(self, dataset):
method inverse (line 171) | def inverse(self, target_feature):
FILE: mindarmour/privacy/evaluation/shadow_model_attack.py
class ShadowModelLoss (line 31) | class ShadowModelLoss(nn.Cell):
method __init__ (line 35) | def __init__(self, network, shadow_net, loss_fn, target_layer='conv11'):
method construct (line 43) | def construct(self, inputs, targets):
class ShadowModelAttack (line 50) | class ShadowModelAttack:
method __init__ (line 101) | def __init__(self, network, shadow_network, ckpoint_path='', split_lay...
method train_shadow_model (line 114) | def train_shadow_model(self, dataset, attack_config):
method evaluate (line 159) | def evaluate(self, dataset, num_classes=10):
FILE: mindarmour/privacy/sup_privacy/mask_monitor/masker.py
class SuppressMasker (line 27) | class SuppressMasker(Callback):
method __init__ (line 80) | def __init__(self, model, suppress_ctrl):
method step_end (line 87) | def step_end(self, run_context):
FILE: mindarmour/privacy/sup_privacy/sup_ctrl/conctrl.py
class SuppressPrivacyFactory (line 34) | class SuppressPrivacyFactory:
method __init__ (line 42) | def __init__(self):
method create (line 46) | def create(networks, mask_layers, policy="local_train", end_epoch=10, ...
class SuppressCtrl (line 121) | class SuppressCtrl(Cell):
method __init__ (line 142) | def __init__(self, networks, mask_layers, end_epoch, batch_num, start_...
method _check_params (line 240) | def _check_params(self):
method _check_mask_layers (line 281) | def _check_mask_layers(self):
method update_status (line 305) | def update_status(self, cur_epoch, cur_step, cur_step_in_epoch):
method update_mask (line 333) | def update_mask(self, networks, cur_step, target_sparse=0.0):
method update_mask_layer (line 414) | def update_mask_layer(self, weight_array_flat, sparse_weight_thd, spar...
method update_mask_layer_approximity (line 496) | def update_mask_layer_approximity(self, weight_array_flat, weight_arra...
method reset_zeros (line 587) | def reset_zeros(self):
method calc_theoretical_sparse_for_conv (line 594) | def calc_theoretical_sparse_for_conv(self):
method calc_actual_sparse_for_conv (line 625) | def calc_actual_sparse_for_conv(self, networks):
method calc_actual_sparse_for_fc1 (line 687) | def calc_actual_sparse_for_fc1(self, networks):
method calc_actual_sparse_for_layer (line 696) | def calc_actual_sparse_for_layer(self, networks, layer_name):
method print_paras (line 736) | def print_paras(self):
function get_one_mask_layer (line 751) | def get_one_mask_layer(mask_layers, layer_name):
class MaskLayerDes (line 768) | class MaskLayerDes:
method __init__ (line 800) | def __init__(self, layer_name, grad_idx, is_add_noise, is_lower_clip, ...
class GradMaskInCell (line 811) | class GradMaskInCell(Cell):
method __init__ (line 826) | def __init__(self, array, is_add_noise, is_lower_clip, min_num, upper_...
method construct (line 863) | def construct(self):
method update (line 869) | def update(self):
class DeWeightInCell (line 876) | class DeWeightInCell(Cell):
method __init__ (line 884) | def __init__(self, array):
method construct (line 894) | def construct(self):
method update (line 902) | def update(self):
method reset_zeros (line 909) | def reset_zeros(self):
FILE: mindarmour/privacy/sup_privacy/train/model.py
function tensor_grad_scale (line 51) | def tensor_grad_scale(scale, grad):
class SuppressModel (line 56) | class SuppressModel(Model):
method __init__ (line 70) | def __init__(self,
method link_suppress_ctrl (line 84) | def link_suppress_ctrl(self, suppress_pri_ctrl):
method _build_train_network (line 97) | def _build_train_network(self):
method _amp_build_train_network (line 123) | def _amp_build_train_network(self, network, optimizer, loss_fn=None,
class _TupleAdd (line 174) | class _TupleAdd(nn.Cell):
method __init__ (line 178) | def __init__(self):
method construct (line 183) | def construct(self, input1, input2):
class _TupleMul (line 189) | class _TupleMul(nn.Cell):
method __init__ (line 193) | def __init__(self):
method construct (line 198) | def construct(self, input1, input2):
class TrainOneStepCell (line 204) | class TrainOneStepCell(Cell):
method __init__ (line 225) | def __init__(self, network, optimizer, sens=1.0):
method link_suppress_ctrl (line 251) | def link_suppress_ctrl(self, suppress_pri_ctrl):
method construct (line 268) | def construct(self, data, label):
FILE: mindarmour/reliability/concept_drift/concept_drift_check_images.py
class OodDetector (line 29) | class OodDetector:
method __init__ (line 38) | def __init__(self, model, ds_train):
method _feature_extract (line 45) | def _feature_extract(self, model, data, layer='output[:Tensor]'):
method get_optimal_threshold (line 63) | def get_optimal_threshold(self, label, ds_eval):
method ood_predict (line 77) | def ood_predict(self, threshold, ds_test):
class OodDetectorFeatureCluster (line 93) | class OodDetectorFeatureCluster(OodDetector):
method __init__ (line 142) | def __init__(self, model, ds_train, n_cluster, layer):
method _feature_cluster (line 151) | def _feature_cluster(self):
method _get_ood_score (line 163) | def _get_ood_score(self, ds_test):
method get_optimal_threshold (line 187) | def get_optimal_threshold(self, label, ds_eval):
method ood_predict (line 219) | def ood_predict(self, threshold, ds_test):
FILE: mindarmour/reliability/concept_drift/concept_drift_check_time_series.py
class ConceptDriftCheckTimeSeries (line 23) | class ConceptDriftCheckTimeSeries:
method __init__ (line 48) | def __init__(self, window_size=100, rolling_window=10,
method _reservoir_model_feature (line 59) | def _reservoir_model_feature(self, window_data):
method _concept_distance (line 91) | def _concept_distance(self, data_x, data_y):
method _data_process (line 118) | def _data_process(self, data):
method concept_check (line 149) | def concept_check(self, data):
function _result_save (line 191) | def _result_save(original_data, threshold, concept_location, drift_point...
function _original_label (line 220) | def _original_label(original_data, threshold, drift_score, window_size, ...
function _label_continue_process (line 249) | def _label_continue_process(label):
function _find_loc (line 273) | def _find_loc(label_location):
function _continue_block (line 277) | def _continue_block(location):
function _drift_blocks (line 294) | def _drift_blocks(drift_score, label_continue, label_location):
function _w_generate (line 326) | def _w_generate(res_size, in_size, input_data):
function _cal_distance (line 359) | def _cal_distance(matrix1, matrix2):
function _cal_threshold (line 376) | def _cal_threshold(distance, threshold_index):
FILE: mindarmour/reliability/model_fault_injection/fault_injection.py
class FaultInjector (line 29) | class FaultInjector:
method __init__ (line 78) | def __init__(self, model, fi_type=None, fi_mode=None, fi_size=None):
method _check_param (line 93) | def _check_param(self):
method _init_running_list (line 115) | def _init_running_list(self, type_, mode_, size_):
method _frozen (line 148) | def _frozen(self):
method _reset_model (line 159) | def _reset_model(self):
method _calculate_batch_size (line 175) | def _calculate_batch_size(num, iter_times):
method _check_kick_off_param (line 191) | def _check_kick_off_param(ds_data, ds_label, iter_times):
method kick_off (line 199) | def kick_off(self, ds_data, ds_label, iter_times=100):
method metrics (line 244) | def metrics(self):
method _layer_states (line 280) | def _layer_states(self, fi_type, fi_mode, fi_size):
FILE: mindarmour/reliability/model_fault_injection/fault_type.py
class FaultType (line 26) | class FaultType:
method _bitflip (line 29) | def _bitflip(value, pos):
method _fault_inject (line 50) | def _fault_inject(self, value, fi_type, fi_size):
method _bitflips_random (line 86) | def _bitflips_random(self, value, fi_indices):
method _bitflips_designated (line 104) | def _bitflips_designated(self, value, fi_indices):
method _random (line 129) | def _random(value, fi_indices):
method _zeros (line 144) | def _zeros(value, fi_indices):
method _nan (line 158) | def _nan(value, fi_indices):
method _inf (line 175) | def _inf(value, fi_indices):
method _anti_activation (line 192) | def _anti_activation(value, fi_indices):
method _precision_loss (line 206) | def _precision_loss(value, fi_indices):
FILE: mindarmour/utils/_check_param.py
function _check_binary_rel (line 41) | def _check_binary_rel(val1, val2, rel):
function _format_str_one_value (line 63) | def _format_str_one_value(value, rel):
function _check_array_not_empty (line 85) | def _check_array_not_empty(arg_name, arg_value):
function check_param_type (line 101) | def check_param_type(arg_name, arg_value, valid_type):
function check_param_multi_types (line 111) | def check_param_multi_types(arg_name, arg_value, valid_types):
function check_int_positive (line 121) | def check_int_positive(arg_name, arg_value):
function check_value_non_negative (line 136) | def check_value_non_negative(arg_name, arg_value):
function check_value_positive (line 146) | def check_value_positive(arg_name, arg_value):
function check_param_in_range (line 156) | def check_param_in_range(arg_name, arg_value, lower, upper):
function check_model (line 168) | def check_model(model_name, model, model_type):
function check_numpy_param (line 190) | def check_numpy_param(arg_name, arg_value):
function check_pair_numpy_param (line 217) | def check_pair_numpy_param(inputs_name, inputs, labels_name, labels):
function check_equal_length (line 245) | def check_equal_length(para_name1, value1, para_name2, value2):
function check_equal_shape (line 255) | def check_equal_shape(para_name1, value1, para_name2, value2):
function check_norm_level (line 265) | def check_norm_level(norm_level):
function normalize_value (line 277) | def normalize_value(value, norm_level):
function check_detection_inputs (line 313) | def check_detection_inputs(inputs, labels):
function check_inputs_labels (line 373) | def check_inputs_labels(inputs, labels):
function check_param_bounds (line 389) | def check_param_bounds(arg_name, arg_value):
function check_value_type (line 409) | def check_value_type(arg_name, arg_value, valid_types, prim_name=None):
function check (line 435) | def check(arg_name, arg_value, value_name, value, rel=EQ, prim_name=None...
FILE: mindarmour/utils/logger.py
function _find_caller (line 20) | def _find_caller():
class LogUtil (line 29) | class LogUtil:
method __init__ (line 42) | def __init__(self):
method get_instance (line 46) | def get_instance():
method _init_logger (line 60) | def _init_logger():
method set_level (line 80) | def set_level(self, level):
method add_handler (line 94) | def add_handler(self, handler):
method debug (line 110) | def debug(self, tag, msg, *args):
method info (line 127) | def info(self, tag, msg, *args):
method warn (line 144) | def warn(self, tag, msg, *args):
method error (line 161) | def error(self, tag, msg, *args):
FILE: mindarmour/utils/util.py
function jacobian_matrix (line 30) | def jacobian_matrix(grad_wrap_net, inputs, num_classes):
function jacobian_matrix_for_detection (line 59) | def jacobian_matrix_for_detection(grad_wrap_net, inputs, num_boxes, num_...
class WithLossCell (line 96) | class WithLossCell(Cell):
method __init__ (line 124) | def __init__(self, network, loss_fn):
method construct (line 129) | def construct(self, data, label):
class GradWrapWithLoss (line 144) | class GradWrapWithLoss(Cell):
method __init__ (line 176) | def __init__(self, network):
method construct (line 181) | def construct(self, inputs, labels):
class GradWrap (line 196) | class GradWrap(Cell):
method __init__ (line 229) | def __init__(self, network):
method construct (line 234) | def construct(self, *data):
function calculate_iou (line 252) | def calculate_iou(box_i, box_j):
function to_tensor_tuple (line 285) | def to_tensor_tuple(inputs_ori):
function calculate_lp_distance (line 297) | def calculate_lp_distance(original_image, compared_image):
function _crop (line 331) | def _crop(arr, crop_width):
function compute_ssim (line 358) | def compute_ssim(original_image, compared_image):
function compute_psnr (line 436) | def compute_psnr(original_image, compared_image, data_range=None):
FILE: setup.py
function clean (line 32) | def clean():
function write_version (line 43) | def write_version(file):
function build_depends (line 48) | def build_depends():
function update_permissions (line 59) | def update_permissions(path):
function get_description (line 75) | def get_description():
class EggInfo (line 97) | class EggInfo(egg_info):
method run (line 99) | def run(self):
class BuildPy (line 105) | class BuildPy(build_py):
method run (line 107) | def run(self):
FILE: tests/ut/python/adv_robustness/attacks/black/test_genetic_attack.py
class ModelToBeAttacked (line 31) | class ModelToBeAttacked(BlackModel):
method __init__ (line 34) | def __init__(self, network):
method predict (line 38) | def predict(self, inputs):
class DetectionModel (line 44) | class DetectionModel(BlackModel):
method predict (line 47) | def predict(self, inputs):
class SimpleNet (line 66) | class SimpleNet(Cell):
method __init__ (line 74) | def __init__(self):
method construct (line 81) | def construct(self, inputs):
function test_genetic_attack (line 97) | def test_genetic_attack():
function test_supplement (line 125) | def test_supplement():
function test_value_error (line 151) | def test_value_error():
function test_genetic_attack_detection_cpu (line 178) | def test_genetic_attack_detection_cpu():
FILE: tests/ut/python/adv_robustness/attacks/black/test_hsja.py
class ModelToBeAttacked (line 35) | class ModelToBeAttacked(BlackModel):
method __init__ (line 38) | def __init__(self, network):
method predict (line 42) | def predict(self, inputs):
function random_target_labels (line 50) | def random_target_labels(true_labels):
function create_target_images (line 61) | def create_target_images(dataset, data_labels, target_labels):
function get_model (line 72) | def get_model():
function test_hsja_mnist_attack_ascend (line 90) | def test_hsja_mnist_attack_ascend():
function test_hsja_mnist_attack_cpu (line 164) | def test_hsja_mnist_attack_cpu():
function test_value_error_ascend (line 240) | def test_value_error_ascend():
function test_value_error_cpu (line 252) | def test_value_error_cpu():
FILE: tests/ut/python/adv_robustness/attacks/black/test_nes.py
class ModelToBeAttacked (line 34) | class ModelToBeAttacked(BlackModel):
method __init__ (line 37) | def __init__(self, network):
method predict (line 41) | def predict(self, inputs):
function random_target_labels (line 49) | def random_target_labels(true_labels):
function _pseudorandom_target (line 60) | def _pseudorandom_target(index, total_indices, true_class):
function create_target_images (line 69) | def create_target_images(dataset, data_labels, target_labels):
function get_model (line 79) | def get_model(current_dir):
function get_dataset (line 90) | def get_dataset(current_dir):
function nes_mnist_attack (line 101) | def nes_mnist_attack(scene, top_k):
function test_nes_query_limit_ascend (line 167) | def test_nes_query_limit_ascend():
function test_nes_query_limit_cpu (line 183) | def test_nes_query_limit_cpu():
function test_nes_partial_info_ascend (line 200) | def test_nes_partial_info_ascend():
function test_nes_partial_info_cpu (line 216) | def test_nes_partial_info_cpu():
function test_nes_label_only_ascend (line 233) | def test_nes_label_only_ascend():
function test_nes_label_only_cpu (line 249) | def test_nes_label_only_cpu():
function test_value_error_ascend (line 266) | def test_value_error_ascend():
function test_value_error_cpu (line 277) | def test_value_error_cpu():
function test_none_ascend (line 289) | def test_none_ascend():
function test_none_cpu (line 308) | def test_none_cpu():
FILE: tests/ut/python/adv_robustness/attacks/black/test_pointwise_attack.py
class ModelToBeAttacked (line 38) | class ModelToBeAttacked(BlackModel):
method __init__ (line 41) | def __init__(self, network):
method predict (line 45) | def predict(self, inputs):
function test_pointwise_attack_method_ascend (line 56) | def test_pointwise_attack_method_ascend():
function test_pointwise_attack_method_cpu (line 98) | def test_pointwise_attack_method_cpu():
FILE: tests/ut/python/adv_robustness/attacks/black/test_pso_attack.py
class ModelToBeAttacked (line 31) | class ModelToBeAttacked(BlackModel):
method __init__ (line 34) | def __init__(self, network):
method predict (line 38) | def predict(self, inputs):
class DetectionModel (line 47) | class DetectionModel(BlackModel):
method predict (line 50) | def predict(self, inputs):
class SimpleNet (line 69) | class SimpleNet(Cell):
method __init__ (line 77) | def __init__(self):
method construct (line 85) | def construct(self, inputs):
function test_pso_attack (line 101) | def test_pso_attack():
function test_pso_attack_targeted (line 127) | def test_pso_attack_targeted():
function test_pso_attack_gpu (line 153) | def test_pso_attack_gpu():
function test_pso_attack_cpu (line 178) | def test_pso_attack_cpu():
function test_pso_attack_detection_cpu (line 203) | def test_pso_attack_detection_cpu():
FILE: tests/ut/python/adv_robustness/attacks/black/test_salt_and_pepper_attack.py
class ModelToBeAttacked (line 33) | class ModelToBeAttacked(BlackModel):
method __init__ (line 36) | def __init__(self, network):
method predict (line 40) | def predict(self, inputs):
function test_salt_and_pepper_attack_method_ascend (line 51) | def test_salt_and_pepper_attack_method_ascend():
function test_salt_and_pepper_attack_method_cpu (line 85) | def test_salt_and_pepper_attack_method_cpu():
FILE: tests/ut/python/adv_robustness/attacks/test_batch_generate_attack.py
class Net (line 31) | class Net(Cell):
method __init__ (line 39) | def __init__(self):
method construct (line 46) | def construct(self, inputs):
class Net2 (line 57) | class Net2(Cell):
method __init__ (line 65) | def __init__(self):
method construct (line 69) | def construct(self, inputs1, inputs2):
class LossNet (line 75) | class LossNet(Cell):
method construct (line 79) | def construct(self, loss1, loss2, labels1, labels2):
class WithLossCell (line 83) | class WithLossCell(Cell):
method __init__ (line 85) | def __init__(self, backbone, loss_fn):
method construct (line 90) | def construct(self, inputs1, inputs2, labels1, labels2):
class GradWrapWithLoss (line 95) | class GradWrapWithLoss(Cell):
method __init__ (line 101) | def __init__(self, network):
method construct (line 106) | def construct(self, *inputs):
function test_batch_generate_attack_ascend (line 116) | def test_batch_generate_attack_ascend():
function test_batch_generate_attack_cpu (line 141) | def test_batch_generate_attack_cpu():
function test_batch_generate_attack_multi_inputs_ascend (line 167) | def test_batch_generate_attack_multi_inputs_ascend():
function test_batch_generate_attack_multi_inputs_cpu (line 196) | def test_batch_generate_attack_multi_inputs_cpu():
FILE: tests/ut/python/adv_robustness/attacks/test_cw.py
class Net (line 30) | class Net(Cell):
method __init__ (line 38) | def __init__(self):
method construct (line 45) | def construct(self, inputs):
function test_cw_attack_ascend (line 61) | def test_cw_attack_ascend():
function test_cw_attack_cpu (line 83) | def test_cw_attack_cpu():
function test_cw_attack_targeted_ascend (line 106) | def test_cw_attack_targeted_ascend():
function test_cw_attack_targeted_cpu (line 128) | def test_cw_attack_targeted_cpu():
FILE: tests/ut/python/adv_robustness/attacks/test_deep_fool.py
class Net (line 30) | class Net(Cell):
method __init__ (line 38) | def __init__(self):
method construct (line 45) | def construct(self, inputs):
class Net2 (line 56) | class Net2(Cell):
method __init__ (line 63) | def __init__(self):
method construct (line 67) | def construct(self, inputs1, inputs2):
function test_deepfool_attack_ascend (line 78) | def test_deepfool_attack_ascend():
function test_deepfool_attack_cpu (line 108) | def test_deepfool_attack_cpu():
function test_deepfool_attack_detection_ascend (line 138) | def test_deepfool_attack_detection_ascend():
function test_deepfool_attack_detection_cpu (line 165) | def test_deepfool_attack_detection_cpu():
function test_deepfool_attack_inf_ascend (line 193) | def test_deepfool_attack_inf_ascend():
function test_deepfool_attack_inf_cpu (line 218) | def test_deepfool_attack_inf_cpu():
function test_value_error_ascend (line 244) | def test_value_error_ascend():
function test_value_error_cpu (line 269) | def test_value_error_cpu():
FILE: tests/ut/python/adv_robustness/attacks/test_gradient_method.py
class Net (line 35) | class Net(Cell):
method __init__ (line 43) | def __init__(self):
method construct (line 50) | def construct(self, inputs):
class Net2 (line 61) | class Net2(Cell):
method __init__ (line 69) | def __init__(self):
method construct (line 73) | def construct(self, inputs1, inputs2):
class LossNet (line 79) | class LossNet(Cell):
method construct (line 83) | def construct(self, loss1, loss2, labels1, labels2):
class WithLossCell (line 87) | class WithLossCell(Cell):
method __init__ (line 89) | def __init__(self, backbone, loss_fn):
