From 318e753d9625d9e1460d48dc22b46330969a7f01 Mon Sep 17 00:00:00 2001 From: jin-xiulang Date: Fri, 11 Sep 2020 21:12:03 +0800 Subject: [PATCH] Adjust the structure of examples and add readme for each group. --- .gitignore | 2 +- example/membership_inference_demo/vgg/dataset.py | 75 ---------------------- example/mnist_demo/README.md | 46 ------------- examples/README.md | 38 +++++++++++ examples/__init__.py | 16 +++++ examples/ai_fuzzer/README.md | 24 +++++++ examples/ai_fuzzer/__init__.py | 0 .../ai_fuzzer}/lenet5_mnist_coverage.py | 15 ++--- .../ai_fuzzer}/lenet5_mnist_fuzzing.py | 15 ++--- examples/common/__init__.py | 0 examples/common/dataset/__init__.py | 0 .../common/dataset}/data_processing.py | 59 ++++++++++++++++- examples/common/networks/__init__.py | 0 examples/common/networks/lenet5/__init__.py | 0 .../common/networks/lenet5}/lenet5_net.py | 0 .../common/networks/lenet5}/mnist_train.py | 9 ++- .../common/networks}/vgg/__init__.py | 0 .../common/networks}/vgg/config.py | 0 .../common/networks}/vgg/crossentropy.py | 0 .../common/networks}/vgg/linear_warmup.py | 0 examples/common/networks/vgg/utils/__init__.py | 0 .../common/networks}/vgg/utils/util.py | 0 .../common/networks}/vgg/utils/var_init.py | 5 ++ .../common/networks}/vgg/vgg.py | 0 .../networks}/vgg/warmup_cosine_annealing_lr.py | 0 .../common/networks}/vgg/warmup_step_lr.py | 0 examples/model_security/README.md | 40 ++++++++++++ examples/model_security/__init__.py | 0 examples/model_security/model_attacks/__init__.py | 0 .../model_attacks/black_box/__init__.py | 0 .../black_box}/mnist_attack_genetic.py | 19 +++--- .../model_attacks/black_box}/mnist_attack_hsja.py | 14 ++-- .../model_attacks/black_box}/mnist_attack_nes.py | 15 ++--- .../black_box}/mnist_attack_pointwise.py | 16 ++--- .../model_attacks/black_box}/mnist_attack_pso.py | 17 ++--- .../black_box}/mnist_attack_salt_and_pepper.py | 16 ++--- .../model_attacks/white_box/__init__.py | 0 .../model_attacks/white_box}/mnist_attack_cw.py | 17 ++--- .../white_box}/mnist_attack_deepfool.py | 17 ++--- .../model_attacks/white_box}/mnist_attack_fgsm.py | 17 ++--- .../model_attacks/white_box}/mnist_attack_jsma.py | 19 ++---- .../model_attacks/white_box}/mnist_attack_lbfgs.py | 17 ++--- .../white_box}/mnist_attack_mdi2fgsm.py | 17 ++--- .../model_attacks/white_box}/mnist_attack_pgd.py | 17 ++--- examples/model_security/model_defenses/__init__.py | 0 .../model_defenses}/mnist_defense_nad.py | 20 ++++-- .../model_defenses}/mnist_evaluation.py | 22 +++---- .../model_defenses}/mnist_similarity_detector.py | 17 ++--- examples/privacy/README.md | 33 ++++++++++ examples/privacy/__init__.py | 0 examples/privacy/diff_privacy/__init__.py | 0 .../diff_privacy}/dp_ada_gaussian_config.py | 2 +- .../diff_privacy}/dp_ada_sgd_graph_config.py | 2 +- .../privacy/diff_privacy}/lenet5_config.py | 2 +- .../privacy/diff_privacy}/lenet5_dp.py | 6 +- .../diff_privacy}/lenet5_dp_ada_gaussian.py | 6 +- .../diff_privacy}/lenet5_dp_ada_sgd_graph.py | 6 +- .../privacy/diff_privacy}/lenet5_dp_optimizer.py | 6 +- .../membership_inference_attack/__init__.py | 0 .../privacy/membership_inference_attack}/eval.py | 6 +- .../privacy/membership_inference_attack}/train.py | 14 ++-- .../vgg_cifar_attack.py | 14 ++-- .../adv_robustness/attacks/black/test_hsja.py | 4 +- .../adv_robustness/attacks/black/test_nes.py | 4 +- .../attacks/black/test_pointwise_attack.py | 4 +- .../ut/python/adv_robustness/attacks/test_lbfgs.py | 4 +- 66 files changed, 389 insertions(+), 345 deletions(-) delete mode 100644 example/membership_inference_demo/vgg/dataset.py delete mode 100644 example/mnist_demo/README.md create mode 100644 examples/README.md create mode 100644 examples/__init__.py create mode 100644 examples/ai_fuzzer/README.md create mode 100644 examples/ai_fuzzer/__init__.py rename {example/mnist_demo => examples/ai_fuzzer}/lenet5_mnist_coverage.py (89%) rename {example/mnist_demo => examples/ai_fuzzer}/lenet5_mnist_fuzzing.py (91%) create mode 100644 examples/common/__init__.py create mode 100644 examples/common/dataset/__init__.py rename {example => examples/common/dataset}/data_processing.py (52%) create mode 100644 examples/common/networks/__init__.py create mode 100644 examples/common/networks/lenet5/__init__.py rename {example/mnist_demo => examples/common/networks/lenet5}/lenet5_net.py (100%) rename {example/mnist_demo => examples/common/networks/lenet5}/mnist_train.py (93%) rename {example/membership_inference_demo => examples/common/networks}/vgg/__init__.py (100%) rename {example/membership_inference_demo => examples/common/networks}/vgg/config.py (100%) rename {example/membership_inference_demo => examples/common/networks}/vgg/crossentropy.py (100%) rename {example/membership_inference_demo => examples/common/networks}/vgg/linear_warmup.py (100%) create mode 100644 examples/common/networks/vgg/utils/__init__.py rename {example/membership_inference_demo => examples/common/networks}/vgg/utils/util.py (100%) rename {example/membership_inference_demo => examples/common/networks}/vgg/utils/var_init.py (99%) rename {example/membership_inference_demo => examples/common/networks}/vgg/vgg.py (100%) rename {example/membership_inference_demo => examples/common/networks}/vgg/warmup_cosine_annealing_lr.py (100%) rename {example/membership_inference_demo => examples/common/networks}/vgg/warmup_step_lr.py (100%) create mode 100644 examples/model_security/README.md create mode 100644 examples/model_security/__init__.py create mode 100644 examples/model_security/model_attacks/__init__.py create mode 100644 examples/model_security/model_attacks/black_box/__init__.py rename {example/mnist_demo => examples/model_security/model_attacks/black_box}/mnist_attack_genetic.py (92%) rename {example/mnist_demo => examples/model_security/model_attacks/black_box}/mnist_attack_hsja.py (93%) rename {example/mnist_demo => examples/model_security/model_attacks/black_box}/mnist_attack_nes.py (93%) rename {example/mnist_demo => examples/model_security/model_attacks/black_box}/mnist_attack_pointwise.py (93%) rename {example/mnist_demo => examples/model_security/model_attacks/black_box}/mnist_attack_pso.py (93%) rename {example/mnist_demo => examples/model_security/model_attacks/black_box}/mnist_attack_salt_and_pepper.py (93%) create mode 100644 examples/model_security/model_attacks/white_box/__init__.py rename {example/mnist_demo => examples/model_security/model_attacks/white_box}/mnist_attack_cw.py (92%) rename {example/mnist_demo => examples/model_security/model_attacks/white_box}/mnist_attack_deepfool.py (92%) rename {example/mnist_demo => examples/model_security/model_attacks/white_box}/mnist_attack_fgsm.py (92%) rename {example/mnist_demo => examples/model_security/model_attacks/white_box}/mnist_attack_jsma.py (92%) rename {example/mnist_demo => examples/model_security/model_attacks/white_box}/mnist_attack_lbfgs.py (93%) rename {example/mnist_demo => examples/model_security/model_attacks/white_box}/mnist_attack_mdi2fgsm.py (93%) rename {example/mnist_demo => examples/model_security/model_attacks/white_box}/mnist_attack_pgd.py (92%) create mode 100644 examples/model_security/model_defenses/__init__.py rename {example/mnist_demo => examples/model_security/model_defenses}/mnist_defense_nad.py (87%) rename {example/mnist_demo => examples/model_security/model_defenses}/mnist_evaluation.py (93%) rename {example/mnist_demo => examples/model_security/model_defenses}/mnist_similarity_detector.py (94%) create mode 100644 examples/privacy/README.md create mode 100644 examples/privacy/__init__.py create mode 100644 examples/privacy/diff_privacy/__init__.py rename {example/mnist_demo => examples/privacy/diff_privacy}/dp_ada_gaussian_config.py (95%) rename {example/mnist_demo => examples/privacy/diff_privacy}/dp_ada_sgd_graph_config.py (95%) rename {example/mnist_demo => examples/privacy/diff_privacy}/lenet5_config.py (96%) rename {example/mnist_demo => examples/privacy/diff_privacy}/lenet5_dp.py (97%) rename {example/mnist_demo => examples/privacy/diff_privacy}/lenet5_dp_ada_gaussian.py (97%) rename {example/mnist_demo => examples/privacy/diff_privacy}/lenet5_dp_ada_sgd_graph.py (97%) rename {example/mnist_demo => examples/privacy/diff_privacy}/lenet5_dp_optimizer.py (97%) create mode 100644 examples/privacy/membership_inference_attack/__init__.py rename {example/membership_inference_demo => examples/privacy/membership_inference_attack}/eval.py (96%) rename {example/membership_inference_demo => examples/privacy/membership_inference_attack}/train.py (94%) rename example/membership_inference_demo/main.py => examples/privacy/membership_inference_attack/vgg_cifar_attack.py (93%) diff --git a/.gitignore b/.gitignore index 6e6d669..60fdc56 100644 --- a/.gitignore +++ b/.gitignore @@ -13,7 +13,7 @@ build/ dist/ local_script/ example/dataset/ -example/mnist_demo/MNIST_unzip/ +example/mnist_demo/MNIST/ example/mnist_demo/trained_ckpt_file/ example/mnist_demo/model/ example/cifar_demo/model/ diff --git a/example/membership_inference_demo/vgg/dataset.py b/example/membership_inference_demo/vgg/dataset.py deleted file mode 100644 index f687a15..0000000 --- a/example/membership_inference_demo/vgg/dataset.py +++ /dev/null @@ -1,75 +0,0 @@ -# Copyright 2020 Huawei Technologies Co., Ltd -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. -# ============================================================================ -""" -dataset processing. -""" -import os -from mindspore.common import dtype as mstype -import mindspore.dataset as de -import mindspore.dataset.transforms.c_transforms as C -import mindspore.dataset.transforms.vision.c_transforms as vision - - -def vgg_create_dataset100(data_home, image_size, batch_size, rank_id=0, rank_size=1, repeat_num=1, - training=True, num_samples=None, shuffle=True): - """Data operations.""" - de.config.set_seed(1) - data_dir = os.path.join(data_home, "train") - if not training: - data_dir = os.path.join(data_home, "test") - - if num_samples is not None: - data_set = de.Cifar100Dataset(data_dir, num_shards=rank_size, shard_id=rank_id, - num_samples=num_samples, shuffle=shuffle) - else: - data_set = de.Cifar100Dataset(data_dir, num_shards=rank_size, shard_id=rank_id) - - input_columns = ["fine_label"] - output_columns = ["label"] - data_set = data_set.rename(input_columns=input_columns, output_columns=output_columns) - data_set = data_set.project(["image", "label"]) - - rescale = 1.0 / 255.0 - shift = 0.0 - - # define map operations - random_crop_op = vision.RandomCrop((32, 32), (4, 4, 4, 4)) # padding_mode default CONSTANT - random_horizontal_op = vision.RandomHorizontalFlip() - resize_op = vision.Resize(image_size) # interpolation default BILINEAR - rescale_op = vision.Rescale(rescale, shift) - normalize_op = vision.Normalize((0.4465, 0.4822, 0.4914), (0.2010, 0.1994, 0.2023)) - changeswap_op = vision.HWC2CHW() - type_cast_op = C.TypeCast(mstype.int32) - - c_trans = [] - if training: - c_trans = [random_crop_op, random_horizontal_op] - c_trans += [resize_op, rescale_op, normalize_op, - changeswap_op] - - # apply map operations on images - data_set = data_set.map(input_columns="label", operations=type_cast_op) - data_set = data_set.map(input_columns="image", operations=c_trans) - - # apply repeat operations - data_set = data_set.repeat(repeat_num) - - # apply shuffle operations - # data_set = data_set.shuffle(buffer_size=1000) - - # apply batch operations - data_set = data_set.batch(batch_size=batch_size, drop_remainder=True) - - return data_set diff --git a/example/mnist_demo/README.md b/example/mnist_demo/README.md deleted file mode 100644 index e2e1cbc..0000000 --- a/example/mnist_demo/README.md +++ /dev/null @@ -1,46 +0,0 @@ -# mnist demo -## Introduction - -The MNIST database of handwritten digits, available from this page, has a training set of 60,000 examples, and a test set of 10,000 examples. It is a subset of a larger set available from MNIST. The digits have been size-normalized and centered in a fixed-size image. - -## run demo - -### 1. download dataset -```sh -$ cd example/mnist_demo -$ mkdir MNIST_unzip -$ cd MNIST_unzip -$ mkdir train -$ mkdir test -$ cd train -$ wget "http://yann.lecun.com/exdb/mnist/train-images-idx3-ubyte.gz" -$ wget "http://yann.lecun.com/exdb/mnist/train-labels-idx1-ubyte.gz" -$ gzip train-images-idx3-ubyte.gz -d -$ gzip train-labels-idx1-ubyte.gz -d -$ cd ../test -$ wget "http://yann.lecun.com/exdb/mnist/t10k-images-idx3-ubyte.gz" -$ wget "http://yann.lecun.com/exdb/mnist/t10k-labels-idx1-ubyte.gz" -$ gzip t10k-images-idx3-ubyte.gz -d -$ gzip t10k-images-idx3-ubyte.gz -d -$ cd ../../ -``` - -### 1. trian model -```sh -$ python mnist_train.py - -``` - -### 2. run attack test -```sh -$ mkdir out.data -$ python mnist_attack_jsma.py - -``` - -### 3. run defense/detector test -```sh -$ python mnist_defense_nad.py -$ python mnist_similarity_detector.py - -``` diff --git a/examples/README.md b/examples/README.md new file mode 100644 index 0000000..f505333 --- /dev/null +++ b/examples/README.md @@ -0,0 +1,38 @@ +# Examples +## Introduction +This package includes application demos for all developed tools of MindArmour. Through these demos, you will soon + master those tools of MindArmour. Let's Start! + +## Preparation +Most of those demos are implemented based on LeNet5 and MNIST dataset. As a preparation, we should download MNIST and + train a LeNet5 model first. +### 1. download dataset +The MNIST database of handwritten digits has a training set of 60,000 examples, and a test set of 10,000 examples +. It is a subset of a larger set available from MNIST. The digits have been size-normalized and centered in a fixed-size image. + +```sh +$ cd examples/common/dataset +$ mkdir MNIST +$ cd MNIST +$ mkdir train +$ mkdir test +$ cd train +$ wget "http://yann.lecun.com/exdb/mnist/train-images-idx3-ubyte.gz" +$ wget "http://yann.lecun.com/exdb/mnist/train-labels-idx1-ubyte.gz" +$ gzip train-images-idx3-ubyte.gz -d +$ gzip train-labels-idx1-ubyte.gz -d +$ cd ../test +$ wget "http://yann.lecun.com/exdb/mnist/t10k-images-idx3-ubyte.gz" +$ wget "http://yann.lecun.com/exdb/mnist/t10k-labels-idx1-ubyte.gz" +$ gzip t10k-images-idx3-ubyte.gz -d +$ gzip t10k-images-idx3-ubyte.gz -d +``` + +### 2. trian LeNet5 model +After training the network, you will obtain a group of ckpt files. Those ckpt files save the trained model parameters + of LeNet5, which can be used in 'examples/ai_fuzzer' and 'examples/model_security'. +```sh +$ cd examples/common/networks/lenet5 +$ python mnist_train.py + +``` \ No newline at end of file diff --git a/examples/__init__.py b/examples/__init__.py new file mode 100644 index 0000000..fe1ff1d --- /dev/null +++ b/examples/__init__.py @@ -0,0 +1,16 @@ +# Copyright 2020 Huawei Technologies Co., Ltd +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +""" +This package includes real application examples for developed features of MindArmour. +""" diff --git a/examples/ai_fuzzer/README.md b/examples/ai_fuzzer/README.md new file mode 100644 index 0000000..22405b4 --- /dev/null +++ b/examples/ai_fuzzer/README.md @@ -0,0 +1,24 @@ +# Application demos of model fuzzing +## Introduction +The same as the traditional software fuzz testing, we can also design fuzz test for AI models. Compared to + branch coverage or line coverage of traditional software, some people propose the + concept of 'neuron coverage' based on the unique structure of deep neural network. We can use the neuron coverage + as a guide to search more metamorphic inputs to test our models. + +## 1. calculation of neuron coverage +There are three metrics proposed for evaluating the neuron coverage of a test:KMNC, NBC and SNAC. Usually we need to + feed all the training dataset into the model first, and record the output range of all neurons (however, only the last + layer of neurons are recorded in our method). In the testing phase, we feed test samples into the model, and + calculate those three metrics mentioned above according to those neurons' output distribution. +```sh +$ cd examples/ai_fuzzer/ +$ python lenet5_mnist_coverage.py +``` +## 2. fuzz test for AI model +We have provided several types of methods for manipulating metamorphic inputs: affine transformation, pixel + transformation and adversarial attacks. Usually we feed the original samples into the fuzz function as seeds, and + then metamorphic samples are generated through iterative manipulations. +```sh +$ cd examples/ai_fuzzer/ +$ python lenet5_mnist_fuzzing.py +``` \ No newline at end of file diff --git a/examples/ai_fuzzer/__init__.py b/examples/ai_fuzzer/__init__.py new file mode 100644 index 0000000..e69de29 diff --git a/example/mnist_demo/lenet5_mnist_coverage.py b/examples/ai_fuzzer/lenet5_mnist_coverage.py similarity index 89% rename from example/mnist_demo/lenet5_mnist_coverage.py rename to examples/ai_fuzzer/lenet5_mnist_coverage.py index b74c810..8b6234e 100644 --- a/example/mnist_demo/lenet5_mnist_coverage.py +++ b/examples/ai_fuzzer/lenet5_mnist_coverage.py @@ -11,21 +11,18 @@ # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. # See the License for the specific language governing permissions and # limitations under the License. -import sys - import numpy as np from mindspore import Model from mindspore import context from mindspore.nn import SoftmaxCrossEntropyWithLogits from mindspore.train.serialization import load_checkpoint, load_param_into_net -from lenet5_net import LeNet5 from mindarmour.adv_robustness.attacks import FastGradientSignMethod from mindarmour.fuzz_testing import ModelCoverageMetrics from mindarmour.utils.logger import LogUtil -sys.path.append("..") -from data_processing import generate_mnist_dataset +from examples.common.dataset.data_processing import generate_mnist_dataset +from examples.common.networks.lenet5.lenet5_net import LeNet5 LOGGER = LogUtil.get_instance() TAG = 'Neuron coverage test' @@ -34,14 +31,14 @@ LOGGER.set_level('INFO') def test_lenet_mnist_coverage(): # upload trained network - ckpt_name = './trained_ckpt_file/checkpoint_lenet-10_1875.ckpt' + ckpt_path = '../common/networks/lenet5/trained_ckpt_file/checkpoint_lenet-10_1875.ckpt' net = LeNet5() - load_dict = load_checkpoint(ckpt_name) + load_dict = load_checkpoint(ckpt_path) load_param_into_net(net, load_dict) model = Model(net) # get training data - data_list = "./MNIST_unzip/train" + data_list = "../common/dataset/MNIST/train" batch_size = 32 ds = generate_mnist_dataset(data_list, batch_size, sparse=True) train_images = [] @@ -55,7 +52,7 @@ def test_lenet_mnist_coverage(): # fuzz test with original test data # get test data - data_list = "./MNIST_unzip/test" + data_list = "../common/dataset/MNIST/test" batch_size = 32 ds = generate_mnist_dataset(data_list, batch_size, sparse=True) test_images = [] diff --git a/example/mnist_demo/lenet5_mnist_fuzzing.py b/examples/ai_fuzzer/lenet5_mnist_fuzzing.py similarity index 91% rename from example/mnist_demo/lenet5_mnist_fuzzing.py rename to examples/ai_fuzzer/lenet5_mnist_fuzzing.py index 0c042df..3fb9e4a 100644 --- a/example/mnist_demo/lenet5_mnist_fuzzing.py +++ b/examples/ai_fuzzer/lenet5_mnist_fuzzing.py @@ -11,20 +11,17 @@ # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. # See the License for the specific language governing permissions and # limitations under the License. -import sys - import numpy as np from mindspore import Model from mindspore import context from mindspore.train.serialization import load_checkpoint, load_param_into_net -from lenet5_net import LeNet5 from mindarmour.fuzz_testing import Fuzzer from mindarmour.fuzz_testing import ModelCoverageMetrics from mindarmour.utils.logger import LogUtil -sys.path.append("..") -from data_processing import generate_mnist_dataset +from examples.common.dataset.data_processing import generate_mnist_dataset +from examples.common.networks.lenet5.lenet5_net import LeNet5 LOGGER = LogUtil.get_instance() TAG = 'Fuzz_test' @@ -33,9 +30,9 @@ LOGGER.set_level('INFO') def test_lenet_mnist_fuzzing(): # upload trained network - ckpt_name = './trained_ckpt_file/checkpoint_lenet-10_1875.ckpt' + ckpt_path = '../common/networks/lenet5/trained_ckpt_file/checkpoint_lenet-10_1875.ckpt' net = LeNet5() - load_dict = load_checkpoint(ckpt_name) + load_dict = load_checkpoint(ckpt_path) load_param_into_net(net, load_dict) model = Model(net) mutate_config = [{'method': 'Blur', @@ -58,7 +55,7 @@ def test_lenet_mnist_fuzzing(): ] # get training data - data_list = "./MNIST_unzip/train" + data_list = "../common/dataset/MNIST/train" batch_size = 32 ds = generate_mnist_dataset(data_list, batch_size, sparse=False) train_images = [] @@ -72,7 +69,7 @@ def test_lenet_mnist_fuzzing(): # fuzz test with original test data # get test data - data_list = "./MNIST_unzip/test" + data_list = "../common/dataset/MNIST/test" batch_size = 32 ds = generate_mnist_dataset(data_list, batch_size, sparse=False) test_images = [] diff --git a/examples/common/__init__.py b/examples/common/__init__.py new file mode 100644 index 0000000..e69de29 diff --git a/examples/common/dataset/__init__.py b/examples/common/dataset/__init__.py new file mode 100644 index 0000000..e69de29 diff --git a/example/data_processing.py b/examples/common/dataset/data_processing.py similarity index 52% rename from example/data_processing.py rename to examples/common/dataset/data_processing.py index d1b93eb..b6ed93f 100644 --- a/example/data_processing.py +++ b/examples/common/dataset/data_processing.py @@ -11,10 +11,12 @@ # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. # See the License for the specific language governing permissions and # limitations under the License. +import os + import mindspore.dataset as ds -import mindspore.dataset.transforms.vision.c_transforms as CV +import mindspore.dataset.vision.c_transforms as CV import mindspore.dataset.transforms.c_transforms as C -from mindspore.dataset.transforms.vision import Inter +from mindspore.dataset.vision import Inter import mindspore.common.dtype as mstype @@ -60,3 +62,56 @@ def generate_mnist_dataset(data_path, batch_size=32, repeat_size=1, ds1 = ds1.repeat(repeat_size) return ds1 + + +def vgg_create_dataset100(data_home, image_size, batch_size, rank_id=0, rank_size=1, repeat_num=1, + training=True, num_samples=None, shuffle=True): + """Data operations.""" + ds.config.set_seed(1) + data_dir = os.path.join(data_home, "train") + if not training: + data_dir = os.path.join(data_home, "test") + + if num_samples is not None: + data_set = ds.Cifar100Dataset(data_dir, num_shards=rank_size, shard_id=rank_id, + num_samples=num_samples, shuffle=shuffle) + else: + data_set = ds.Cifar100Dataset(data_dir, num_shards=rank_size, shard_id=rank_id) + + input_columns = ["fine_label"] + output_columns = ["label"] + data_set = data_set.rename(input_columns=input_columns, output_columns=output_columns) + data_set = data_set.project(["image", "label"]) + + rescale = 1.0 / 255.0 + shift = 0.0 + + # define map operations + random_crop_op = CV.RandomCrop((32, 32), (4, 4, 4, 4)) # padding_mode default CONSTANT + random_horizontal_op = CV.RandomHorizontalFlip() + resize_op = CV.Resize(image_size) # interpolation default BILINEAR + rescale_op = CV.Rescale(rescale, shift) + normalize_op = CV.Normalize((0.4465, 0.4822, 0.4914), (0.2010, 0.1994, 0.2023)) + changeswap_op = CV.HWC2CHW() + type_cast_op = C.TypeCast(mstype.int32) + + c_trans = [] + if training: + c_trans = [random_crop_op, random_horizontal_op] + c_trans += [resize_op, rescale_op, normalize_op, + changeswap_op] + + # apply map operations on images + data_set = data_set.map(input_columns="label", operations=type_cast_op) + data_set = data_set.map(input_columns="image", operations=c_trans) + + # apply repeat operations + data_set = data_set.repeat(repeat_num) + + # apply shuffle operations + # data_set = data_set.shuffle(buffer_size=1000) + + # apply batch operations + data_set = data_set.batch(batch_size=batch_size, drop_remainder=True) + + return data_set diff --git a/examples/common/networks/__init__.py b/examples/common/networks/__init__.py new file mode 100644 index 0000000..e69de29 diff --git a/examples/common/networks/lenet5/__init__.py b/examples/common/networks/lenet5/__init__.py new file mode 100644 index 0000000..e69de29 diff --git a/example/mnist_demo/lenet5_net.py b/examples/common/networks/lenet5/lenet5_net.py similarity index 100% rename from example/mnist_demo/lenet5_net.py rename to examples/common/networks/lenet5/lenet5_net.py diff --git a/example/mnist_demo/mnist_train.py b/examples/common/networks/lenet5/mnist_train.py similarity index 93% rename from example/mnist_demo/mnist_train.py rename to examples/common/networks/lenet5/mnist_train.py index ea86c4f..9b9d1ca 100644 --- a/example/mnist_demo/mnist_train.py +++ b/examples/common/networks/lenet5/mnist_train.py @@ -12,7 +12,6 @@ # See the License for the specific language governing permissions and # limitations under the License. import os -import sys import mindspore.nn as nn from mindspore import context @@ -21,11 +20,11 @@ from mindspore.train import Model from mindspore.train.callback import ModelCheckpoint, CheckpointConfig, LossMonitor from mindspore.train.serialization import load_checkpoint, load_param_into_net -from lenet5_net import LeNet5 from mindarmour.utils.logger import LogUtil -sys.path.append("..") -from data_processing import generate_mnist_dataset +from examples.common.dataset.data_processing import generate_mnist_dataset +from examples.common.networks.lenet5.lenet5_net import LeNet5 + LOGGER = LogUtil.get_instance() LOGGER.set_level('INFO') @@ -33,7 +32,7 @@ TAG = "Lenet5_train" def mnist_train(epoch_size, batch_size, lr, momentum): - mnist_path = "./MNIST_unzip/" + mnist_path = "../../dataset/MNIST" ds = generate_mnist_dataset(os.path.join(mnist_path, "train"), batch_size=batch_size, repeat_size=1) diff --git a/example/membership_inference_demo/vgg/__init__.py b/examples/common/networks/vgg/__init__.py similarity index 100% rename from example/membership_inference_demo/vgg/__init__.py rename to examples/common/networks/vgg/__init__.py diff --git a/example/membership_inference_demo/vgg/config.py b/examples/common/networks/vgg/config.py similarity index 100% rename from example/membership_inference_demo/vgg/config.py rename to examples/common/networks/vgg/config.py diff --git a/example/membership_inference_demo/vgg/crossentropy.py b/examples/common/networks/vgg/crossentropy.py similarity index 100% rename from example/membership_inference_demo/vgg/crossentropy.py rename to examples/common/networks/vgg/crossentropy.py diff --git a/example/membership_inference_demo/vgg/linear_warmup.py b/examples/common/networks/vgg/linear_warmup.py similarity index 100% rename from example/membership_inference_demo/vgg/linear_warmup.py rename to examples/common/networks/vgg/linear_warmup.py diff --git a/examples/common/networks/vgg/utils/__init__.py b/examples/common/networks/vgg/utils/__init__.py new file mode 100644 index 0000000..e69de29 diff --git a/example/membership_inference_demo/vgg/utils/util.py b/examples/common/networks/vgg/utils/util.py similarity index 100% rename from example/membership_inference_demo/vgg/utils/util.py rename to examples/common/networks/vgg/utils/util.py diff --git a/example/membership_inference_demo/vgg/utils/var_init.py b/examples/common/networks/vgg/utils/var_init.py similarity index 99% rename from example/membership_inference_demo/vgg/utils/var_init.py rename to examples/common/networks/vgg/utils/var_init.py index 053e6d0..ef8d190 100644 --- a/example/membership_inference_demo/vgg/utils/var_init.py +++ b/examples/common/networks/vgg/utils/var_init.py @@ -21,6 +21,7 @@ import numpy as np import mindspore.nn as nn from mindspore.common import initializer as init + def _calculate_gain(nonlinearity, param=None): r""" Return the recommended gain value for the given nonlinearity function. @@ -62,6 +63,7 @@ def _calculate_gain(nonlinearity, param=None): raise ValueError("Unsupported nonlinearity {}".format(nonlinearity)) + def _assignment(arr, num): """Assign the value of `num` to `arr`.""" if arr.shape == (): @@ -75,6 +77,7 @@ def _assignment(arr, num): arr[:] = num return arr + def _calculate_in_and_out(arr): """ Calculate n_in and n_out. @@ -98,6 +101,7 @@ def _calculate_in_and_out(arr): n_out *= counter return n_in, n_out + def _select_fan(array, mode): mode = mode.lower() valid_modes = ['fan_in', 'fan_out'] @@ -107,6 +111,7 @@ def _select_fan(array, mode): fan_in, fan_out = _calculate_in_and_out(array) return fan_in if mode == 'fan_in' else fan_out + class KaimingInit(init.Initializer): r""" Base Class. Initialize the array with He kaiming algorithm. diff --git a/example/membership_inference_demo/vgg/vgg.py b/examples/common/networks/vgg/vgg.py similarity index 100% rename from example/membership_inference_demo/vgg/vgg.py rename to examples/common/networks/vgg/vgg.py diff --git a/example/membership_inference_demo/vgg/warmup_cosine_annealing_lr.py b/examples/common/networks/vgg/warmup_cosine_annealing_lr.py similarity index 100% rename from example/membership_inference_demo/vgg/warmup_cosine_annealing_lr.py rename to examples/common/networks/vgg/warmup_cosine_annealing_lr.py diff --git a/example/membership_inference_demo/vgg/warmup_step_lr.py b/examples/common/networks/vgg/warmup_step_lr.py similarity index 100% rename from example/membership_inference_demo/vgg/warmup_step_lr.py rename to examples/common/networks/vgg/warmup_step_lr.py diff --git a/examples/model_security/README.md b/examples/model_security/README.md new file mode 100644 index 0000000..ae03997 --- /dev/null +++ b/examples/model_security/README.md @@ -0,0 +1,40 @@ +# Application demos of model security +## Introduction +It has been proved that AI models are vulnerable to adversarial noise that invisible to human eye. Through those + demos in this package, you will learn to use the tools provided by MindArmour to generate adversarial samples and + also improve the robustness of your model. + +## 1. Generate adversarial samples (Attack method) +Attack methods can be classified into white box attack and black box attack. White-box attack means that the attacker + is accessible to the model structure and its parameters. Black-box means that the attacker can only obtain the predict + results of the + target model. +### white-box attack +Running the classical attack method: FGSM-Attack. +```sh +$ cd examples/model_security/model_attacks/white-box +$ python mnist_attack_fgsm.py +``` +### black-box attack +Running the classical black method: PSO-Attack. +```sh +$ cd examples/model_security/model_attacks/black-box +$ python mnist_attack_pso.py +``` +## 2. Improve the robustness of models +### adversarial training +Adversarial training is an effective method to enhance the model's robustness to attacks, in