MindArmour v1.9.1
1.9.1
MindArmour focuses on the security and privacy issues of AI. Committed to enhancing the security and credibility of models and protecting users’ data privacy. It mainly contains 3 modules: adversarial sample robustness module, Fuzz Testing module, and privacy protection and evaluation module.
The adversarial example robustness module is used to evaluate the model's robustness to adversarial examples, and provides model enhancement methods to enhance the model's ability to resist adversarial example attacks and improve model robustness. The adversarial sample robustness module contains four sub-modules: generation of adversarial samples, detection of adversarial samples, model defense, and attack and defense evaluation.
The architecture diagram of the adversarial sample robustness module is as follows:
The Fuzz Testing module is a security test for AI models. According to the characteristics of the neural network, neuron coverage is introduced as a guide for Fuzz testing, guiding the Fuzzer to generate samples in the direction of increasing neuron coverage, so that the input can activate more Neurons, with a wider distribution of neuron values to fully test neural networks and explore different types of model output results and erroneous behaviors.
The architecture diagram of the Fuzz Testing module is as follows
The privacy protection module includes differential privacy training and privacy leakage assessment.
Differential privacy training includes dynamic or non-dynamic differential privacy SGD, Momentum, and Adam optimizers. The noise mechanism supports Gaussian distribution noise and Laplace distribution noise. Differential privacy budget monitoring includes ZCDP and RDP.
The architecture diagram of differential privacy is as follows
The privacy leakage assessment module is used to evaluate the risk of the model leaking user privacy. The membership inference method is used to infer whether the sample belongs to the user training data set to evaluate the privacy data security of the deep learning model.
The framework diagram of the privacy leakage assessment module is as follows:
