diff --git a/RELEASE.md b/RELEASE.md index 870fe6bf9b11e16b14015e1cfc77a5be86c6d02a..e90906fceddb2003fa7b9c616700cb944e974be3 100644 --- a/RELEASE.md +++ b/RELEASE.md @@ -1,3 +1,38 @@ +# Release 0.3.0-alpha + +## Major Features and Improvements + +### Differential Privacy Model Training + +Differential Privacy is coming! By using Differential-Privacy-Optimizers, one can still train a model as usual, while the trained model preserved the privacy of training dataset, satisfying the definition of +differential privacy with proper budget. +* Optimizers with Differential Privacy([PR23](https://gitee.com/mindspore/mindarmour/pulls/23), [PR24](https://gitee.com/mindspore/mindarmour/pulls/24)) + * Some common optimizers now have a differential privacy version (SGD/ + Adam). We are adding more. + * Automatically and adaptively add Gaussian Noise during training to achieve Differential Privacy. + * Automatically stop training when Differential Privacy Budget exceeds. +* Differential Privacy Monitor([PR22](https://gitee.com/mindspore/mindarmour/pulls/22)) + * Calculate overall budget consumed during training, indicating the ultimate protect effect. +## Bug fixes +## Contributors +Thanks goes to these wonderful people: +Liu Liu, Huanhuan Zheng, Zhidan Liu, Xiulang Jin +Contributions of any kind are welcome! + +# Release 0.2.0-alpha +## Major Features and Improvements +- Add a white-box attack method: M-DI2-FGSM([PR14](https://gitee.com/mindspore/mindarmour/pulls/14)). +- Add three neuron coverage metrics: KMNCov, NBCov, SNACov([PR12](https://gitee.com/mindspore/mindarmour/pulls/12)). +- Add a coverage-guided fuzzing test framework for deep neural networks([PR13](https://gitee.com/mindspore/mindarmour/pulls/13)). +- Update the MNIST Lenet5 examples. +- Remove some duplicate code. + +## Bug fixes +## Contributors +Thanks goes to these wonderful people: +Liu Liu, Huanhuan Zheng, Zhidan Liu, Xiulang Jin +Contributions of any kind are welcome! + # Release 0.1.0-alpha Initial release of MindArmour. @@ -8,4 +43,4 @@ Initial release of MindArmour. - Include 13 white-box and 7 black-box attack methods. - Provide 5 detection algorithms to detect attacking in multiple way. - Provide adversarial training to enhance model security. -- Provide 6 evaluation metrics for attack methods and 9 evaluation metrics for defense methods. \ No newline at end of file +- Provide 6 evaluation metrics for attack methods and 9 evaluation metrics for defense methods. diff --git a/example/mnist_demo/lenet5_dp_model_train.py b/example/mnist_demo/lenet5_dp_model_train.py index 6765523a7cb4d37c32ced35e689659747c760f9d..61a359a205a33f19fd4d5004499ec68c254d5447 100644 --- a/example/mnist_demo/lenet5_dp_model_train.py +++ b/example/mnist_demo/lenet5_dp_model_train.py @@ -37,7 +37,6 @@ from mindarmour.utils.logger import LogUtil from lenet5_net import LeNet5 from lenet5_config import mnist_cfg as cfg - LOGGER = LogUtil.get_instance() TAG = 'Lenet5_train' @@ -121,9 +120,9 @@ if __name__ == "__main__": gaussian_mech.set_mechanisms('Gaussian', norm_bound=args.l2_norm_bound, initial_noise_multiplier=args.initial_noise_multiplier) - net_opt = gaussian_mech.create('Momentum')(params=network.trainable_params(), - learning_rate=cfg.lr, - momentum=cfg.momentum) + net_opt = gaussian_mech.create('SGD')(params=network.trainable_params(), + learning_rate=cfg.lr, + momentum=cfg.momentum) micro_size = int(cfg.batch_size // args.micro_batches) rdp_monitor = PrivacyMonitorFactory.create('rdp', num_samples=60000, diff --git a/setup.py b/setup.py index 47126b757c5f926e63b1eff9ec256e80da610b20..4d12d15af6d022a51671f5728d8304e42b421c68 100644 --- a/setup.py +++ b/setup.py @@ -18,7 +18,7 @@ from setuptools import setup from setuptools.command.egg_info import egg_info from setuptools.command.build_py import build_py -version = '0.2.0' +version = '0.3.0' cur_dir = os.path.dirname(os.path.realpath(__file__)) pkg_dir = os.path.join(cur_dir, 'build')