which generated + adversarial samples are fed into the model for retraining. + ```sh +$ cd examples/model_security/model_defenses +$ python mnist_defense_nad.py +``` +### adversarial detection +Besides adversarial training, there is another type of defense method: adversarial detection. This method is mainly + for black-box attack. The reason is that black-box attacks usually require frequent queries to the model, and the + difference between adjacent queries input is small. The detection algorithm could analyze the similarity of a series + of queries and recognize the attack. + ```sh +$ cd examples/model_security/model_defenses +$ python mnist_similarity_detector.py +``` \ No newline at end of file diff --git a/examples/model_security/__init__.py b/examples/model_security/__init__.py new file mode 100644 index 0000000..e69de29 diff --git a/examples/model_security/model_attacks/__init__.py b/examples/model_security/model_attacks/__init__.py new file mode 100644 index 0000000..e69de29 diff --git a/examples/model_security/model_attacks/black_box/__init__.py b/examples/model_security/model_attacks/black_box/__init__.py new file mode 100644 index 0000000..e69de29 diff --git a/example/mnist_demo/mnist_attack_genetic.py b/examples/model_security/model_attacks/black_box/mnist_attack_genetic.py similarity index 92% rename from example/mnist_demo/mnist_attack_genetic.py rename to examples/model_security/model_attacks/black_box/mnist_attack_genetic.py index e30ab59..be34e27 100644 --- a/example/mnist_demo/mnist_attack_genetic.py +++ b/examples/model_security/model_attacks/black_box/mnist_attack_genetic.py @@ -11,24 +11,21 @@ # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. # See the License for the specific language governing permissions and # limitations under the License. -import sys import time - +from scipy.special import softmax import numpy as np + from mindspore import Tensor from mindspore import context from mindspore.train.serialization import load_checkpoint, load_param_into_net -from scipy.special import softmax -from lenet5_net import LeNet5 -from mindarmour.adv_robustness.attacks import BlackModel +from mindarmour.adv_robustness.attacks.black.black_model import BlackModel from mindarmour.adv_robustness.attacks.black.genetic_attack import GeneticAttack from mindarmour.adv_robustness.evaluations import AttackEvaluate from mindarmour.utils.logger import LogUtil - -sys.path.append("..") -from data_processing import generate_mnist_dataset +from examples.common.dataset.data_processing import generate_mnist_dataset +from examples.common.networks.lenet5.lenet5_net import LeNet5 LOGGER = LogUtil.get_instance() LOGGER.set_level('INFO') @@ -53,13 +50,13 @@ def test_genetic_attack_on_mnist(): Genetic-Attack test """ # upload trained network - ckpt_name = './trained_ckpt_file/checkpoint_lenet-10_1875.ckpt' + ckpt_path = '../../../common/networks/lenet5/trained_ckpt_file/checkpoint_lenet-10_1875.ckpt' net = LeNet5() - load_dict = load_checkpoint(ckpt_name) + load_dict = load_checkpoint(ckpt_path) load_param_into_net(net, load_dict) # get test data - data_list = "./MNIST_unzip/test" + data_list = "../../../common/dataset/MNIST/test" batch_size = 32 ds = generate_mnist_dataset(data_list, batch_size=batch_size) diff --git a/example/mnist_demo/mnist_attack_hsja.py b/examples/model_security/model_attacks/black_box/mnist_attack_hsja.py similarity index 93% rename from example/mnist_demo/mnist_attack_hsja.py rename to examples/model_security/model_attacks/black_box/mnist_attack_hsja.py index a30b1eb..7f02568 100644 --- a/example/mnist_demo/mnist_attack_hsja.py +++ b/examples/model_security/model_attacks/black_box/mnist_attack_hsja.py @@ -11,20 +11,18 @@ # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. # See the License for the specific language governing permissions and # limitations under the License. -import sys - import numpy as np + from mindspore import Tensor from mindspore import context from mindspore.train.serialization import load_checkpoint, load_param_into_net -from lenet5_net import LeNet5 from mindarmour import BlackModel from mindarmour.adv_robustness.attacks import HopSkipJumpAttack from mindarmour.utils.logger import LogUtil -sys.path.append("..") -from data_processing import generate_mnist_dataset +from examples.common.dataset.data_processing import generate_mnist_dataset +from examples.common.networks.lenet5.lenet5_net import LeNet5 LOGGER = LogUtil.get_instance() LOGGER.set_level('INFO') @@ -72,14 +70,14 @@ def test_hsja_mnist_attack(): hsja-Attack test """ # upload trained network - ckpt_name = './trained_ckpt_file/checkpoint_lenet-10_1875.ckpt' + ckpt_path = '../../../common/networks/lenet5/trained_ckpt_file/checkpoint_lenet-10_1875.ckpt' net = LeNet5() - load_dict = load_checkpoint(ckpt_name) + load_dict = load_checkpoint(ckpt_path) load_param_into_net(net, load_dict) net.set_train(False) # get test data - data_list = "./MNIST_unzip/test" + data_list = "../../../common/dataset/MNIST/test" batch_size = 32 ds = generate_mnist_dataset(data_list, batch_size=batch_size) diff --git a/example/mnist_demo/mnist_attack_nes.py b/examples/model_security/model_attacks/black_box/mnist_attack_nes.py similarity index 93% rename from example/mnist_demo/mnist_attack_nes.py rename to examples/model_security/model_attacks/black_box/mnist_attack_nes.py index 7d24eff..bdde962 100644 --- a/example/mnist_demo/mnist_attack_nes.py +++ b/examples/model_security/model_attacks/black_box/mnist_attack_nes.py @@ -11,21 +11,18 @@ # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. # See the License for the specific language governing permissions and # limitations under the License. -import sys - import numpy as np + from mindspore import Tensor from mindspore import context from mindspore.train.serialization import load_checkpoint, load_param_into_net -from lenet5_net import LeNet5 from mindarmour import BlackModel from mindarmour.adv_robustness.attacks import NES from mindarmour.utils.logger import LogUtil -sys.path.append("..") -from data_processing import generate_mnist_dataset - +from examples.common.dataset.data_processing import generate_mnist_dataset +from examples.common.networks.lenet5.lenet5_net import LeNet5 LOGGER = LogUtil.get_instance() LOGGER.set_level('INFO') @@ -82,14 +79,14 @@ def test_nes_mnist_attack(): hsja-Attack test """ # upload trained network - ckpt_name = './trained_ckpt_file/checkpoint_lenet-10_1875.ckpt' + ckpt_path = '../../../common/networks/lenet5/trained_ckpt_file/checkpoint_lenet-10_1875.ckpt' net = LeNet5() - load_dict = load_checkpoint(ckpt_name) + load_dict = load_checkpoint(ckpt_path) load_param_into_net(net, load_dict) net.set_train(False) # get test data - data_list = "./MNIST_unzip/test" + data_list = "../../../common/dataset/MNIST/test" batch_size = 32 ds = generate_mnist_dataset(data_list, batch_size=batch_size) diff --git a/example/mnist_demo/mnist_attack_pointwise.py b/examples/model_security/model_attacks/black_box/mnist_attack_pointwise.py similarity index 93% rename from example/mnist_demo/mnist_attack_pointwise.py rename to examples/model_security/model_attacks/black_box/mnist_attack_pointwise.py index d4099d5..febe94c 100644 --- a/example/mnist_demo/mnist_attack_pointwise.py +++ b/examples/model_security/model_attacks/black_box/mnist_attack_pointwise.py @@ -11,22 +11,20 @@ # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. # See the License for the specific language governing permissions and # limitations under the License. -import sys - import numpy as np +from scipy.special import softmax + from mindspore import Tensor from mindspore import context from mindspore.train.serialization import load_checkpoint, load_param_into_net -from scipy.special import softmax -from lenet5_net import LeNet5 from mindarmour import BlackModel from mindarmour.adv_robustness.attacks import PointWiseAttack from mindarmour.adv_robustness.evaluations import AttackEvaluate from mindarmour.utils.logger import LogUtil -sys.path.append("..") -from data_processing import generate_mnist_dataset +from examples.common.dataset.data_processing import generate_mnist_dataset +from examples.common.networks.lenet5.lenet5_net import LeNet5 LOGGER = LogUtil.get_instance() TAG = 'Pointwise_Attack' @@ -53,13 +51,13 @@ def test_pointwise_attack_on_mnist(): Salt-and-Pepper-Attack test """ # upload trained network - ckpt_name = './trained_ckpt_file/checkpoint_lenet-10_1875.ckpt' + ckpt_path = '../../../common/networks/lenet5/trained_ckpt_file/checkpoint_lenet-10_1875.ckpt' net = LeNet5() - load_dict = load_checkpoint(ckpt_name) + load_dict = load_checkpoint(ckpt_path) load_param_into_net(net, load_dict) # get test data - data_list = "./MNIST_unzip/test" + data_list = "../../../common/dataset/MNIST/test" batch_size = 32 ds = generate_mnist_dataset(data_list, batch_size=batch_size) diff --git a/example/mnist_demo/mnist_attack_pso.py b/examples/model_security/model_attacks/black_box/mnist_attack_pso.py similarity index 93% rename from example/mnist_demo/mnist_attack_pso.py rename to examples/model_security/model_attacks/black_box/mnist_attack_pso.py index cbcc239..997cfa5 100644 --- a/example/mnist_demo/mnist_attack_pso.py +++ b/examples/model_security/model_attacks/black_box/mnist_attack_pso.py @@ -11,24 +11,21 @@ # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. # See the License for the specific language governing permissions and # limitations under the License. -import sys import time - import numpy as np +from scipy.special import softmax + from mindspore import Tensor from mindspore import context from mindspore.train.serialization import load_checkpoint, load_param_into_net -from scipy.special import softmax -from lenet5_net import LeNet5 from mindarmour import BlackModel from mindarmour.adv_robustness.attacks.black.pso_attack import PSOAttack from mindarmour.adv_robustness.evaluations import AttackEvaluate from mindarmour.utils.logger import LogUtil - -sys.path.append("..") -from data_processing import generate_mnist_dataset +from examples.common.dataset.data_processing import generate_mnist_dataset +from examples.common.networks.lenet5.lenet5_net import LeNet5 LOGGER = LogUtil.get_instance() LOGGER.set_level('INFO') @@ -53,13 +50,13 @@ def