method construct (line 94) | def construct(self, inputs1, inputs2, labels1, labels2):
class GradWrapWithLoss (line 99) | class GradWrapWithLoss(Cell):
method __init__ (line 105) | def __init__(self, network):
method construct (line 110) | def construct(self, *inputs):
function test_fast_gradient_method (line 120) | def test_fast_gradient_method():
function test_fast_gradient_method_gpu (line 142) | def test_fast_gradient_method_gpu():
function test_fast_gradient_method_cpu (line 163) | def test_fast_gradient_method_cpu():
function test_random_fast_gradient_method (line 185) | def test_random_fast_gradient_method():
function test_fast_gradient_sign_method (line 208) | def test_fast_gradient_sign_method():
function test_random_fast_gradient_sign_method (line 231) | def test_random_fast_gradient_sign_method():
function test_least_likely_class_method (line 254) | def test_least_likely_class_method():
function test_random_least_likely_class_method (line 277) | def test_random_least_likely_class_method():
function test_fast_gradient_method_multi_inputs (line 301) | def test_fast_gradient_method_multi_inputs():
function test_assert_error (line 326) | def test_assert_error():
FILE: tests/ut/python/adv_robustness/attacks/test_iterative_gradient_method.py
class Net (line 36) | class Net(Cell):
method __init__ (line 44) | def __init__(self):
method construct (line 48) | def construct(self, inputs):
class FlattenNet (line 59) | class FlattenNet(Cell):
method __init__ (line 67) | def __init__(self):
method construct (line 72) | def construct(self, inputs):
function test_basic_iterative_method_ascend (line 89) | def test_basic_iterative_method_ascend():
function test_basic_iterative_method_cpu (line 115) | def test_basic_iterative_method_cpu():
function test_momentum_iterative_method_ascend (line 142) | def test_momentum_iterative_method_ascend():
function test_momentum_iterative_method_cpu (line 167) | def test_momentum_iterative_method_cpu():
function test_projected_gradient_descent_method_ascend (line 193) | def test_projected_gradient_descent_method_ascend():
function test_projected_gradient_descent_method_cpu (line 220) | def test_projected_gradient_descent_method_cpu():
function test_diverse_input_iterative_method_ascend (line 248) | def test_diverse_input_iterative_method_ascend():
function test_diverse_input_iterative_method_cpu (line 272) | def test_diverse_input_iterative_method_cpu():
function test_momentum_diverse_input_iterative_method_ascend (line 297) | def test_momentum_diverse_input_iterative_method_ascend():
function test_momentum_diverse_input_iterative_method_cpu (line 321) | def test_momentum_diverse_input_iterative_method_cpu():
function test_error_ascend (line 347) | def test_error_ascend():
function test_error_cpu (line 367) | def test_error_cpu():
function test_variance_tuning_momentum_iterative_method_cpu (line 388) | def test_variance_tuning_momentum_iterative_method_cpu():
FILE: tests/ut/python/adv_robustness/attacks/test_jsma.py
class Net (line 29) | class Net(Cell):
method __init__ (line 37) | def __init__(self):
method construct (line 44) | def construct(self, inputs):
function test_jsma_attack (line 60) | def test_jsma_attack():
function test_jsma_attack_2 (line 89) | def test_jsma_attack_2():
function test_jsma_attack_gpu (line 118) | def test_jsma_attack_gpu():
function test_jsma_attack_cpu (line 147) | def test_jsma_attack_cpu():
FILE: tests/ut/python/adv_robustness/attacks/test_lbfgs.py
function test_lbfgs_attack_ascend (line 42) | def test_lbfgs_attack_ascend():
function test_lbfgs_attack_cpu (line 82) | def test_lbfgs_attack_cpu():
FILE: tests/ut/python/adv_robustness/defenses/test_ad.py
function test_ad (line 40) | def test_ad():
FILE: tests/ut/python/adv_robustness/defenses/test_ead.py
function test_ead (line 42) | def test_ead():
FILE: tests/ut/python/adv_robustness/defenses/test_nad.py
function test_nad (line 39) | def test_nad():
FILE: tests/ut/python/adv_robustness/defenses/test_pad.py
function test_pad (line 39) | def test_pad():
FILE: tests/ut/python/adv_robustness/detectors/black/test_similarity_detector.py
class EncoderNet (line 28) | class EncoderNet(Cell):
method __init__ (line 33) | def __init__(self, encode_dim):
method construct (line 38) | def construct(self, inputs):
method get_encode_dim (line 48) | def get_encode_dim(self):
function test_similarity_detector_ascend (line 63) | def test_similarity_detector_ascend():
function test_similarity_detector_cpu (line 109) | def test_similarity_detector_cpu():
FILE: tests/ut/python/adv_robustness/detectors/test_ensemble_detector.py
class Net (line 31) | class Net(Cell):
method __init__ (line 35) | def __init__(self):
method construct (line 39) | def construct(self, inputs):
class AutoNet (line 49) | class AutoNet(Cell):
method __init__ (line 53) | def __init__(self):
method construct (line 57) | def construct(self, inputs):
function test_ensemble_detector_ascend (line 72) | def test_ensemble_detector_ascend():
function test_ensemble_detector_cpu (line 100) | def test_ensemble_detector_cpu():
function test_error_ascend (line 129) | def test_error_ascend():
function test_error_cpu (line 155) | def test_error_cpu():
FILE: tests/ut/python/adv_robustness/detectors/test_mag_net.py
class Net (line 31) | class Net(Cell):
method __init__ (line 36) | def __init__(self):
method construct (line 40) | def construct(self, inputs):
class PredNet (line 50) | class PredNet(Cell):
method __init__ (line 55) | def __init__(self):
method construct (line 61) | def construct(self, inputs):
function test_mag_net_ascend (line 77) | def test_mag_net_ascend():
function test_mag_net_cpu (line 100) | def test_mag_net_cpu():
function test_mag_net_transform_ascend (line 124) | def test_mag_net_transform_ascend():
function test_mag_net_transform_cpu (line 143) | def test_mag_net_transform_cpu():
function test_mag_net_divergence_ascend (line 163) | def test_mag_net_divergence_ascend():
function test_mag_net_divergence_cpu (line 188) | def test_mag_net_divergence_cpu():
function test_mag_net_divergence_transform_ascend (line 214) | def test_mag_net_divergence_transform_ascend():
function test_mag_net_divergence_transform_cpu (line 234) | def test_mag_net_divergence_transform_cpu():
function test_value_error_ascend (line 255) | def test_value_error_ascend():
function test_value_error_cpu (line 275) | def test_value_error_cpu():
FILE: tests/ut/python/adv_robustness/detectors/test_region_based_detector.py
class Net (line 29) | class Net(Cell):
method __init__ (line 33) | def __init__(self):
method construct (line 37) | def construct(self, inputs):
function test_region_based_classification_ascend (line 52) | def test_region_based_classification_ascend():
function test_region_based_classification_cpu (line 78) | def test_region_based_classification_cpu():
function test_value_error_ascend (line 105) | def test_value_error_ascend():
function test_value_error_cpu (line 154) | def test_value_error_cpu():
FILE: tests/ut/python/adv_robustness/detectors/test_spatial_smoothing.py
class Net (line 30) | class Net(Cell):
method __init__ (line 34) | def __init__(self):
method construct (line 38) | def construct(self, inputs):
function test_spatial_smoothing_ascend (line 53) | def test_spatial_smoothing_ascend():
function test_spatial_smoothing_cpu (line 84) | def test_spatial_smoothing_cpu():
function test_spatial_smoothing_diff_ascend (line 116) | def test_spatial_smoothing_diff_ascend():
function test_spatial_smoothing_diff_cpu (line 156) | def test_spatial_smoothing_diff_cpu():
FILE: tests/ut/python/adv_robustness/evaluations/black/test_black_defense_eval.py
function test_def_eval (line 28) | def test_def_eval():
FILE: tests/ut/python/adv_robustness/evaluations/test_attack_eval.py
function test_attack_eval (line 28) | def test_attack_eval():
function test_value_error (line 61) | def test_value_error():
function test_empty_input_error (line 84) | def test_empty_input_error():
FILE: tests/ut/python/adv_robustness/evaluations/test_defense_eval.py
function test_def_eval (line 28) | def test_def_eval():
FILE: tests/ut/python/adv_robustness/evaluations/test_radar_metric.py
function test_radar_metric (line 27) | def test_radar_metric():
function test_value_error (line 45) | def test_value_error():
FILE: tests/ut/python/fuzzing/test_coverage_metrics.py
class Net (line 37) | class Net(Cell):
method __init__ (line 45) | def __init__(self):
method construct (line 53) | def construct(self, inputs):
function test_lenet_mnist_coverage_cpu (line 71) | def test_lenet_mnist_coverage_cpu():
function test_lenet_mnist_coverage_ascend (line 126) | def test_lenet_mnist_coverage_ascend():
FILE: tests/ut/python/fuzzing/test_fuzzer.py
function conv (line 35) | def conv(in_channels, out_channels, kernel_size, stride=1, padding=0):
function fc_with_initialize (line 42) | def fc_with_initialize(input_channels, out_channels):
function weight_variable (line 48) | def weight_variable():
class Net (line 52) | class Net(nn.Cell):
method __init__ (line 57) | def __init__(self):
method construct (line 69) | def construct(self, x):
function test_fuzzing_ascend (line 95) | def test_fuzzing_ascend():
function test_fuzzing_cpu (line 140) | def test_fuzzing_cpu():
FILE: tests/ut/python/natural_robustness/test_natural_robustness.py
function test_perspective (line 30) | def test_perspective():
function test_uniform_noise (line 49) | def test_uniform_noise():
function test_gaussian_noise (line 66) | def test_gaussian_noise():
function test_contrast (line 83) | def test_contrast():
function test_gaussian_blur (line 100) | def test_gaussian_blur():
function test_salt_and_pepper_noise (line 117) | def test_salt_and_pepper_noise():
function test_translate (line 134) | def test_translate():
function test_scale (line 151) | def test_scale():
function test_shear (line 168) | def test_shear():
function test_rotate (line 185) | def test_rotate():
function test_curve (line 202) | def test_curve():
function test_natural_noise (line 219) | def test_natural_noise():
function test_gradient_luminance (line 236) | def test_gradient_luminance():
function test_motion_blur (line 260) | def test_motion_blur():
function test_gradient_blur (line 279) | def test_gradient_blur():
function test_perspective_ascend (line 301) | def test_perspective_ascend():
function test_uniform_noise_ascend (line 321) | def test_uniform_noise_ascend():
function test_gaussian_noise_ascend (line 339) | def test_gaussian_noise_ascend():
function test_contrast_ascend (line 357) | def test_contrast_ascend():
function test_gaussian_blur_ascend (line 375) | def test_gaussian_blur_ascend():
function test_salt_and_pepper_noise_ascend (line 393) | def test_salt_and_pepper_noise_ascend():
function test_translate_ascend (line 411) | def test_translate_ascend():
function test_scale_ascend (line 429) | def test_scale_ascend():
function test_shear_ascend (line 447) | def test_shear_ascend():
function test_rotate_ascend (line 465) | def test_rotate_ascend():
function test_curve_ascend (line 483) | def test_curve_ascend():
function test_natural_noise_ascend (line 501) | def test_natural_noise_ascend():
function test_gradient_luminance_ascend (line 519) | def test_gradient_luminance_ascend():
function test_motion_blur_ascend (line 544) | def test_motion_blur_ascend():
function test_gradient_blur_ascend (line 564) | def test_gradient_blur_ascend():
FILE: tests/ut/python/privacy/diff_privacy/test_mechanisms.py
function test_graph_factory (line 33) | def test_graph_factory():
function test_pynative_factory (line 60) | def test_pynative_factory():
function test_pynative_gaussian (line 87) | def test_pynative_gaussian():
function test_graph_ada_gaussian (line 114) | def test_graph_ada_gaussian():
function test_pynative_ada_gaussian (line 135) | def test_pynative_ada_gaussian():
function test_graph_exponential (line 156) | def test_graph_exponential():
function test_pynative_exponential (line 178) | def test_pynative_exponential():
function test_ada_clip_gaussian_random_pynative (line 200) | def test_ada_clip_gaussian_random_pynative():
function test_ada_clip_gaussian_random_graph (line 231) | def test_ada_clip_gaussian_random_graph():
function test_pynative_clip_mech_factory (line 262) | def test_pynative_clip_mech_factory():
function test_graph_clip_mech_factory (line 285) | def test_graph_clip_mech_factory():
FILE: tests/ut/python/privacy/diff_privacy/test_model_train.py
function dataset_generator (line 32) | def dataset_generator():
function test_dp_model_with_pynative_mode (line 49) | def test_dp_model_with_pynative_mode():
function test_dp_model_with_graph_mode (line 86) | def test_dp_model_with_graph_mode():
function test_dp_model_with_graph_mode_ada_gaussian (line 121) | def test_dp_model_with_graph_mode_ada_gaussian():
FILE: tests/ut/python/privacy/diff_privacy/test_monitor.py
function dataset_generator (line 34) | def dataset_generator():
function test_dp_monitor (line 51) | def test_dp_monitor():
function test_dp_monitor_gpu (line 78) | def test_dp_monitor_gpu():
function test_dp_monitor_cpu (line 105) | def test_dp_monitor_cpu():
function test_dp_monitor_zcdp (line 133) | def test_dp_monitor_zcdp():
function test_dp_monitor_zcdp_gpu (line 160) | def test_dp_monitor_zcdp_gpu():
function test_dp_monitor_zcdp_cpu (line 187) | def test_dp_monitor_zcdp_cpu():
FILE: tests/ut/python/privacy/diff_privacy/test_optimizer.py
function test_optimizer (line 30) | def test_optimizer():
function test_optimizer_gpu (line 48) | def test_optimizer_gpu():
function test_optimizer_cpu (line 66) | def test_optimizer_cpu():
FILE: tests/ut/python/privacy/evaluation/test_attacker.py
function test_get_knn_model (line 29) | def test_get_knn_model():
function test_get_lr_model (line 48) | def test_get_lr_model():
function test_get_mlp_model (line 67) | def test_get_mlp_model():
function test_get_rf_model (line 88) | def test_get_rf_model():
FILE: tests/ut/python/privacy/evaluation/test_inversion_attack.py
function test_inversion_attack_graph (line 33) | def test_inversion_attack_graph():
function test_inversion_attack_pynative (line 50) | def test_inversion_attack_pynative():
function test_inversion_attack_cpu (line 66) | def test_inversion_attack_cpu():
function test_inversion_attack2 (line 83) | def test_inversion_attack2():
FILE: tests/ut/python/privacy/evaluation/test_membership_inference.py
function dataset_generator (line 34) | def dataset_generator():
function test_get_membership_inference_object (line 51) | def test_get_membership_inference_object():
function test_membership_inference_object_train (line 67) | def test_membership_inference_object_train():
function test_membership_inference_eval (line 93) | def test_membership_inference_eval():
FILE: tests/ut/python/privacy/sup_privacy/test_model_train.py
function dataset_generator (line 36) | def dataset_generator():
function test_suppress_model_with_pynative_mode (line 52) | def test_suppress_model_with_pynative_mode():
FILE: tests/ut/python/reliability/concept_drift/test_concept_drift_images.py
function test_concept_drift_image_ascend (line 39) | def test_concept_drift_image_ascend():
FILE: tests/ut/python/reliability/concept_drift/test_concept_drift_time_series.py
function test_concept_drift_time_series_ascend (line 36) | def test_concept_drift_time_series_ascend():
FILE: tests/ut/python/reliability/model_fault_injection/test_fault_injection.py
function dataset_generator (line 37) | def dataset_generator():
function test_fault_injector (line 55) | def test_fault_injector():
function test_wrong_model (line 97) | def test_wrong_model():
function test_wrong_data (line 140) | def test_wrong_data():
function test_wrong_fi_type (line 176) | def test_wrong_fi_type():
function test_wrong_fi_mode (line 220) | def test_wrong_fi_mode():
function test_wrong_fi_size (line 264) | def test_wrong_fi_size():
FILE: tests/ut/python/utils/mock_net.py
function conv (line 21) | def conv(in_channels, out_channels, kernel_size, stride=1, padding=0):
function fc_with_initialize (line 28) | def fc_with_initialize(input_channels, out_channels):
function weight_variable (line 34) | def weight_variable():
class Net (line 38) | class Net(nn.Cell):
method __init__ (line 42) | def __init__(self):
method construct (line 53) | def construct(self, x):
FILE: tests/ut/python/utils/test_log_util.py
function test_logger (line 28) | def test_logger():
function test_value_error (line 57) | def test_value_error():
Condensed preview — 357 files, each showing path, character count, and a content snippet. Download the .json file or copy for the full structured content (2,095K chars).
[
{
"path": ".gitee/PULL_REQUEST_TEMPLATE.md",
"chars": 668,
"preview": "<!-- Thanks for sending a pull request! Here are some tips for you:\n\nIf this is your first time, please read our contr"
},
{
"path": ".github/ISSUE_TEMPLATE/RFC.md",
"chars": 504,
"preview": "---\nname: RFC\nabout: Use this template for the new feature or enhancement\nlabels: kind/feature or kind/enhancement\n\n---\n"
},
{
"path": ".github/ISSUE_TEMPLATE/bug-report.md",
"chars": 966,
"preview": "---\nname: Bug Report\nabout: Use this template for reporting a bug\nlabels: kind/bug\n\n---\n\n<!-- Thanks for sending an iss"
},
{
"path": ".github/ISSUE_TEMPLATE/task-tracking.md",
"chars": 284,
"preview": "---\nname: Task\nabout: Use this template for task tracking\nlabels: kind/task\n\n---\n\n## Task Description\n\n\n## Task Goal\n\n\n#"
},
{
"path": ".github/PULL_REQUEST_TEMPLATE.md",
"chars": 691,
"preview": "<!-- Thanks for sending a pull request! Here are some tips for you:\n\nIf this is your first time, please read our contr"
},
{
"path": ".gitignore",
"chars": 377,
"preview": "*.dot\n*.ir\n*.dat\n*.pyc\n*.csv\n*.gz\n*.tar\n*.zip\n*.rar\n*.ipynb\n.idea/\nbuild/\ndist/\nlocal_script/\nexample/dataset/\nexample/m"
},
{
"path": ".jenkins/check/config/filter_cppcheck.txt",
"chars": 13,
"preview": "# MindArmour\n"
},
{
"path": ".jenkins/check/config/filter_cpplint.txt",
"chars": 13,
"preview": "# MindArmour\n"
},
{
"path": ".jenkins/check/config/filter_pylint.txt",
"chars": 5449,
"preview": "# MindArmour\n\"mindarmour/mindarmour/privacy/diff_privacy\" \"protec"
},
{
"path": ".jenkins/check/config/whitelizard.txt",
"chars": 200,
"preview": "# Scene1: \n# function_name1, function_name2\n# Scene2: \n# file_path:function_name1, function_name2\n#\nmindarmour/exa"
},
{
"path": ".jenkins/test/config/dependent_packages.yaml",
"chars": 147,
"preview": "mindspore:\n 'https://repo.mindspore.cn/mindspore/mindspore/version/202404/20240425/r2.3_20240425165819_2c3402f4e9fffe15"
},
{
"path": ".vscode/settings.json",
"chars": 36,
"preview": "{\n \"esbonio.sphinx.confDir\": \"\"\n}"
},
{
"path": "LICENSE",
"chars": 11357,
"preview": " Apache License\n Version 2.0, January 2004\n "
},
{
"path": "NOTICE",
"chars": 69,
"preview": "MindSpore MindArmour\nCopyright 2019-2020 Huawei Technologies Co., Ltd"
},
{
"path": "OWNERS",
"chars": 113,
"preview": "approvers:\n- pkuliuliu\n- ZhidanLiu\n- jxlang910\n- liu-siming-hw\n- yyuse\n- ZhibinHan\n\nreviewers:\n- 张澍坤\n- emmmmtang\n"
},
{
"path": "README.md",
"chars": 6977,
"preview": "# MindArmour\n\n<!-- TOC -->\n\n- [MindArmour](#mindarmour)\n - [What is MindArmour](#what-is-mindarmour)\n - [Adver"
},
{
"path": "README_CN.md",
"chars": 3716,
"preview": "# MindArmour\n\n<!-- TOC -->\n\n- [MindArmour](#mindarmour)\n - [简介](#简介)\n - [对抗样本鲁棒性模块](#对抗样本鲁棒性模块)\n - [Fuz"
},
{
"path": "RELEASE.md",
"chars": 8372,
"preview": "# MindSpore Armour Release Notes\n\n[查看中文](./RELEASE_CN.md)\n\n## MindSpore Armour 2.0.0 Release Notes\n\n### Major Features a"
},
{
"path": "RELEASE_CN.md",
"chars": 1317,
"preview": "# MindSpore Armour Release Notes\n\n[View English](./RELEASE.md)\n\n## MindSpore Armour 2.1.0 Release Notes\n\n### 主要特性及增强\n\n* "
},
{
"path": "docs/README.md",
"chars": 130,
"preview": "# MindArmour Documentation\n\nThe MindArmour documentation is in the [MindSpore Docs](https://gitee.com/mindspore/docs) re"
},
{
"path": "docs/api/api_python/mindarmour.adv_robustness.attacks.rst",
"chars": 35833,
"preview": "mindarmour.adv_robustness.attacks\n=================================\n\n本模块包括经典的黑盒和白盒攻击算法,以制作对抗样本。\n\n.. py:class:: mindarmou"
},
{
"path": "docs/api/api_python/mindarmour.adv_robustness.defenses.rst",
"chars": 3922,
"preview": "mindarmour.adv_robustness.defenses\n==================================\n\n该模块包括经典的防御算法,用于防御对抗样本,增强模型的安全性和可信性。\n\n.. py:class:"
},
{
"path": "docs/api/api_python/mindarmour.adv_robustness.detectors.rst",
"chars": 9313,
"preview": "mindarmour.adv_robustness.detectors\n===================================\n\n此模块是用于区分对抗样本和良性样本的检测器方法。\n\n.. py:class:: mindarm"
},
{
"path": "docs/api/api_python/mindarmour.adv_robustness.evaluations.rst",
"chars": 5735,
"preview": "mindarmour.adv_robustness.evaluations\n=====================================\n\n此模块包括各种指标,用于评估攻击或防御的结果。\n\n.. py:class:: mind"
},
{
"path": "docs/api/api_python/mindarmour.fuzz_testing.rst",
"chars": 11071,
"preview": "mindarmour.fuzz_testing\n=======================\n\n该模块提供了一种基于神经元覆盖率增益的模糊测试方法来评估给定模型的鲁棒性。\n\n.. py:class:: mindarmour.fuzz_te"
},
{
"path": "docs/api/api_python/mindarmour.natural_robustness.transform.image.rst",
"chars": 6481,
"preview": "mindarmour.natural_robustness.transform.image\r\n=============================================\r\n\r\n本模块包含图像的自然扰动方法。\r\n\r\n.. py"
},
{
"path": "docs/api/api_python/mindarmour.privacy.diff_privacy.rst",
"chars": 12120,
"preview": "mindarmour.privacy.diff_privacy\n===============================\n\n本模块提供差分隐私功能,以保护用户隐私。\n\n.. py:class:: mindarmour.privacy."
},
{
"path": "docs/api/api_python/mindarmour.privacy.evaluation.rst",
"chars": 4787,
"preview": "mindarmour.privacy.evaluation\n=============================\n\n本模块提供了一些评估给定模型隐私泄露风险的方法。\n\n.. py:class:: mindarmour.privacy."
