mindspore.obfuscate_model
- mindspore.obfuscate_model(obf_config, **kwargs)[source]
Obfuscate a model of MindIR format. Obfuscation means changing the struct of a network without affecting its predict correctness. The obfuscated model can prevent attackers from stealing the model.
- Parameters
obf_config (dict) –
obfuscation config.
type (str): The type of obfuscation, only ‘dynamic’ is supported until now.
original_model_path (str): The path of MindIR format model that need to be obfuscated. If the original model is encrypted, then enc_key and enc_mode should be provided.
save_model_path (str): The path to save the obfuscated model.
model_inputs (list(Tensor)): The inputs of the original model, the values of Tensor can be random, which is the same as using
mindspore.export()
.obf_ratio (Union(float, str)): The ratio of nodes in original model that would be obfuscated. obf_ratio should be in range of (0, 1] or in [“small”, “medium”, “large”].
customized_func (function): A python function used for customized function mode, which used for control the switch branch of obfuscation structure. The outputs of customized_func should be boolean. This function needs to ensure that its result is constant for any input. Users can refer to opaque predicates. If customized_func is set, then it should be passed to
mindspore.load()
interface when loading obfuscated model.obf_random_seed (int): The random seed used for determine the distribution of confusion branches and the weight confusion coefficient, which should be in (0, 9223372036854775807]. If obf_random_seed is set, then it should be passed to
nn.GraphCell()
interface when loading obfuscated model. It should be noted that at least one of customized_func or obf_random_seed should be set, and the latter mode would be applied if both of them are set.
kwargs (dict) –
Configuration options dictionary.
enc_key (bytes): Byte type key used for encryption. The valid length is 16, 24, or 32.
enc_mode (str): Specifies the encryption mode, to take effect when dec_key is set. Option: ‘AES-GCM’ | ‘AES-CBC’ | ‘SM4-CBC’. Default: ‘AES-GCM’.
- Raises
TypeError – If obf_config is not a dict.
ValueError – If enc_key is passed and enc_mode is not in [“AES-GCM”, “AES-CBC”, “SM4-CBC”].
ValueError – If original_model_path is not provided in obf_config.
ValueError – If the model saved in original_model_path has been obfuscated.
ValueError – If save_model_path is not provided in obf_config.
ValueError – If obf_ratio is not provided in obf_config.
ValueError – If both customized_func and obf_random_seed are not provided in obf_config.
ValueError – If obf_random_seed is not in (0, 9223372036854775807].
ValueError – If original_model_path is not exist or original_model_path is not end with ‘.mindir’.
Examples
>>> import mindspore as ms >>> import mindspore.nn as nn >>> obf_config = {'original_model_path': "./net.mindir", ... 'save_model_path': "./obf_net", ... 'model_inputs': [input1, ], ... 'obf_ratio': 0.1, 'obf_random_seed': 173262358423} >>> ms.obfuscate_model(obf_config) >>> obf_func = ms.load("obf_net.mindir") >>> obf_net = nn.GraphCell(obf_func, obf_random_seed=173262358423) >>> print(obf_net(input1).asnumpy())