test_pso_attack_on_mnist(): PSO-Attack test """ # upload trained network - ckpt_name = './trained_ckpt_file/checkpoint_lenet-10_1875.ckpt' + ckpt_path = '../../../common/networks/lenet5/trained_ckpt_file/checkpoint_lenet-10_1875.ckpt' net = LeNet5() - load_dict = load_checkpoint(ckpt_name) + load_dict = load_checkpoint(ckpt_path) load_param_into_net(net, load_dict) # get test data - data_list = "./MNIST_unzip/test" + data_list = "../../../common/dataset/MNIST/test" batch_size = 32 ds = generate_mnist_dataset(data_list, batch_size=batch_size) diff --git a/example/mnist_demo/mnist_attack_salt_and_pepper.py b/examples/model_security/model_attacks/black_box/mnist_attack_salt_and_pepper.py similarity index 93% rename from example/mnist_demo/mnist_attack_salt_and_pepper.py rename to examples/model_security/model_attacks/black_box/mnist_attack_salt_and_pepper.py index ec5068f..ec813bc 100644 --- a/example/mnist_demo/mnist_attack_salt_and_pepper.py +++ b/examples/model_security/model_attacks/black_box/mnist_attack_salt_and_pepper.py @@ -11,22 +11,20 @@ # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. # See the License for the specific language governing permissions and # limitations under the License. -import sys - import numpy as np +from scipy.special import softmax + from mindspore import Tensor from mindspore import context from mindspore.train.serialization import load_checkpoint, load_param_into_net -from scipy.special import softmax -from lenet5_net import LeNet5 from mindarmour import BlackModel from mindarmour.adv_robustness.attacks import SaltAndPepperNoiseAttack from mindarmour.adv_robustness.evaluations import AttackEvaluate from mindarmour.utils.logger import LogUtil -sys.path.append("..") -from data_processing import generate_mnist_dataset +from examples.common.dataset.data_processing import generate_mnist_dataset +from examples.common.networks.lenet5.lenet5_net import LeNet5 LOGGER = LogUtil.get_instance() TAG = 'Salt_and_Pepper_Attack' @@ -53,13 +51,13 @@ def test_salt_and_pepper_attack_on_mnist(): Salt-and-Pepper-Attack test """ # upload trained network - ckpt_name = './trained_ckpt_file/checkpoint_lenet-10_1875.ckpt' + ckpt_path = '../../../common/networks/lenet5/trained_ckpt_file/checkpoint_lenet-10_1875.ckpt' net = LeNet5() - load_dict = load_checkpoint(ckpt_name) + load_dict = load_checkpoint(ckpt_path) load_param_into_net(net, load_dict) # get test data - data_list = "./MNIST_unzip/test" + data_list = "../../../common/dataset/MNIST/test" batch_size = 32 ds = generate_mnist_dataset(data_list, batch_size=batch_size) diff --git a/examples/model_security/model_attacks/white_box/__init__.py b/examples/model_security/model_attacks/white_box/__init__.py new file mode 100644 index 0000000..e69de29 diff --git a/example/mnist_demo/mnist_attack_cw.py b/examples/model_security/model_attacks/white_box/mnist_attack_cw.py similarity index 92% rename from example/mnist_demo/mnist_attack_cw.py rename to examples/model_security/model_attacks/white_box/mnist_attack_cw.py index 7f1a996..65602c7 100644 --- a/example/mnist_demo/mnist_attack_cw.py +++ b/examples/model_security/model_attacks/white_box/mnist_attack_cw.py @@ -11,24 +11,21 @@ # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. # See the License for the specific language governing permissions and # limitations under the License. -import sys import time - import numpy as np +from scipy.special import softmax + from mindspore import Model from mindspore import Tensor from mindspore import context from mindspore.train.serialization import load_checkpoint, load_param_into_net -from scipy.special import softmax -from lenet5_net import LeNet5 from mindarmour.adv_robustness.attacks import CarliniWagnerL2Attack from mindarmour.adv_robustness.evaluations import AttackEvaluate from mindarmour.utils.logger import LogUtil - -sys.path.append("..") -from data_processing import generate_mnist_dataset +from examples.common.networks.lenet5.lenet5_net import LeNet5 +from examples.common.dataset.data_processing import generate_mnist_dataset LOGGER = LogUtil.get_instance() LOGGER.set_level('INFO') @@ -40,13 +37,13 @@ def test_carlini_wagner_attack(): CW-Attack test """ # upload trained network - ckpt_name = './trained_ckpt_file/checkpoint_lenet-10_1875.ckpt' + ckpt_path = '../../../common/networks/lenet5/trained_ckpt_file/checkpoint_lenet-10_1875.ckpt' net = LeNet5() - load_dict = load_checkpoint(ckpt_name) + load_dict = load_checkpoint(ckpt_path) load_param_into_net(net, load_dict) # get test data - data_list = "./MNIST_unzip/test" + data_list = "../../../common/dataset/MNIST/test" batch_size = 32 ds = generate_mnist_dataset(data_list, batch_size=batch_size) diff --git a/example/mnist_demo/mnist_attack_deepfool.py b/examples/model_security/model_attacks/white_box/mnist_attack_deepfool.py similarity index 92% rename from example/mnist_demo/mnist_attack_deepfool.py rename to examples/model_security/model_attacks/white_box/mnist_attack_deepfool.py index 3d0da97..3fccbf1 100644 --- a/example/mnist_demo/mnist_attack_deepfool.py +++ b/examples/model_security/model_attacks/white_box/mnist_attack_deepfool.py @@ -11,24 +11,21 @@ # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. # See the License for the specific language governing permissions and # limitations under the License. -import sys import time - import numpy as np +from scipy.special import softmax + from mindspore import Model from mindspore import Tensor from mindspore import context from mindspore.train.serialization import load_checkpoint, load_param_into_net -from scipy.special import softmax -from lenet5_net import LeNet5 from mindarmour.adv_robustness.attacks.deep_fool import DeepFool from mindarmour.adv_robustness.evaluations import AttackEvaluate from mindarmour.utils.logger import LogUtil - -sys.path.append("..") -from data_processing import generate_mnist_dataset +from examples.common.networks.lenet5.lenet5_net import LeNet5 +from examples.common.dataset.data_processing import generate_mnist_dataset LOGGER = LogUtil.get_instance() LOGGER.set_level('INFO') @@ -40,13 +37,13 @@ def test_deepfool_attack(): DeepFool-Attack test """ # upload trained network - ckpt_name = './trained_ckpt_file/checkpoint_lenet-10_1875.ckpt' + ckpt_path = '../../../common/networks/lenet5/trained_ckpt_file/checkpoint_lenet-10_1875.ckpt' net = LeNet5() - load_dict = load_checkpoint(ckpt_name) + load_dict = load_checkpoint(ckpt_path) load_param_into_net(net, load_dict) # get test data - data_list = "./MNIST_unzip/test" + data_list = "../../../common/dataset/MNIST/test" batch_size = 32 ds = generate_mnist_dataset(data_list, batch_size=batch_size) diff --git a/example/mnist_demo/mnist_attack_fgsm.py b/examples/model_security/model_attacks/white_box/mnist_attack_fgsm.py similarity index 92% rename from example/mnist_demo/mnist_attack_fgsm.py rename to examples/model_security/model_attacks/white_box/mnist_attack_fgsm.py index f735c9d..cbeeeeb 100644 --- a/example/mnist_demo/mnist_attack_fgsm.py +++ b/examples/model_security/model_attacks/white_box/mnist_attack_fgsm.py @@ -11,25 +11,22 @@ # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. # See the License for the specific language governing permissions and # limitations under the License. -import sys import time - import numpy as np +from scipy.special import softmax + from mindspore import Model from mindspore import Tensor from mindspore import context from mindspore.train.serialization import load_checkpoint, load_param_into_net from mindspore.nn import SoftmaxCrossEntropyWithLogits -from scipy.special import softmax -from lenet5_net import LeNet5 from mindarmour.adv_robustness.attacks import FastGradientSignMethod from mindarmour.adv_robustness.evaluations import AttackEvaluate from mindarmour.utils.logger import LogUtil - -sys.path.append("..") -from data_processing import generate_mnist_dataset +from examples.common.networks.lenet5.lenet5_net import LeNet5 +from examples.common.dataset.data_processing import generate_mnist_dataset LOGGER = LogUtil.get_instance() LOGGER.set_level('INFO') @@ -41,13 +38,13 @@ def test_fast_gradient_sign_method(): FGSM-Attack test for CPU device. """ # upload trained network - ckpt_name = './trained_ckpt_file/checkpoint_lenet-10_1875.ckpt' + ckpt_path = '../../../common/networks/lenet5/trained_ckpt_file/checkpoint_lenet-10_1875.ckpt' net = LeNet5() - load_dict = load_checkpoint(ckpt_name) + load_dict = load_checkpoint(ckpt_path) load_param_into_net(net, load_dict) # get test data - data_list = "./MNIST_unzip/test" + data_list = "../../../common/dataset/MNIST/test" batch_size = 32 ds = generate_mnist_dataset(data_list, batch_size) diff --git a/example/mnist_demo/mnist_attack_jsma.py b/examples/model_security/model_attacks/white_box/mnist_attack_jsma.py similarity index 92% rename from example/mnist_demo/mnist_attack_jsma.py rename to examples/model_security/model_attacks/white_box/mnist_attack_jsma.py index 14e5d86..7f8f536 100644 --- a/example/mnist_demo/mnist_attack_jsma.py +++ b/examples/model_security/model_attacks/white_box/mnist_attack_jsma.py @@ -11,26 +11,21 @@ # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. # See the License for the specific language governing permissions and # limitations under the License. -import sys import time - import numpy as np +from scipy.special import softmax + from mindspore import Model from mindspore import Tensor from mindspore import context from mindspore.train.serialization import load_checkpoint, load_param_into_net -from scipy.special import softmax -from lenet5_net import LeNet5 from mindarmour.adv_robustness.attacks import JSMAAttack from mindarmour.adv_robustness.evaluations import AttackEvaluate from mindarmour.utils.logger import LogUtil - - - -sys.path.append("..") -from data_processing import generate_mnist_dataset +from examples.common.dataset.data_processing import generate_mnist_dataset +from examples.common.networks.lenet5.lenet5_net import LeNet5 LOGGER = LogUtil.get_instance() LOGGER.set_level('INFO') @@ -42,13 +37,13 @@ def test_jsma_attack(): JSMA-Attack test """ # upload trained network - ckpt_name = './trained_ckpt_file/checkpoint_lenet-10_1875.ckpt' + ckpt_path = '../../../common/networks/lenet5/trained_ckpt_file/checkpoint_lenet-10_1875.ckpt' net = LeNet5() - load_dict = load_checkpoint(ckpt_name) + load_dict = load_checkpoint(ckpt_path) load_param_into_net(net, load_dict) # get test data - data_list = "./MNIST_unzip/test" + data_list = "../../../common/dataset/MNIST/test" batch_size = 32 ds = generate_mnist_dataset(data_list, batch_size=batch_size) diff --git a/example/mnist_demo/mnist_attack_lbfgs.py b/examples/model_security/model_attacks/white_box/mnist_attack_lbfgs.py similarity index 93% rename from example/mnist_demo/mnist_attack_lbfgs.py rename to examples/model_security/model_attacks/white_box/mnist_attack_lbfgs.py index 259c593..dd0a775 100644 --- a/example/mnist_demo/mnist_attack_lbfgs.py +++ b/examples/model_security/model_attacks/white_box/mnist_attack_lbfgs.py @@ -11,25 +11,22 @@ # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. # See the License for the specific language governing permissions and # limitations under the License. -import sys import time - import numpy as np +from scipy.special import softmax + from mindspore import Model from mindspore import Tensor from mindspore import context from mindspore.train.serialization import load_checkpoint, load_param_into_net from mindspore.nn import SoftmaxCrossEntropyWithLogits -from scipy.special import softmax -from lenet5_net import LeNet5 from mindarmour.adv_robustness.attacks import LBFGS from mindarmour.adv_robustness.evaluations import AttackEvaluate from mindarmour.utils.logger import LogUtil - -sys.path.append("..") -from data_processing import generate_mnist_dataset +from examples.common.networks.lenet5.lenet5_net import LeNet5 +from examples.common.dataset.data_processing import generate_mnist_dataset LOGGER = LogUtil.get_instance() LOGGER.set_level('INFO') @@ -41,13 +38,13 @@ def test_lbfgs_attack(): LBFGS-Attack test for CPU device. """ # upload trained network - ckpt_name = './trained_ckpt_file/checkpoint_lenet-10_1875.ckpt' + ckpt_path = '../../../common/networks/lenet5/trained_ckpt_file/checkpoint_lenet-10_1875.ckpt' net = LeNet5() - load_dict = load_checkpoint(ckpt_name) + load_dict = load_checkpoint(ckpt_path) load_param_into_net(net, load_dict) # get test data - data_list = "./MNIST_unzip/test" + data_list = "../../../common/dataset/MNIST/test" batch_size = 32 ds = generate_mnist_dataset(data_list, batch_size=batch_size) diff --git a/example/mnist_demo/mnist_attack_mdi2fgsm.py b/examples/model_security/model_attacks/white_box/mnist_attack_mdi2fgsm.py similarity index 93% rename from example/mnist_demo/mnist_attack_mdi2fgsm.py rename to examples/model_security/model_attacks/white_box/mnist_attack_mdi2fgsm.py index 90e317d..ed2334b 100644 --- a/example/mnist_demo/mnist_attack_mdi2fgsm.py +++ b/examples/model_security/model_attacks/white_box/mnist_attack_mdi2fgsm.py @@ -11,25 +11,22 @@ # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. # See the License for the specific language governing permissions and # limitations under the License. -import sys import time - import numpy as np +from scipy.special import softmax + from mindspore import Model from mindspore import Tensor from mindspore import context from mindspore.train.serialization import load_checkpoint, load_param_into_net from mindspore.nn import SoftmaxCrossEntropyWithLogits -from scipy.special import softmax -from lenet5_net import LeNet5 from mindarmour.adv_robustness.attacks import MomentumDiverseInputIterativeMethod from mindarmour.adv_robustness.evaluations import AttackEvaluate from mindarmour.utils.logger import LogUtil - -sys.path.append("..") -from data_processing import generate_mnist_dataset +from examples.common.dataset.data_processing import generate_mnist_dataset +from examples.common.networks.lenet5.lenet5_net import LeNet5 LOGGER = LogUtil.get_instance() TAG = 'M_DI2_FGSM_Test' @@ -42,13 +39,13 @@ def test_momentum_diverse_input_iterative_method(): """ context.set_context(mode=context.GRAPH_MODE, device_target="CPU") # upload trained network - ckpt_name = './trained_ckpt_file/checkpoint_lenet-10_1875.ckpt' + ckpt_path = '../../../common/networks/lenet5/trained_ckpt_file/checkpoint_lenet-10_1875.ckpt' net = LeNet5() - load_dict = load_checkpoint(ckpt_name) + load_dict = load_checkpoint(ckpt_path) load_param_into_net(net, load_dict) # get test data - data_list = "./MNIST_unzip/test" + data_list = "../../../common/dataset/MNIST/test" batch_size = 32 ds = generate_mnist_dataset(data_list, batch_size) diff --git a/example/mnist_demo/mnist_attack_pgd.py b/examples/model_security/model_attacks/white_box/mnist_attack_pgd.py similarity index 92% rename from example/mnist_demo/mnist_attack_pgd.py rename to examples/model_security/model_attacks/white_box/mnist_attack_pgd.py index 5f3851a..11ea3f3 100644 --- a/example/mnist_demo/mnist_attack_pgd.py +++ b/examples/model_security/model_attacks/white_box/mnist_attack_pgd.py @@ -11,25 +11,22 @@ # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. # See the License for the specific language governing permissions and # limitations under the License. -import sys import time - import numpy as np +from scipy.special import softmax + from mindspore import Model from mindspore import Tensor from mindspore import context from mindspore.train.serialization import load_checkpoint, load_param_into_net from mindspore.nn import SoftmaxCrossEntropyWithLogits -from scipy.special import softmax -from lenet5_net import LeNet5 from mindarmour.adv_robustness.attacks import ProjectedGradientDescent from mindarmour.adv_robustness.evaluations import AttackEvaluate from mindarmour.utils.logger import LogUtil - -sys.path.append("..") -from data_processing import generate_mnist_dataset +from examples.common.dataset.data_processing import generate_mnist_dataset +from examples.common.networks.lenet5.lenet5_net import LeNet5 LOGGER = LogUtil.get_instance() LOGGER.set_level('INFO') @@ -41,13 +38,13 @@ def test_projected_gradient_descent_method(): PGD-Attack test for CPU device. """ # upload trained network - ckpt_name = './trained_ckpt_file/checkpoint_lenet-10_1875.ckpt' + ckpt_path = '../../../common/networks/lenet5/trained_ckpt_file/checkpoint_lenet-10_1875.ckpt' net = LeNet5() - load_dict = load_checkpoint(ckpt_name) + load_dict = load_checkpoint(ckpt_path) load_param_into_net(net, load_dict) # get test data - data_list = "./MNIST_unzip/test" + data_list = "../../../common/dataset/MNIST/test" batch_size = 32 ds = generate_mnist_dataset(data_list, batch_size) diff --git a/examples/model_security/model_defenses/__init__.py b/examples/model_security/model_defenses/__init__.py new file mode 100644 index 0000000..e69de29 diff --git a/example/mnist_demo/mnist_defense_nad.py b/examples/model_security/model_defenses/mnist_defense_nad.py similarity index 87% rename from example/mnist_demo/mnist_defense_nad.py rename to examples/model_security/model_defenses/mnist_defense_nad.py index 3b1e364..35b52af 100644 --- a/example/mnist_demo/mnist_defense_nad.py +++ b/examples/model_security/model_defenses/mnist_defense_nad.py @@ -13,7 +13,6 @@ # limitations under the License. """defense example using nad""" import os -import sys import numpy as np from mindspore import Tensor @@ -27,10 +26,8 @@ from mindarmour.adv_robustness.attacks import FastGradientSignMethod from mindarmour.adv_robustness.defenses import NaturalAdversarialDefense from mindarmour.utils.logger import LogUtil -from lenet5_net import LeNet5 - -sys.path.append("..") -from data_processing import generate_mnist_dataset +from examples.common.networks.lenet5.lenet5_net import LeNet5 +from examples.common.dataset.data_processing import generate_mnist_dataset LOGGER = LogUtil.get_instance() @@ -42,7 +39,7 @@ def test_nad_method(): """ NAD-Defense test. """ - mnist_path = "./MNIST_unzip/" + mnist_path = "../../common/dataset/MNIST" batch_size = 32 # 1. train original model ds_train = generate_mnist_dataset(os.path.join(mnist_path, "train"), @@ -98,10 +95,19 @@ def test_nad_method(): np.mean(acc_list)) # 6. defense + ds_train = generate_mnist_dataset(os.path.join(mnist_path, "train"), + batch_size=batch_size, repeat_size=1) + inputs_train = [] + labels_train = [] + for data in ds_train.create_tuple_iterator(): + inputs_train.append(data[0].astype(np.float32)) + labels_train.append(data[1]) + inputs_train = np.concatenate(inputs_train) + labels_train = np.concatenate(labels_train) net.set_train() nad = NaturalAdversarialDefense(net, loss_fn=loss, optimizer=opt, bounds=(0.0, 1.0), eps=0.3) - nad.batch_defense(inputs, labels, batch_size=32, epochs=10) + nad.batch_defense(inputs_train, labels_train, batch_size=32, epochs=10) # 7. get accuracy of test data on defensed model net.set_train(False) diff --git a/example/mnist_demo/mnist_evaluation.py b/examples/model_security/model_defenses/mnist_evaluation.py similarity index 93% rename from example/mnist_demo/mnist_evaluation.py rename to examples/model_security/model_defenses/mnist_evaluation.py index 012e6cf..a2131c8 100644 --- a/example/mnist_demo/mnist_evaluation.py +++ b/examples/model_security/model_defenses/mnist_evaluation.py @@ -13,7 +13,6 @@ # limitations under the License. """evaluate example""" import os -import sys import time import numpy as np @@ -27,19 +26,17 @@ from mindspore.ops.operations import TensorAdd from mindspore.train.serialization import load_checkpoint, load_param_into_net from scipy.special import softmax -from lenet5_net import LeNet5 from mindarmour.adv_robustness.attacks import FastGradientSignMethod from mindarmour.adv_robustness.attacks import GeneticAttack -from mindarmour.adv_robustness.attacks import BlackModel +from mindarmour.adv_robustness.attacks.black.black_model import BlackModel from mindarmour.adv_robustness.defenses import NaturalAdversarialDefense from mindarmour.adv_robustness.detectors import SimilarityDetector from mindarmour.adv_robustness.evaluations import BlackDefenseEvaluate from mindarmour.adv_robustness.evaluations import DefenseEvaluate from mindarmour.utils.logger import LogUtil -sys.path.append("..") -from data_processing import generate_mnist_dataset - +from examples.common.dataset.data_processing import generate_mnist_dataset +from examples.common.networks.lenet5.lenet5_net import LeNet5 LOGGER = LogUtil.get_instance() TAG = 'Defense_Evaluate_Example' @@ -126,18 +123,17 @@ class