},
{
"path": "docs/api/api_python/mindarmour.privacy.sup_privacy.rst",
"chars": 6919,
"preview": "mindarmour.privacy.sup_privacy\n==============================\n\n本模块提供抑制隐私功能,以保护用户隐私。\n\n.. py:class:: mindarmour.privacy.su"
},
{
"path": "docs/api/api_python/mindarmour.reliability.rst",
"chars": 4465,
"preview": "mindarmour.reliability\n======================\n\nMindArmour的可靠性方法。\n\n.. py:class:: mindarmour.reliability.FaultInjector(mod"
},
{
"path": "docs/api/api_python/mindarmour.rst",
"chars": 3591,
"preview": "mindarmour\n==========\n\nMindArmour是MindSpore的工具箱,用于增强模型可信,实现隐私保护机器学习。\n\n.. py:class:: mindarmour.Attack\n\n 所有通过创建对抗样本的攻击"
},
{
"path": "docs/api/api_python/mindarmour.utils.rst",
"chars": 2631,
"preview": "mindarmour.utils\n================\n\nMindArmour的工具方法。\n\n.. py:class:: mindarmour.utils.LogUtil\n\n 日志记录模块。\n\n 在长期运行的脚本中记"
},
{
"path": "docs/api/api_python_en/mindarmour.adv_robustness.attacks.rst",
"chars": 133,
"preview": "mindarmour.adv_robustness.attacks\n=================================\n\n.. automodule:: mindarmour.adv_robustness.attacks\n "
},
{
"path": "docs/api/api_python_en/mindarmour.adv_robustness.defenses.rst",
"chars": 136,
"preview": "mindarmour.adv_robustness.defenses\n==================================\n\n.. automodule:: mindarmour.adv_robustness.defense"
},
{
"path": "docs/api/api_python_en/mindarmour.adv_robustness.detectors.rst",
"chars": 139,
"preview": "mindarmour.adv_robustness.detectors\n===================================\n\n.. automodule:: mindarmour.adv_robustness.detec"
},
{
"path": "docs/api/api_python_en/mindarmour.adv_robustness.evaluations.rst",
"chars": 145,
"preview": "mindarmour.adv_robustness.evaluations\n=====================================\n\n.. automodule:: mindarmour.adv_robustness.e"
},
{
"path": "docs/api/api_python_en/mindarmour.fuzz_testing.rst",
"chars": 103,
"preview": "mindarmour.fuzz_testing\n=======================\n\n.. automodule:: mindarmour.fuzz_testing\n :members:\n"
},
{
"path": "docs/api/api_python_en/mindarmour.natural_robustness.transform.image.rst",
"chars": 168,
"preview": "mindarmour.natural_robustness.transform.image\n=============================================\n\n.. automodule:: mindarmour."
},
{
"path": "docs/api/api_python_en/mindarmour.privacy.diff_privacy.rst",
"chars": 127,
"preview": "mindarmour.privacy.diff_privacy\n===============================\n\n.. automodule:: mindarmour.privacy.diff_privacy\n :me"
},
{
"path": "docs/api/api_python_en/mindarmour.privacy.evaluation.rst",
"chars": 121,
"preview": "mindarmour.privacy.evaluation\n=============================\n\n.. automodule:: mindarmour.privacy.evaluation\n :members:"
},
{
"path": "docs/api/api_python_en/mindarmour.privacy.sup_privacy.rst",
"chars": 125,
"preview": "mindarmour.privacy.sup_privacy\n===============================\n\n.. automodule:: mindarmour.privacy.sup_privacy\n :memb"
},
{
"path": "docs/api/api_python_en/mindarmour.reliability.rst",
"chars": 100,
"preview": "mindarmour.reliability\n======================\n\n.. automodule:: mindarmour.reliability\n :members:\n"
},
{
"path": "docs/api/api_python_en/mindarmour.rst",
"chars": 218,
"preview": "mindarmour\n==========\n\n.. automodule:: mindarmour\n :members:\n :exclude-members: SuppressModel, SuppressMasker, Sup"
},
{
"path": "docs/api/api_python_en/mindarmour.utils.rst",
"chars": 81,
"preview": "mindarmour.utils\n================\n\n.. automodule:: mindarmour.utils\n :members:"
},
{
"path": "examples/README.md",
"chars": 1429,
"preview": "# Examples\n\n## Introduction\n\nThis package includes application demos for all developed tools of MindArmour. Through thes"
},
{
"path": "examples/__init__.py",
"chars": 682,
"preview": "# Copyright 2020 Huawei Technologies Co., Ltd\n#\n# Licensed under the Apache License, Version 2.0 (the \"License\");\n# you "
},
{
"path": "examples/ai_fuzzer/README.md",
"chars": 1416,
"preview": "# Application demos of model fuzzing\n\n## Introduction\n\nThe same as the traditional software fuzz testing, we can also de"
},
{
"path": "examples/ai_fuzzer/__init__.py",
"chars": 0,
"preview": ""
},
{
"path": "examples/ai_fuzzer/fuzz_testing_and_model_enhense.py",
"chars": 7900,
"preview": "# Copyright 2019 Huawei Technologies Co., Ltd\n#\n# Licensed under the Apache License, Version 2.0 (the \"License\");\n# you "
},
{
"path": "examples/ai_fuzzer/lenet5_mnist_coverage.py",
"chars": 3360,
"preview": "# Copyright 2019 Huawei Technologies Co., Ltd\n#\n# Licensed under the Apache License, Version 2.0 (the \"License\");\n# you "
},
{
"path": "examples/ai_fuzzer/lenet5_mnist_fuzzing.py",
"chars": 5949,
"preview": "# Copyright 2019 Huawei Technologies Co., Ltd\n#\n# Licensed under the Apache License, Version 2.0 (the \"License\");\n# you "
},
{
"path": "examples/ai_fuzzer/lenet5_mnist_scc.py",
"chars": 4782,
"preview": "# Copyright 2019 Huawei Technologies Co., Ltd\n#\n# Licensed under the Apache License, Version 2.0 (the \"License\");\n# you "
},
{
"path": "examples/common/__init__.py",
"chars": 0,
"preview": ""
},
{
"path": "examples/common/dataset/__init__.py",
"chars": 0,
"preview": ""
},
{
"path": "examples/common/dataset/data_processing.py",
"chars": 8900,
"preview": "# Copyright 2021 Huawei Technologies Co., Ltd\n#\n# Licensed under the Apache License, Version 2.0 (the \"License\");\n# you "
},
{
"path": "examples/common/networks/__init__.py",
"chars": 0,
"preview": ""
},
{
"path": "examples/common/networks/cifar10cnn/__init__.py",
"chars": 0,
"preview": ""
},
{
"path": "examples/common/networks/cifar10cnn/cifar10cnn_net.py",
"chars": 5100,
"preview": "# Copyright 2024 Huawei Technologies Co., Ltd\n#\n# Licensed under the Apache License, Version 2.0 (the \"License\");\n# you "
},
{
"path": "examples/common/networks/cifar10cnn/cifar_train.py",
"chars": 2813,
"preview": "# Copyright 2024 Huawei Technologies Co., Ltd\n#\n# Licensed under the Apache License, Version 2.0 (the \"License\");\n# you "
},
{
"path": "examples/common/networks/lenet5/__init__.py",
"chars": 0,
"preview": ""
},
{
"path": "examples/common/networks/lenet5/lenet5_net.py",
"chars": 2040,
"preview": "# Copyright 2019 Huawei Technologies Co., Ltd\n#\n# Licensed under the Apache License, Version 2.0 (the \"License\");\n# you "
},
{
"path": "examples/common/networks/lenet5/lenet5_net_for_fuzzing.py",
"chars": 2738,
"preview": "# Copyright 2021 Huawei Technologies Co., Ltd\n#\n# Licensed under the Apache License, Version 2.0 (the \"License\");\n# you "
},
{
"path": "examples/common/networks/lenet5/mnist_train.py",
"chars": 2751,
"preview": "# Copyright 2020 Huawei Technologies Co., Ltd\n#\n# Licensed under the Apache License, Version 2.0 (the \"License\");\n# you "
},
{
"path": "examples/common/networks/resnet/__init__.py",
"chars": 0,
"preview": ""
},
{
"path": "examples/common/networks/resnet/resnet.py",
"chars": 14769,
"preview": "# Copyright 2021 Huawei Technologies Co., Ltd\n#\n# Licensed under the Apache License, Version 2.0 (the \"License\");\n# you "
},
{
"path": "examples/common/networks/vgg/__init__.py",
"chars": 658,
"preview": "# Copyright 2020 Huawei Technologies Co., Ltd\n#\n# Licensed under the Apache License, Version 2.0 (the License);\n# you ma"
},
{
"path": "examples/common/networks/vgg/config.py",
"chars": 1397,
"preview": "# Copyright 2020 Huawei Technologies Co., Ltd\n#\n# Licensed under the Apache License, Version 2.0 (the \"License\");\n# you "
},
{
"path": "examples/common/networks/vgg/crossentropy.py",
"chars": 1654,
"preview": "# Copyright 2020 Huawei Technologies Co., Ltd\n#\n# Licensed under the Apache License, Version 2.0 (the \"License\");\n# you "
},
{
"path": "examples/common/networks/vgg/linear_warmup.py",
"chars": 904,
"preview": "# Copyright 2020 Huawei Technologies Co., Ltd\n#\n# Licensed under the Apache License, Version 2.0 (the \"License\");\n# you "
},
{
"path": "examples/common/networks/vgg/utils/__init__.py",
"chars": 0,
"preview": ""
},
{
"path": "examples/common/networks/vgg/utils/util.py",
"chars": 1508,
"preview": "# Copyright 2020 Huawei Technologies Co., Ltd\n#\n# Licensed under the Apache License, Version 2.0 (the \"License\");\n# you "
},
{
"path": "examples/common/networks/vgg/utils/var_init.py",
"chars": 7722,
"preview": "# Copyright 2020 Huawei Technologies Co., Ltd\n#\n# Licensed under the Apache License, Version 2.0 (the \"License\");\n# you "
},
{
"path": "examples/common/networks/vgg/vgg.py",
"chars": 5410,
"preview": "# Copyright 2020 Huawei Technologies Co., Ltd\n#\n# Licensed under the Apache License, Version 2.0 (the \"License\");\n# you "
},
{
"path": "examples/common/networks/vgg/warmup_cosine_annealing_lr.py",
"chars": 1485,
"preview": "# Copyright 2020 Huawei Technologies Co., Ltd\n#\n# Licensed under the Apache License, Version 2.0 (the \"License\");\n# you "
},
{
"path": "examples/common/networks/vgg/warmup_step_lr.py",
"chars": 3007,
"preview": "# Copyright 2020 Huawei Technologies Co., Ltd\n#\n# Licensed under the Apache License, Version 2.0 (the \"License\");\n# you "
},
{
"path": "examples/community/__init__.py",
"chars": 0,
"preview": ""
},
{
"path": "examples/community/face_adversarial_attack/README.md",
"chars": 2325,
"preview": "\n# 人脸识别物理对抗攻击\n\n## 描述\n\n本项目是基于MindSpore框架对人脸识别模型的物理对抗攻击,通过生成对抗口罩,使人脸佩戴后实现有目标攻击和非目标攻击。\n\n## 模型结构\n\n采用华为MindSpore官方训练的FaceReco"
