Security and Privacy Protection

View Source On Gitee

Overview

This document describes AI security and privacy protection. As a universal technology, AI brings huge opportunities and benefits, but also faces new security and privacy protection challenges. MindArmour is a sub-project of MindSpore. It provides security and privacy protection capabilities for MindSpore, including technologies such as adversarial robustness, model security test, differential privacy training, and privacy breach risk assessment.

Adversarial Robustness

Attack

The Attack base class defines the interface for generating adversarial examples. Its subclasses implement various specific generation algorithms and allow security personnel to quickly and efficiently generate adversarial examples for attacking AI models to evaluate the robustness of the models.

Defense

The Defense base class defines the interface for adversarial training. Its subclasses implement various adversarial training algorithms to enhance the adversarial robustness of the models.

Detector

The Detector base class defines the interface for adversarial sample detection. Its subclasses implement various specific detection algorithms to enhance the adversarial robustness of the models.

For details, see Improving Model Security with NAD Algorithm.

Model Security Test

Fuzzer

The Fuzzer class controls the fuzzing process based on the neuron coverage gain. It uses natural perturbation and adversarial sample generation methods as the mutation policy to activate more neurons to explore different types of model output results and error behavior, helping users enhance model robustness.

For details, see Testing Model Security Using Fuzz Testing.

Differential Privacy Training

DPModel

DPModel inherits mindspore.Model and provides the entry function for differential privacy training.

For details, see Protecting User Privacy with Differential Privacy Mechanism.

Privacy Breach Risk Assessment

Membership Inference

The MembershipInference class provides a reverse analysis method. It can infer whether a sample is in the training set of a model based on the prediction information of the model on the sample to evaluate the privacy breach risk of the model.

For details, see Testing Model Security with Membership Inference.