ModelToBeAttacked(BlackModel): return self._detected_res -def test_black_defense(): +def test_defense_evaluation(): # load trained network current_dir = os.path.dirname(os.path.abspath(__file__)) - ckpt_name = os.path.abspath(os.path.join( - current_dir, './trained_ckpt_file/checkpoint_lenet-10_1875.ckpt')) - # ckpt_name = './trained_ckpt_file/checkpoint_lenet-10_1875.ckpt' + ckpt_path = os.path.abspath(os.path.join( + current_dir, '../../common/networks/lenet5/trained_ckpt_file/checkpoint_lenet-10_1875.ckpt')) wb_net = LeNet5() - load_dict = load_checkpoint(ckpt_name) + load_dict = load_checkpoint(ckpt_path) load_param_into_net(wb_net, load_dict) # get test data - data_list = "./MNIST_unzip/test" + data_list = "../../common/dataset/MNIST/test" batch_size = 32 ds_test = generate_mnist_dataset(data_list, batch_size=batch_size) inputs = [] @@ -324,4 +320,4 @@ if __name__ == '__main__': context.set_context(mode=context.GRAPH_MODE, device_target="GPU") DEVICE = context.get_context("device_target") if DEVICE in ("Ascend", "GPU"): - test_black_defense() + test_defense_evaluation() diff --git a/example/mnist_demo/mnist_similarity_detector.py b/examples/model_security/model_defenses/mnist_similarity_detector.py similarity index 94% rename from example/mnist_demo/mnist_similarity_detector.py rename to examples/model_security/model_defenses/mnist_similarity_detector.py index 59c7964..c179052 100644 --- a/example/mnist_demo/mnist_similarity_detector.py +++ b/examples/model_security/model_defenses/mnist_similarity_detector.py @@ -11,26 +11,23 @@ # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. # See the License for the specific language governing permissions and # limitations under the License. -import sys - import numpy as np +from scipy.special import softmax + from mindspore import Model from mindspore import Tensor from mindspore import context from mindspore.nn import Cell from mindspore.ops.operations import TensorAdd from mindspore.train.serialization import load_checkpoint, load_param_into_net -from scipy.special import softmax -from lenet5_net import LeNet5 from mindarmour import BlackModel from mindarmour.adv_robustness.attacks.black.pso_attack import PSOAttack from mindarmour.adv_robustness.detectors import SimilarityDetector from mindarmour.utils.logger import LogUtil - -sys.path.append("..") -from data_processing import generate_mnist_dataset +from examples.common.dataset.data_processing import generate_mnist_dataset +from examples.common.networks.lenet5.lenet5_net import LeNet5 LOGGER = LogUtil.get_instance() TAG = 'Similarity Detector test' @@ -95,13 +92,13 @@ def test_similarity_detector(): Similarity Detector test. """ # load trained network - ckpt_name = './trained_ckpt_file/checkpoint_lenet-10_1875.ckpt' + ckpt_path = '../../common/networks/lenet5/trained_ckpt_file/checkpoint_lenet-10_1875.ckpt' net = LeNet5() - load_dict = load_checkpoint(ckpt_name) + load_dict = load_checkpoint(ckpt_path) load_param_into_net(net, load_dict) # get mnist data - data_list = "./MNIST_unzip/test" + data_list = "../../common/dataset/MNIST/test" batch_size = 1000 ds = generate_mnist_dataset(data_list, batch_size=batch_size) model = ModelToBeAttacked(net) diff --git a/examples/privacy/README.md b/examples/privacy/README.md new file mode 100644 index 0000000..f09392c --- /dev/null +++ b/examples/privacy/README.md @@ -0,0 +1,33 @@ +# Application demos of privacy stealing and privacy protection +## Introduction +Although machine learning could obtain a generic model based on training data, it has been proved that the trained + model may disclose the information of training data (such as the membership inference attack). Differential + privacy training + is an effective + method proposed + to overcome this problem, in which Gaussian noise is added while training. There are mainly three parts for + differential privacy(DP) training: noise-generating mechanism, DP optimizer and DP monitor. We have implemented + a novel noise-generating mechanisms: adaptive decay noise mechanism. DP + monitor is used to compute the privacy budget while training. + +## 1. Adaptive decay DP training +With adaptive decay mechanism, the magnitude of the Gaussian noise would be decayed as the training step grows, which + resulting a stable convergence. +```sh +$ cd examples/privacy/diff_privacy +$ python lenet5_dp_ada_gaussian.py +``` +## 2. Adaptive norm clip training +With adaptive norm clip mechanism, the norm clip of the gradients would be changed according to the norm values of + them, which can adjust the ratio of noise and original gradients. +```sh +$ cd examples/privacy/diff_privacy +$ python lenet5_dp.py +``` +## 3. Membership inference attack +By this attack method, we could judge whether a sample is belongs to training dataset or not. +```sh +$ cd examples/privacy/membership_inference_attack +$ python vgg_cifar_attack.py +``` + diff --git a/examples/privacy/__init__.py b/examples/privacy/__init__.py new file mode 100644 index 0000000..e69de29 diff --git a/examples/privacy/diff_privacy/__init__.py b/examples/privacy/diff_privacy/__init__.py new file mode 100644 index 0000000..e69de29 diff --git a/example/mnist_demo/dp_ada_gaussian_config.py b/examples/privacy/diff_privacy/dp_ada_gaussian_config.py similarity index 95% rename from example/mnist_demo/dp_ada_gaussian_config.py rename to examples/privacy/diff_privacy/dp_ada_gaussian_config.py index 03d1414..eeefef2 100644 --- a/example/mnist_demo/dp_ada_gaussian_config.py +++ b/examples/privacy/diff_privacy/dp_ada_gaussian_config.py @@ -29,7 +29,7 @@ mnist_cfg = edict({ 'save_checkpoint_steps': 234, # the interval steps for saving checkpoint file of the model 'keep_checkpoint_max': 10, # the maximum number of checkpoint files would be saved 'device_target': 'Ascend', # device used - 'data_path': './MNIST_unzip', # the path of training and testing data set + 'data_path': '../../common/dataset/MNIST', # the path of training and testing data set 'dataset_sink_mode': False, # whether deliver all training data to device one time 'micro_batches': 32, # the number of small batches split from an original batch 'norm_bound': 1.0, # the clip bound of the gradients of model's training parameters diff --git a/example/mnist_demo/dp_ada_sgd_graph_config.py b/examples/privacy/diff_privacy/dp_ada_sgd_graph_config.py similarity index 95% rename from example/mnist_demo/dp_ada_sgd_graph_config.py rename to examples/privacy/diff_privacy/dp_ada_sgd_graph_config.py index 82e6b13..6bb86fa 100644 --- a/example/mnist_demo/dp_ada_sgd_graph_config.py +++ b/examples/privacy/diff_privacy/dp_ada_sgd_graph_config.py @@ -29,7 +29,7 @@ mnist_cfg = edict({ 'save_checkpoint_steps': 234, # the interval steps for saving checkpoint file of the model 'keep_checkpoint_max': 10, # the maximum number of checkpoint files would be saved 'device_target': 'Ascend', # device used - 'data_path': './MNIST_unzip', # the path of training and testing data set + 'data_path': '../../common/dataset/MNIST', # the path of training and testing data set 'dataset_sink_mode': False, # whether deliver all training data to device one time 'micro_batches': 16, # the number of small batches split from an original batch 'norm_bound': 1.0, # the clip bound of the gradients of model's training parameters diff --git a/example/mnist_demo/lenet5_config.py b/examples/privacy/diff_privacy/lenet5_config.py similarity index 96% rename from example/mnist_demo/lenet5_config.py rename to examples/privacy/diff_privacy/lenet5_config.py index 896d7d0..e0e2f97 100644 --- a/example/mnist_demo/lenet5_config.py +++ b/examples/privacy/diff_privacy/lenet5_config.py @@ -29,7 +29,7 @@ mnist_cfg = edict({ 'save_checkpoint_steps': 234, # the interval steps for saving checkpoint file of the model 'keep_checkpoint_max': 10, # the maximum number of checkpoint files would be saved 'device_target': 'Ascend', # device used - 'data_path': './MNIST_unzip', # the path of training and testing data set + 'data_path': '../../common/dataset/MNIST', # the path of training and testing data set 'dataset_sink_mode': False, # whether deliver all training data to device one time 'micro_batches': 32, # the number of small batches split from an original batch 'norm_bound': 1.0, # the clip bound of the gradients of model's training parameters diff --git a/example/mnist_demo/lenet5_dp.py b/examples/privacy/diff_privacy/lenet5_dp.py similarity index 97% rename from example/mnist_demo/lenet5_dp.py rename to examples/privacy/diff_privacy/lenet5_dp.py index d8249b9..ad0e243 100644 --- a/example/mnist_demo/lenet5_dp.py +++ b/examples/privacy/diff_privacy/lenet5_dp.py @@ -24,9 +24,9 @@ from mindspore.train.callback import LossMonitor from mindspore.nn.metrics import Accuracy from mindspore.train.serialization import load_checkpoint, load_param_into_net import mindspore.dataset as ds -import mindspore.dataset.transforms.vision.c_transforms as CV +import mindspore.dataset.vision.c_transforms as CV import mindspore.dataset.transforms.c_transforms as C -from mindspore.dataset.transforms.vision import Inter +from mindspore.dataset.vision import Inter import mindspore.common.dtype as mstype from mindarmour.privacy.diff_privacy import DPModel @@ -34,7 +34,7 @@ from mindarmour.privacy.diff_privacy import PrivacyMonitorFactory from mindarmour.privacy.diff_privacy import NoiseMechanismsFactory from mindarmour.privacy.diff_privacy import ClipMechanismsFactory from mindarmour.utils.logger import LogUtil -from lenet5_net import LeNet5 +from examples.common.networks.lenet5.lenet5_net import LeNet5 from lenet5_config import mnist_cfg as cfg LOGGER = LogUtil.get_instance() diff --git a/example/mnist_demo/lenet5_dp_ada_gaussian.py b/examples/privacy/diff_privacy/lenet5_dp_ada_gaussian.py similarity index 97% rename from example/mnist_demo/lenet5_dp_ada_gaussian.py rename to examples/privacy/diff_privacy/lenet5_dp_ada_gaussian.py index fdd7c9e..e23b6ed 100644 --- a/example/mnist_demo/lenet5_dp_ada_gaussian.py +++ b/examples/privacy/diff_privacy/lenet5_dp_ada_gaussian.py @@ -24,16 +24,16 @@ from mindspore.train.callback import LossMonitor from mindspore.nn.metrics import Accuracy from mindspore.train.serialization import load_checkpoint, load_param_into_net import mindspore.dataset as ds -import