},
{
"path": "examples/community/face_adversarial_attack/adversarial_attack.py",
"chars": 10294,
"preview": "# Copyright 2022 Huawei Technologies Co., Ltd\n#\n# Licensed under the Apache License, Version 2.0 (the \"License\");\n# you "
},
{
"path": "examples/community/face_adversarial_attack/example_non_target_attack.py",
"chars": 1843,
"preview": "# Copyright 2022 Huawei Technologies Co., Ltd\n#\n# Licensed under the Apache License, Version 2.0 (the \"License\");\n# you "
},
{
"path": "examples/community/face_adversarial_attack/example_target_attack.py",
"chars": 1832,
"preview": "# Copyright 2022 Huawei Technologies Co., Ltd\n#\n# Licensed under the Apache License, Version 2.0 (the \"License\");\n# you "
},
{
"path": "examples/community/face_adversarial_attack/loss_design.py",
"chars": 6157,
"preview": "# Copyright 2022 Huawei Technologies Co., Ltd\n#\n# Licensed under the Apache License, Version 2.0 (the \"License\");\n# you "
},
{
"path": "examples/community/face_adversarial_attack/test.py",
"chars": 2548,
"preview": "# Copyright 2022 Huawei Technologies Co., Ltd\n#\n# Licensed under the Apache License, Version 2.0 (the \"License\");\n# you "
},
{
"path": "examples/community/query_attack_detector/README.md",
"chars": 2251,
"preview": "# 基于相似度的对抗样本检测\r\n\r\n## 描述\r\n\r\n本算法主要针对黑盒查询攻击生成的对抗样本进行检测。由于攻击过程往往生成大量相似的查询图片,如果某个查询与之前的查询相似度大于一定阈值,则判定为攻击。\r\n\r\n## 环境要求\r\n\r\nMind"
},
{
"path": "examples/community/query_attack_detector/query_detector.py",
"chars": 11038,
"preview": "# Copyright 2023 Huawei Technologies Co., Ltd\r\n#\r\n# Licensed under the Apache License, Version 2.0 (the \"License\");\r\n# y"
},
{
"path": "examples/community/speech_adversarial_attack/README.md",
"chars": 2116,
"preview": "# 音频识别对抗噪声生成\n\n## 描述\n\n本项目是基于MindSpore框架实现音频识别模型对抗噪声生成算法[PAT](https://arxiv.org/pdf/2211.10661.pdf),通过生成基于音素的通用对抗噪声来干扰音频识别"
},
{
"path": "examples/community/speech_adversarial_attack/attack.py",
"chars": 11652,
"preview": "\"\"\"\nSpeech attack\n\"\"\"\nimport json\nimport datetime\nimport numpy as np\nfrom g2p_en import G2p\nfrom tqdm import tqdm\n\nimpor"
},
{
"path": "examples/community/speech_adversarial_attack/checkpoints/.gitkeep",
"chars": 0,
"preview": ""
},
{
"path": "examples/community/speech_adversarial_attack/data/.gitkeep",
"chars": 0,
"preview": ""
},
{
"path": "examples/community/speech_adversarial_attack/dataset.py",
"chars": 7375,
"preview": "# Copyright 2023 Huawei Technologies Co., Ltd\n#\n# Licensed under the Apache License, Version 2.0 (the \"License\");\n# you "
},
{
"path": "examples/community/speech_adversarial_attack/labels.json",
"chars": 205,
"preview": "[\n \"'\",\n \"A\",\n \"B\",\n \"C\",\n \"D\",\n \"E\",\n \"F\",\n \"G\",\n \"H\",\n \"I\",\n \"J\",\n \"K\",\n \"L\",\n \"M\",\n \"N\",\n \"O\",\n \"P\","
},
{
"path": "examples/community/speech_adversarial_attack/requirements.txt",
"chars": 106,
"preview": "numpy >= 1.17.0\neasydict >= 1.9\nlibrosa >= 0.8.1\nsoundfile >= 0.11.0\nLevenshtein >= 0.20.9\ng2p-en >= 2.1.0"
},
{
"path": "examples/community/speech_adversarial_attack/src/__init__.py",
"chars": 658,
"preview": "# Copyright 2023 Huawei Technologies Co., Ltd\n#\n# Licensed under the Apache License, Version 2.0 (the License);\n# you ma"
},
{
"path": "examples/community/speech_adversarial_attack/src/config.py",
"chars": 3172,
"preview": "# Copyright 2023 Huawei Technologies Co., Ltd\n#\n# Licensed under the Apache License, Version 2.0 (the \"License\");\n# you "
},
{
"path": "examples/community/speech_adversarial_attack/src/deepspeech2.py",
"chars": 12389,
"preview": "# Copyright 2023 Huawei Technologies Co., Ltd\n#\n# Licensed under the Apache License, Version 2.0 (the \"License\");\n# you "
},
{
"path": "examples/community/speech_adversarial_attack/src/greedydecoder.py",
"chars": 5247,
"preview": "# Copyright 2023 Huawei Technologies Co., Ltd\n#\n# Licensed under the Apache License, Version 2.0 (the \"License\");\n# you "
},
{
"path": "examples/community/speech_adversarial_attack/stft.py",
"chars": 4354,
"preview": "\"\"\"\nThe short-time Fourier transform (STFT).\n\"\"\"\n\nimport numpy as np\nimport mindspore as ms\nfrom mindspore import nn, op"
},
{
"path": "examples/model_protection/qwen2_5/README.md",
"chars": 1887,
"preview": "# Qwen2_5_7B_Instruct模型混淆\n\n提供Qwen2_5_7B_Instruct模型的混淆和推理脚本。用户分别传入模型文件的路径和推理数据,返回混淆后的模型和推理结果。\n\n## 环境准备\n\n硬件环境:Atlas 800I A"
},
{
"path": "examples/model_protection/qwen2_5/infer/network_patch/__init__.py",
"chars": 0,
"preview": ""
},
{
"path": "examples/model_protection/qwen2_5/infer/network_patch/qwen2_5_7b_instruct_ms_network_obfuscate.py",
"chars": 9099,
"preview": "# Copyright 2025 Huawei Technologies Co., Ltd\n#\n# Licensed under the Apache License, Version 2.0 (the \"License\");\n# you "
},
{
"path": "examples/model_protection/qwen2_5/infer/network_patch/qwen2_5_7b_instruct_ms_network_obfuscate_emb.py",
"chars": 6677,
"preview": "# Copyright 2025 Huawei Technologies Co., Ltd\n#\n# Licensed under the Apache License, Version 2.0 (the \"License\");\n# you "
},
{
"path": "examples/model_protection/qwen2_5/infer/qwen2_5_7b_instruct_obfuscate_inference.py",
"chars": 2023,
"preview": "# Copyright 2025 Huawei Technologies Co., Ltd\n#\n# Licensed under the Apache License, Version 2.0 (the \"License\");\n# you "
},
{
"path": "examples/model_protection/qwen2_5/obfuscation/config/qwen2_5_7b_instruct_obf_config.yaml",
"chars": 4097,
"preview": "obf_metadata_config:\n- name: attn_pi\n shape: [3584, ]\n type: rearrange\n save_metadata: True\n- name: attn_kv_pi\n shap"
},
{
"path": "examples/model_protection/qwen2_5/obfuscation/config/qwen2_5_7b_instruct_obf_config_emb.yaml",
"chars": 4449,
"preview": "obf_metadata_config:\n- name: emb_pi\n shape: [152064, ]\n type: rearrange\n save_metadata: False\n- name: emb_pi_inv\n sh"
},
{
"path": "examples/model_protection/qwen2_5/obfuscation/qwen2_5_7b_instruct_weight_obfuscate.py",
"chars": 4528,
"preview": "# Copyright 2025 Huawei Technologies Co., Ltd\n#\n# Licensed under the Apache License, Version 2.0 (the \"License\");\n# you "
},
{
"path": "examples/model_security/README.md",
"chars": 1801,
"preview": "# Application demos of model security\n## Introduction\nIt has been proved that AI models are vulnerable to adversarial no"
},
{
"path": "examples/model_security/__init__.py",
"chars": 0,
"preview": ""
},
{
"path": "examples/model_security/model_attacks/__init__.py",
"chars": 0,
"preview": ""
},
{
"path": "examples/model_security/model_attacks/black_box/__init__.py",
"chars": 0,
"preview": ""
},
{
"path": "examples/model_security/model_attacks/black_box/mnist_attack_genetic.py",
"chars": 5559,
"preview": "# Copyright 2019 Huawei Technologies Co., Ltd\n#\n# Licensed under the Apache License, Version 2.0 (the \"License\");\n# you "
},
{
"path": "examples/model_security/model_attacks/black_box/mnist_attack_hsja.py",
"chars": 4879,
"preview": "# Copyright 2019 Huawei Technologies Co., Ltd\n#\n# Licensed under the Apache License, Version 2.0 (the \"License\");\n# you "
},
{
"path": "examples/model_security/model_attacks/black_box/mnist_attack_nes.py",
"chars": 5178,
"preview": "# Copyright 2019 Huawei Technologies Co., Ltd\n#\n# Licensed under the Apache License, Version 2.0 (the \"License\");\n# you "
},
{
"path": "examples/model_security/model_attacks/black_box/mnist_attack_pointwise.py",
"chars": 5150,
"preview": "# Copyright 2019 Huawei Technologies Co., Ltd\n#\n# Licensed under the Apache License, Version 2.0 (the \"License\");\n# you "
},
{
"path": "examples/model_security/model_attacks/black_box/mnist_attack_pso.py",
"chars": 5110,
"preview": "# Copyright 2019 Huawei Technologies Co., Ltd\n#\n# Licensed under the Apache License, Version 2.0 (the \"License\");\n# you "
},
{
"path": "examples/model_security/model_attacks/black_box/mnist_attack_salt_and_pepper.py",
"chars": 5307,
"preview": "# Copyright 2019 Huawei Technologies Co., Ltd\n#\n# Licensed under the Apache License, Version 2.0 (the \"License\");\n# you "
},
{
"path": "examples/model_security/model_attacks/cv/faster_rcnn/README.md",
"chars": 1209,
"preview": "# Dataset\n\nDataset used: [COCO2017](<https://cocodataset.org/>) \n\n- Dataset size:19G\n - Train:18G,118000 images \n - V"
},
{
"path": "examples/model_security/model_attacks/cv/faster_rcnn/coco_attack_genetic.py",
"chars": 5987,
"preview": "# Copyright 2020 Huawei Technologies Co., Ltd\r\n#\r\n# Licensed under the Apache License, Version 2.0 (the \"License\");\r\n# y"
},
{
"path": "examples/model_security/model_attacks/cv/faster_rcnn/coco_attack_pgd.py",
"chars": 4991,
"preview": "# Copyright 2020 Huawei Technologies Co., Ltd\n#\n# Licensed under the Apache License, Version 2.0 (the \"License\");\n# you "
},
{
"path": "examples/model_security/model_attacks/cv/faster_rcnn/coco_attack_pso.py",
"chars": 5896,
"preview": "# Copyright 2020 Huawei Technologies Co., Ltd\r\n#\r\n# Licensed under the Apache License, Version 2.0 (the \"License\");\r\n# y"
},
{
"path": "examples/model_security/model_attacks/cv/faster_rcnn/src/FasterRcnn/__init__.py",
"chars": 1261,
"preview": "# Copyright 2020 Huawei Technologies Co., Ltd\n#\n# Licensed under the Apache License, Version 2.0 (the \"License\");\n# you "
},
{
