mindspore.obfuscate_model

mindspore.obfuscate_model(obf_config, **kwargs)[source]

Obfuscate a model of MindIR format. Obfuscation means changing the struct of a network without affecting its predict correctness. The obfuscated model can prevent attackers from stealing the model.

Parameters

  • obf_config (dict) –

    obfuscation config.

    • type (str): The type of obfuscation, only ‘dynamic’ is supported until now.

    • original_model_path (str): The path of MindIR format model that need to be obfuscated. If the original model is encrypted, then enc_key and enc_mode should be provided.

    • save_model_path (str): The path to save the obfuscated model.

    • model_inputs (list(Tensor)): The inputs of the original model, the values of Tensor can be random, which is the same as using export().

    • obf_ratio (Union(float, str)): The ratio of nodes in original model that would be obfuscated. obf_ratio should be in range of (0, 1] or in [“small”, “medium”, “large”].

    • customized_func (function): A python function used for customized function mode, which used for control the switch branch of obfuscation structure. The outputs of customized_func should be boolean. This function needs to ensure that its result is constant for any input. Users can refer to opaque predicates. If customized_func is set, then it should be passed to load() interface when loading obfuscated model.

    • obf_password (int): A password used for password mode, which should be in (0, 9223372036854775807]. If obf_password is set, then it should be passed to nn.GraphCell() interface when loading obfuscated model. It should be noted that at least one of ‘customized_func’ or ‘obf_password’ should be set, and ‘obf_password’ mode would be applied if both of them are set.

  • kwargs (dict) –

    Configuration options dictionary.

    • enc_key (bytes): Byte type key used for encryption. The valid length is 16, 24, or 32.

    • enc_mode (str): Specifies the encryption mode, to take effect when dec_key is set. Option: ‘AES-GCM’ | ‘AES-CBC’ | ‘SM4-CBC’. Default: ‘AES-GCM’.

Raises

  • TypeError – If obf_config is not a dict.

  • ValueError – If enc_key is passed and enc_mode is not in [“AES-GCM”, “AES-CBC”, “SM4-CBC”].

  • ValueError – If original_model_path is not provided in obf_config.

  • ValueError – If the model saved in original_model_path has been obfuscated.

  • ValueError – If save_model_path is not provided in obf_config.

  • ValueError – If obf_ratio is not provided in obf_config.

  • ValueError – If both customized_func and obf_password are not provided in obf_config.

  • ValueError – If both obf_password is not in (0, 9223372036854775807].

  • ValueError – If file_path is not exist or file_path is not end with ‘.mindir’.

Examples

>>> obf_config = {'original_model_path': "./net.mindir",
...          'save_model_path': "./obf_net",
...          'model_inputs': [input1, ],
...          'obf_ratio': 0.1, 'obf_password': 173262358423}
>>> obfuscate_model(obf_config)
>>> obf_func = load("obf_net.mindir")
>>> obf_net = nn.GraphCell(obf_func, obf_password=173262358423)
>>> print(obf_net(input1).asnumpy())