mindspore.dataset.transforms.vision.c_transforms as CV +import mindspore.dataset.vision.c_transforms as CV import mindspore.dataset.transforms.c_transforms as C -from mindspore.dataset.transforms.vision import Inter +from mindspore.dataset.vision import Inter import mindspore.common.dtype as mstype from mindarmour.privacy.diff_privacy import DPModel from mindarmour.privacy.diff_privacy import PrivacyMonitorFactory from mindarmour.privacy.diff_privacy import NoiseMechanismsFactory from mindarmour.utils.logger import LogUtil -from lenet5_net import LeNet5 +from examples.common.networks.lenet5.lenet5_net import LeNet5 from dp_ada_gaussian_config import mnist_cfg as cfg LOGGER = LogUtil.get_instance() diff --git a/example/mnist_demo/lenet5_dp_ada_sgd_graph.py b/examples/privacy/diff_privacy/lenet5_dp_ada_sgd_graph.py similarity index 97% rename from example/mnist_demo/lenet5_dp_ada_sgd_graph.py rename to examples/privacy/diff_privacy/lenet5_dp_ada_sgd_graph.py index 1475555..c223eb8 100644 --- a/example/mnist_demo/lenet5_dp_ada_sgd_graph.py +++ b/examples/privacy/diff_privacy/lenet5_dp_ada_sgd_graph.py @@ -24,16 +24,16 @@ from mindspore.train.callback import LossMonitor from mindspore.nn.metrics import Accuracy from mindspore.train.serialization import load_checkpoint, load_param_into_net import mindspore.dataset as ds -import mindspore.dataset.transforms.vision.c_transforms as CV +import mindspore.dataset.vision.c_transforms as CV import mindspore.dataset.transforms.c_transforms as C -from mindspore.dataset.transforms.vision import Inter +from mindspore.dataset.vision import Inter import mindspore.common.dtype as mstype from mindarmour.privacy.diff_privacy import DPModel from mindarmour.privacy.diff_privacy import PrivacyMonitorFactory from mindarmour.privacy.diff_privacy import NoiseMechanismsFactory from mindarmour.utils.logger import LogUtil -from lenet5_net import LeNet5 +from examples.common.networks.lenet5.lenet5_net import LeNet5 from dp_ada_sgd_graph_config import mnist_cfg as cfg LOGGER = LogUtil.get_instance() diff --git a/example/mnist_demo/lenet5_dp_optimizer.py b/examples/privacy/diff_privacy/lenet5_dp_optimizer.py similarity index 97% rename from example/mnist_demo/lenet5_dp_optimizer.py rename to examples/privacy/diff_privacy/lenet5_dp_optimizer.py index 2eec90c..5bee8a5 100644 --- a/example/mnist_demo/lenet5_dp_optimizer.py +++ b/examples/privacy/diff_privacy/lenet5_dp_optimizer.py @@ -24,9 +24,9 @@ from mindspore.train.callback import LossMonitor from mindspore.nn.metrics import Accuracy from mindspore.train.serialization import load_checkpoint, load_param_into_net import mindspore.dataset as ds -import mindspore.dataset.transforms.vision.c_transforms as CV +import mindspore.dataset.vision.c_transforms as CV import mindspore.dataset.transforms.c_transforms as C -from mindspore.dataset.transforms.vision import Inter +from mindspore.dataset.vision import Inter import mindspore.common.dtype as mstype from mindarmour.privacy.diff_privacy import DPModel @@ -34,7 +34,7 @@ from mindarmour.privacy.diff_privacy import PrivacyMonitorFactory from mindarmour.privacy.diff_privacy import DPOptimizerClassFactory from mindarmour.privacy.diff_privacy import ClipMechanismsFactory from mindarmour.utils.logger import LogUtil -from lenet5_net import LeNet5 +from examples.common.networks.lenet5.lenet5_net import LeNet5 from lenet5_config import mnist_cfg as cfg LOGGER = LogUtil.get_instance() diff --git a/examples/privacy/membership_inference_attack/__init__.py b/examples/privacy/membership_inference_attack/__init__.py new file mode 100644 index 0000000..e69de29 diff --git a/example/membership_inference_demo/eval.py b/examples/privacy/membership_inference_attack/eval.py similarity index 96% rename from example/membership_inference_demo/eval.py rename to examples/privacy/membership_inference_attack/eval.py index a56113b..b0748ba 100644 --- a/example/membership_inference_demo/eval.py +++ b/examples/privacy/membership_inference_attack/eval.py @@ -27,9 +27,9 @@ from mindspore.ops import functional as F from mindspore.common import dtype as mstype from mindarmour.utils import LogUtil -from vgg.vgg import vgg16 -from vgg.dataset import vgg_create_dataset100 -from vgg.config import cifar_cfg as cfg +from examples.common.networks.vgg.vgg import vgg16 +from examples.common.dataset.data_processing import vgg_create_dataset100 +from examples.common.networks.vgg.config import cifar_cfg as cfg class ParameterReduce(nn.Cell): diff --git a/example/membership_inference_demo/train.py b/examples/privacy/membership_inference_attack/train.py similarity index 94% rename from example/membership_inference_demo/train.py rename to examples/privacy/membership_inference_attack/train.py index 315684c..65c631f 100644 --- a/example/membership_inference_demo/train.py +++ b/examples/privacy/membership_inference_attack/train.py @@ -32,13 +32,13 @@ from mindspore.train.model import Model from mindspore.train.serialization import load_param_into_net, load_checkpoint from mindarmour.utils import LogUtil -from vgg.dataset import vgg_create_dataset100 -from vgg.warmup_step_lr import warmup_step_lr -from vgg.warmup_cosine_annealing_lr import warmup_cosine_annealing_lr -from vgg.warmup_step_lr import lr_steps -from vgg.utils.util import get_param_groups -from vgg.vgg import vgg16 -from vgg.config import cifar_cfg as cfg +from examples.common.dataset.data_processing import vgg_create_dataset100 +from examples.common.networks.vgg.warmup_step_lr import warmup_step_lr +from examples.common.networks.vgg.warmup_cosine_annealing_lr import warmup_cosine_annealing_lr +from examples.common.networks.vgg.warmup_step_lr import lr_steps +from examples.common.networks.vgg.utils.util import get_param_groups +from examples.common.networks.vgg.vgg import vgg16 +from examples.common.networks.vgg.config import cifar_cfg as cfg TAG = "train" diff --git a/example/membership_inference_demo/main.py b/examples/privacy/membership_inference_attack/vgg_cifar_attack.py similarity index 93% rename from example/membership_inference_demo/main.py rename to examples/privacy/membership_inference_attack/vgg_cifar_attack.py index cbce936..51dc204 100644 --- a/example/membership_inference_demo/main.py +++ b/examples/privacy/membership_inference_attack/vgg_cifar_attack.py @@ -17,12 +17,6 @@ Examples of membership inference """ import argparse import sys - -from vgg.vgg import vgg16 -from vgg.config import cifar_cfg as cfg -from vgg.utils.util import get_param_groups -from vgg.dataset import vgg_create_dataset100 - import numpy as np from mindspore.train import Model @@ -30,10 +24,16 @@ from mindspore.train.serialization import load_param_into_net, load_checkpoint import mindspore.nn as nn from mindarmour.privacy.evaluation import MembershipInference from mindarmour.utils import LogUtil + +from examples.common.networks.vgg.vgg import vgg16 +from examples.common.networks.vgg.config import cifar_cfg as cfg +from examples.common.networks.vgg.utils.util import get_param_groups +from examples.common.dataset.data_processing import vgg_create_dataset100 + logging = LogUtil.get_instance() logging.set_level(20) -sys.path.append("../../") +sys.path.append("../../../") TAG = "membership inference example" diff --git a/tests/ut/python/adv_robustness/attacks/black/test_hsja.py b/tests/ut/python/adv_robustness/attacks/black/test_hsja.py index d4ddaee..ea4eb83 100644 --- a/tests/ut/python/adv_robustness/attacks/black/test_hsja.py +++ b/tests/ut/python/adv_robustness/attacks/black/test_hsja.py @@ -72,10 +72,10 @@ def create_target_images(dataset, data_labels, target_labels): def get_model(): # upload trained network current_dir = os.path.dirname(os.path.abspath(__file__)) - ckpt_name = os.path.join(current_dir, + ckpt_path = os.path.join(current_dir, '../../../dataset/trained_ckpt_file/checkpoint_lenet-10_1875.ckpt') net = Net() - load_dict = load_checkpoint(ckpt_name) + load_dict = load_checkpoint(ckpt_path) load_param_into_net(net, load_dict) net.set_train(False) model = ModelToBeAttacked(net) diff --git a/tests/ut/python/adv_robustness/attacks/black/test_nes.py b/tests/ut/python/adv_robustness/attacks/black/test_nes.py index d9fa516..47a2b67 100644 --- a/tests/ut/python/adv_robustness/attacks/black/test_nes.py +++ b/tests/ut/python/adv_robustness/attacks/black/test_nes.py @@ -78,10 +78,10 @@ def create_target_images(dataset, data_labels, target_labels): def get_model(current_dir): - ckpt_name = os.path.join(current_dir, + ckpt_path = os.path.join(current_dir, '../../../dataset/trained_ckpt_file/checkpoint_lenet-10_1875.ckpt') net = Net() - load_dict = load_checkpoint(ckpt_name) + load_dict = load_checkpoint(ckpt_path) load_param_into_net(net, load_dict) net.set_train(False) model = ModelToBeAttacked(net) diff --git a/tests/ut/python/adv_robustness/attacks/black/test_pointwise_attack.py b/tests/ut/python/adv_robustness/attacks/black/test_pointwise_attack.py index 6428cdb..0de664e 100644 --- a/tests/ut/python/adv_robustness/attacks/black/test_pointwise_attack.py +++ b/tests/ut/python/adv_robustness/attacks/black/test_pointwise_attack.py @@ -60,10 +60,10 @@ def test_pointwise_attack_method(): np.random.seed(123) # upload trained network current_dir = os.path.dirname(os.path.abspath(__file__)) - ckpt_name = os.path.join(current_dir, + ckpt_path = os.path.join(current_dir, '../../../dataset/trained_ckpt_file/checkpoint_lenet-10_1875.ckpt') net = Net() - load_dict = load_checkpoint(ckpt_name) + load_dict = load_checkpoint(ckpt_path) load_param_into_net(net, load_dict) # get one mnist image diff --git a/tests/ut/python/adv_robustness/attacks/test_lbfgs.py b/tests/ut/python/adv_robustness/attacks/test_lbfgs.py index 46e7f05..528d5fd 100644 --- a/tests/ut/python/adv_robustness/attacks/test_lbfgs.py +++ b/tests/ut/python/adv_robustness/attacks/test_lbfgs.py @@ -46,10 +46,10 @@ def test_lbfgs_attack(): np.random.seed(123) # upload trained network current_dir = os.path.dirname(os.path.abspath(__file__)) - ckpt_name = os.path.join(current_dir, + ckpt_path = os.path.join(current_dir, '../../dataset/trained_ckpt_file/checkpoint_lenet-10_1875.ckpt') net = Net() - load_dict = load_checkpoint(ckpt_name) + load_dict = load_checkpoint(ckpt_path) load_param_into_net(net, load_dict) # get one mnist image