"path": "examples/model_security/model_attacks/cv/faster_rcnn/src/FasterRcnn/anchor_generator.py",
"chars": 3130,
"preview": "# Copyright 2020 Huawei Technologies Co., Ltd\n#\n# Licensed under the Apache License, Version 2.0 (the \"License\");\n# you "
},
{
"path": "examples/model_security/model_attacks/cv/faster_rcnn/src/FasterRcnn/bbox_assign_sample.py",
"chars": 8423,
"preview": "# Copyright 2020 Huawei Technologies Co., Ltd\n#\n# Licensed under the Apache License, Version 2.0 (the \"License\");\n# you "
},
{
"path": "examples/model_security/model_attacks/cv/faster_rcnn/src/FasterRcnn/bbox_assign_sample_stage2.py",
"chars": 10087,
"preview": "# Copyright 2020 Huawei Technologies Co., Ltd\n#\n# Licensed under the Apache License, Version 2.0 (the \"License\");\n# you "
},
{
"path": "examples/model_security/model_attacks/cv/faster_rcnn/src/FasterRcnn/faster_rcnn_r50.py",
"chars": 19725,
"preview": "# Copyright 2020 Huawei Technologies Co., Ltd\n#\n# Licensed under the Apache License, Version 2.0 (the \"License\");\n# you "
},
{
"path": "examples/model_security/model_attacks/cv/faster_rcnn/src/FasterRcnn/fpn_neck.py",
"chars": 4532,
"preview": "# Copyright 2020 Huawei Technologies Co., Ltd\n#\n# Licensed under the Apache License, Version 2.0 (the \"License\");\n# you "
},
{
"path": "examples/model_security/model_attacks/cv/faster_rcnn/src/FasterRcnn/proposal_generator.py",
"chars": 7935,
"preview": "# Copyright 2020 Huawei Technologies Co., Ltd\n#\n# Licensed under the Apache License, Version 2.0 (the \"License\");\n# you "
},
{
"path": "examples/model_security/model_attacks/cv/faster_rcnn/src/FasterRcnn/rcnn.py",
"chars": 7408,
"preview": "# Copyright 2020 Huawei Technologies Co., Ltd\n#\n# Licensed under the Apache License, Version 2.0 (the \"License\");\n# you "
},
{
"path": "examples/model_security/model_attacks/cv/faster_rcnn/src/FasterRcnn/resnet50.py",
"chars": 9995,
"preview": "# Copyright 2020 Huawei Technologies Co., Ltd\r\n#\r\n# Licensed under the Apache License, Version 2.0 (the \"License\");\r\n# y"
},
{
"path": "examples/model_security/model_attacks/cv/faster_rcnn/src/FasterRcnn/roi_align.py",
"chars": 7050,
"preview": "# Copyright 2020 Huawei Technologies Co., Ltd\n#\n# Licensed under the Apache License, Version 2.0 (the \"License\");\n# you "
},
{
"path": "examples/model_security/model_attacks/cv/faster_rcnn/src/FasterRcnn/rpn.py",
"chars": 13761,
"preview": "# Copyright 2020 Huawei Technologies Co., Ltd\n#\n# Licensed under the Apache License, Version 2.0 (the \"License\");\n# you "
},
{
"path": "examples/model_security/model_attacks/cv/faster_rcnn/src/config.py",
"chars": 5212,
"preview": "# Copyright 2020 Huawei Technologies Co., Ltd\n#\n# Licensed under the Apache License, Version 2.0 (the \"License\");\n# you "
},
{
"path": "examples/model_security/model_attacks/cv/faster_rcnn/src/dataset.py",
"chars": 18813,
"preview": "# Copyright 2020 Huawei Technologies Co., Ltd\n#\n# Licensed under the Apache License, Version 2.0 (the \"License\");\n# you "
},
{
"path": "examples/model_security/model_attacks/cv/faster_rcnn/src/lr_schedule.py",
"chars": 1745,
"preview": "# Copyright 2020 Huawei Technologies Co., Ltd\n#\n# Licensed under the Apache License, Version 2.0 (the \"License\");\n# you "
},
{
"path": "examples/model_security/model_attacks/cv/faster_rcnn/src/network_define.py",
"chars": 7172,
"preview": "# Copyright 2020 Huawei Technologies Co., Ltd\n#\n# Licensed under the Apache License, Version 2.0 (the \"License\");\n# you "
},
{
"path": "examples/model_security/model_attacks/cv/faster_rcnn/src/util.py",
"chars": 8358,
"preview": "# Copyright 2020 Huawei Technologies Co., Ltd\n#\n# Licensed under the Apache License, Version 2.0 (the \"License\");\n# you "
},
{
"path": "examples/model_security/model_attacks/cv/yolov3_darknet53/coco_attack_deepfool.py",
"chars": 6000,
"preview": "# Copyright 2020 Huawei Technologies Co., Ltd\n#\n# Licensed under the Apache License, Version 2.0 (the \"License\");\n# you "
},
{
"path": "examples/model_security/model_attacks/cv/yolov3_darknet53/src/__init__.py",
"chars": 667,
"preview": "# Copyright 2020 Huawei Technologies Co., Ltd\n#\n# Licensed under the Apache License, Version 2.0 (the \"License\");\n# you "
},
{
"path": "examples/model_security/model_attacks/cv/yolov3_darknet53/src/config.py",
"chars": 2056,
"preview": "# Copyright 2020 Huawei Technologies Co., Ltd\r\n#\r\n# Licensed under the Apache License, Version 2.0 (the \"License\");\r\n# y"
},
{
"path": "examples/model_security/model_attacks/cv/yolov3_darknet53/src/convert_weight.py",
"chars": 3374,
"preview": "# Copyright 2020 Huawei Technologies Co., Ltd\n#\n# Licensed under the Apache License, Version 2.0 (the \"License\");\n# you "
},
{
"path": "examples/model_security/model_attacks/cv/yolov3_darknet53/src/darknet.py",
"chars": 7202,
"preview": "# Copyright 2020 Huawei Technologies Co., Ltd\r\n#\r\n# Licensed under the Apache License, Version 2.0 (the \"License\");\r\n# y"
},
{
"path": "examples/model_security/model_attacks/cv/yolov3_darknet53/src/distributed_sampler.py",
"chars": 2426,
"preview": "# Copyright 2020 Huawei Technologies Co., Ltd\r\n#\r\n# Licensed under the Apache License, Version 2.0 (the \"License\");\r\n# y"
},
{
"path": "examples/model_security/model_attacks/cv/yolov3_darknet53/src/initializer.py",
"chars": 8499,
"preview": "# Copyright 2020 Huawei Technologies Co., Ltd\n#\n# Licensed under the Apache License, Version 2.0 (the \"License\");\n# you "
},
{
"path": "examples/model_security/model_attacks/cv/yolov3_darknet53/src/logger.py",
"chars": 2392,
"preview": "# Copyright 2020 Huawei Technologies Co., Ltd\n#\n# Licensed under the Apache License, Version 2.0 (the \"License\");\n# you "
},
{
"path": "examples/model_security/model_attacks/cv/yolov3_darknet53/src/loss.py",
"chars": 2681,
"preview": "# Copyright 2020 Huawei Technologies Co., Ltd\n#\n# Licensed under the Apache License, Version 2.0 (the \"License\");\n# you "
},
{
"path": "examples/model_security/model_attacks/cv/yolov3_darknet53/src/lr_scheduler.py",
"chars": 6985,
"preview": "# Copyright 2020 Huawei Technologies Co., Ltd\n#\n# Licensed under the Apache License, Version 2.0 (the \"License\");\n# you "
},
{
"path": "examples/model_security/model_attacks/cv/yolov3_darknet53/src/transforms.py",
"chars": 24344,
"preview": "# Copyright 2020 Huawei Technologies Co., Ltd\r\n#\r\n# Licensed under the Apache License, Version 2.0 (the \"License\");\r\n# y"
},
{
"path": "examples/model_security/model_attacks/cv/yolov3_darknet53/src/util.py",
"chars": 6908,
"preview": "# Copyright 2020 Huawei Technologies Co., Ltd\n#\n# Licensed under the Apache License, Version 2.0 (the \"License\");\n# you "
},
{
"path": "examples/model_security/model_attacks/cv/yolov3_darknet53/src/yolo.py",
"chars": 18172,
"preview": "# Copyright 2020 Huawei Technologies Co., Ltd\r\n#\r\n# Licensed under the Apache License, Version 2.0 (the \"License\");\r\n# y"
},
{
"path": "examples/model_security/model_attacks/cv/yolov3_darknet53/src/yolo_dataset.py",
"chars": 7680,
"preview": "# Copyright 2020 Huawei Technologies Co., Ltd\r\n#\r\n# Licensed under the Apache License, Version 2.0 (the \"License\");\r\n# y"
},
{
"path": "examples/model_security/model_attacks/white_box/__init__.py",
"chars": 0,
"preview": ""
},
{
"path": "examples/model_security/model_attacks/white_box/mnist_attack_cw.py",
"chars": 4575,
"preview": "# Copyright 2019 Huawei Technologies Co., Ltd\n#\n# Licensed under the Apache License, Version 2.0 (the \"License\");\n# you "
},
{
"path": "examples/model_security/model_attacks/white_box/mnist_attack_deepfool.py",
"chars": 4590,
"preview": "# Copyright 2019 Huawei Technologies Co., Ltd\n#\n# Licensed under the Apache License, Version 2.0 (the \"License\");\n# you "
},
{
"path": "examples/model_security/model_attacks/white_box/mnist_attack_fgsm.py",
"chars": 4671,
"preview": "# Copyright 2019 Huawei Technologies Co., Ltd\n#\n# Licensed under the Apache License, Version 2.0 (the \"License\");\n# you "
},
{
"path": "examples/model_security/model_attacks/white_box/mnist_attack_jsma.py",
"chars": 4718,
"preview": "# Copyright 2019 Huawei Technologies Co., Ltd\n#\n# Licensed under the Apache License, Version 2.0 (the \"License\");\n# you "
},
{
"path": "examples/model_security/model_attacks/white_box/mnist_attack_lbfgs.py",
"chars": 5156,
"preview": "# Copyright 2019 Huawei Technologies Co., Ltd\n#\n# Licensed under the Apache License, Version 2.0 (the \"License\");\n# you "
},
{
"path": "examples/model_security/model_attacks/white_box/mnist_attack_mdi2fgsm.py",
"chars": 4763,
"preview": "# Copyright 2019 Huawei Technologies Co., Ltd\n#\n# Licensed under the Apache License, Version 2.0 (the \"License\");\n# you "
},
{
"path": "examples/model_security/model_attacks/white_box/mnist_attack_pgd.py",
"chars": 4704,
"preview": "# Copyright 2019 Huawei Technologies Co., Ltd\n#\n# Licensed under the Apache License, Version 2.0 (the \"License\");\n# you "
},
{
"path": "examples/model_security/model_attacks/white_box/mnist_attack_vmifgsm.py",
"chars": 4842,
"preview": "# Copyright 2023 Huawei Technologies Co., Ltd\r\n#\r\n# Licensed under the Apache License, Version 2.0 (the \"License\");\r\n# y"
},
{
"path": "examples/model_security/model_defenses/__init__.py",
"chars": 0,
"preview": ""
},
{
"path": "examples/model_security/model_defenses/mnist_defense_nad.py",
"chars": 4435,
"preview": "# Copyright 2019 Huawei Technologies Co., Ltd\n#\n# Licensed under the Apache License, Version 2.0 (the \"License\");\n# you "
},
{
"path": "examples/model_security/model_defenses/mnist_evaluation.py",
"chars": 13602,
"preview": "# Copyright 2019 Huawei Technologies Co., Ltd\r\n#\r\n# Licensed under the Apache License, Version 2.0 (the \"License\");\r\n# y"
},
{
"path": "examples/model_security/model_defenses/mnist_similarity_detector.py",
"chars": 6366,
"preview": "# Copyright 2019 Huawei Technologies Co., Ltd\n#\n# Licensed under the Apache License, Version 2.0 (the \"License\");\n# you "
},
{
"path": "examples/model_security/neuron_sensitivity/mnist_neuron_sensitivity.py",
"chars": 3844,
"preview": "# Copyright 2023 Huawei Technologies Co., Ltd\n#\n# Licensed under the Apache License, Version 2.0 (the \"License\");\n# you "
},
{
"path": "examples/natural_robustness/__init__.py",
"chars": 0,
"preview": ""
},
{
"path": "examples/natural_robustness/natural_robustness_example.py",
"chars": 4487,
"preview": "# Copyright 2022 Huawei Technologies Co., Ltd\n#\n# Licensed under the Apache License, Version 2.0 (the \"License\");\n# you "
},
{
"path": "examples/natural_robustness/serving/README.md",
"chars": 6527,
"preview": "# 自然扰动样本生成serving服务\r\n\r\n提供自然扰动样本生成在线服务。客户端传入图片和扰动参数,服务端返回扰动后的图片数据。\r\n\r\n## 环境准备\r\n\r\n硬件环境:Ascend 910,GPU\r\n\r\n操作系统:Linux-x86_64"
},
{
"path": "examples/natural_robustness/serving/client/perturb_config.py",
"chars": 2851,
"preview": "# Copyright 2021 Huawei Technologies Co., Ltd\r\n#\r\n# Licensed under the Apache License, Version 2.0 (the \"License\");\r\n# y"
},
{
"path": "examples/natural_robustness/serving/client/serving_client.py",
"chars": 2346,
"preview": "# Copyright 2021 Huawei Technologies Co., Ltd\n#\n# Licensed under the Apache License, Version 2.0 (the \"License\");\n# you "
},
{
"path": "examples/natural_robustness/serving/server/perturbation/servable_config.py",
"chars": 4151,
"preview": "# Copyright 2021 Huawei Technologies Co., Ltd\n#\n# Licensed under the Apache License, Version 2.0 (the \"License\");\n# you "
},
{
"path": "examples/natural_robustness/serving/server/serving_server.py",
"chars": 1489,
"preview": "# Copyright 2021 Huawei Technologies Co., Ltd\n#\n# Licensed under the Apache License, Version 2.0 (the \"License\");\n# you "
},
{
"path": "examples/privacy/README.md",
"chars": 2628,
"preview": "# Application demos of privacy stealing and privacy protection\n\n## Introduction\n\nAlthough machine learning could obtain "
},
{
"path": "examples/privacy/__init__.py",
"chars": 0,
"preview": ""
},
{
"path": "examples/privacy/diff_privacy/__init__.py",
"chars": 0,
"preview": ""
},
{
"path": "examples/privacy/diff_privacy/dp_ada_gaussian_config.py",
"chars": 2089,
"preview": "# Copyright 2020 Huawei Technologies Co., Ltd\n#\n# Licensed under the Apache License, Version 2.0 (the \"License\");\n# you "
},
{
"path": "examples/privacy/diff_privacy/dp_ada_sgd_graph_config.py",
"chars": 2114,
"preview": "# Copyright 2020 Huawei Technologies Co., Ltd\n#\n# Licensed under the Apache License, Version 2.0 (the \"License\");\n# you "
},
{
"path": "examples/privacy/diff_privacy/lenet5_config.py",
"chars": 2607,
"preview": "# Copyright 2020 Huawei Technologies Co., Ltd\n#\n# Licensed under the Apache License, Version 2.0 (the \"License\");\n# you "
},
{
"path": "examples/privacy/diff_privacy/lenet5_dp.py",
"chars": 7596,
"preview": "# Copyright 2020 Huawei Technologies Co., Ltd\n#\n# Licensed under the Apache License, Version 2.0 (the \"License\");\n# you "
},
{
"path": "examples/privacy/diff_privacy/lenet5_dp_ada_gaussian.py",
"chars": 6583,
"preview": "# Copyright 2020 Huawei Technologies Co., Ltd\n#\n# Licensed under the Apache License, Version 2.0 (the \"License\");\n# you "
},
{
"path": "examples/privacy/diff_privacy/lenet5_dp_ada_sgd_graph.py",
"chars": 6611,
"preview": "# Copyright 2020 Huawei Technologies Co., Ltd\n#\n# Licensed under the Apache License, Version 2.0 (the \"License\");\n# you "
},
{
"path": "examples/privacy/diff_privacy/lenet5_dp_optimizer.py",
"chars": 7394,
"preview": "# Copyright 2020 Huawei Technologies Co., Ltd\n#\n# Licensed under the Apache License, Version 2.0 (the \"License\");\n# you "
},
{
"path": "examples/privacy/inversion_attack/README.md",
"chars": 4670,
"preview": "# 模型逆向攻击\n\n使用MindSpore框架和MindArmour工具包实现的CIFAR-10图像反演攻击的Python脚本。该脚本利用深度学习模型对CIFAR-10数据集中的图像进行反演攻击,以评估模型的隐私保护能力。构造原始模型相应的"
},
{
"path": "examples/privacy/inversion_attack/__init__.py",
"chars": 0,
"preview": ""
},
{
"path": "examples/privacy/inversion_attack/cifar_black_box.py",
"chars": 3989,
"preview": "# Copyright 2024 Huawei Technologies Co., Ltd\n#\n# Licensed under the Apache License, Version 2.0 (the \"License\");\n# you "
},
{
"path": "examples/privacy/inversion_attack/cifar_shadow_attack.py",
"chars": 4108,
"preview": "# Copyright 2024 Huawei Technologies Co., Ltd\n#\n# Licensed under the Apache License, Version 2.0 (the \"License\");\n# you "
},
{
"path": "examples/privacy/inversion_attack/inversion_net.py",
"chars": 3398,
"preview": "\"\"\"\nInversion Attack Network\n\"\"\"\nfrom mindspore import nn\n\n\nclass LeNetDecoderConv1(nn.Cell):\n \"\"\"\n Conv1 -> Input"
},
{
"path": "examples/privacy/inversion_attack/mnist_inversion_attack.py",
"chars": 5043,
"preview": "# Copyright 2021 Huawei Technologies Co., Ltd\n#\n# Licensed under the Apache License, Version 2.0 (the \"License\");\n# you "
},
{
"path": "examples/privacy/inversion_attack/shadow_net.py",
"chars": 19228,
"preview": "\"\"\"\nShadow Attack Alternative Network\n\"\"\"\nimport collections\nfrom mindspore import nn\n\n\nclass LeNetAlternativeConv1(nn.C"
},
{
"path": "examples/privacy/membership_inference/__init__.py",
"chars": 0,
"preview": ""
},
{
"path": "examples/privacy/membership_inference/eval.py",
"chars": 5137,
"preview": "# Copyright 2020 Huawei Technologies Co., Ltd\n#\n# Licensed under the Apache License, Version 2.0 (the \"License\");\n# you "
},
{
"path": "examples/privacy/membership_inference/example_vgg_cifar.py",
"chars": 4620,
"preview": "# Copyright 2020 Huawei Technologies Co., Ltd\n#\n# Licensed under the Apache License, Version 2.0 (the \"License\");\n# you "
},
{
"path": "examples/privacy/membership_inference/train.py",
"chars": 8179,
"preview": "# Copyright 2020 Huawei Technologies Co., Ltd\n#\n# Licensed under the Apache License, Version 2.0 (the \"License\");\n# you "
},
{
"path": "examples/privacy/sup_privacy/__init__.py",
"chars": 0,
"preview": ""
},
{
"path": "examples/privacy/sup_privacy/sup_privacy.py",
"chars": 6927,
"preview": "# Copyright 2021 Huawei Technologies Co., Ltd\n#\n# Licensed under the Apache License, Version 2.0 (the \"License\");\n# you "
},
{
"path": "examples/privacy/sup_privacy/sup_privacy_config.py",
"chars": 1157,
"preview": "# Copyright 2021 Huawei Technologies Co., Ltd\n#\n# Licensed under the Apache License, Version 2.0 (the \"License\");\n# you "
},
{
"path": "examples/reliability/concept_drift_check_images_lenet.py",
"chars": 2026,
"preview": "# Copyright 2021 Huawei Technologies Co., Ltd\n#\n# Licensed under the Apache License, Version 2.0 (the \"License\");\n# you "
},
{
"path": "examples/reliability/concept_drift_check_images_resnet.py",
"chars": 1875,
"preview": "# Copyright 2021 Huawei Technologies Co., Ltd\n#\n# Licensed under the Apache License, Version 2.0 (the \"License\");\n# you "
},
{
"path": "examples/reliability/concept_drift_time_series.py",
"chars": 1751,
"preview": "# -*- coding: utf-8 -*-\n# Copyright 2021 Huawei Technologies Co., Ltd\n#\n# Licensed under the Apache License, Version 2.0"
},
{
"path": "examples/reliability/model_fault_injection.py",
"chars": 3842,
"preview": "# Copyright 2021 Huawei Technologies Co., Ltd\n#\n# Licensed under the Apache License, Version 2.0 (the \"License\");\n# you "
},
{
"path": "mindarmour/__init__.py",
"chars": 4222,
"preview": "# Copyright 2020 Huawei Technologies Co., Ltd\n#\n# Licensed under the Apache License, Version 2.0 (the \"License\");\n# you "
},
{
"path": "mindarmour/adv_robustness/__init__.py",
"chars": 707,
"preview": "# Copyright 2020 Huawei Technologies Co., Ltd\n#\n# Licensed under the Apache License, Version 2.0 (the \"License\");\n# you "
},
{
"path": "mindarmour/adv_robustness/attacks/__init__.py",
"chars": 2594,
"preview": "# Copyright 2020 Huawei Technologies Co., Ltd\n#\n# Licensed under the Apache License, Version 2.0 (the \"License\");\n# you "
}
]
// ... and 157 more files (download for full content)
About this extraction
This page contains the full source code of the mindspore-ai/mindarmour GitHub repository, extracted and formatted as plain text for AI agents and large language models (LLMs). The extraction includes 357 files (40.9 MB), approximately 490.4k tokens, and a symbol index with 1573 extracted functions, classes, methods, constants, and types. Use this with OpenClaw, Claude, ChatGPT, Cursor, Windsurf, or any other AI tool that accepts text input. You can copy the full output to your clipboard or download it as a .txt file.
Extracted by GitExtract — free GitHub repo to text converter for AI. Built by Nikandr Surkov.