mindspore.obfuscate_model

View Source On Gitee
mindspore.obfuscate_model(obf_config, **kwargs)[source]

Obfuscate a model of MindIR format. Obfuscation means changing the struct of a network without affecting its predict correctness. The obfuscated model can prevent attackers from stealing the model.

Parameters
  • obf_config (dict) –

    obfuscation config.

    • type (str): The type of obfuscation, only ‘dynamic’ is supported until now.

    • original_model_path (str): The path of MindIR format model that need to be obfuscated. If the original model is encrypted, then enc_key and enc_mode should be provided.

    • save_model_path (str): The path to save the obfuscated model.

    • model_inputs (list(Tensor)): The inputs of the original model, the values of Tensor can be random, which is the same as using mindspore.export().

    • obf_ratio (Union(float, str)): The ratio of nodes in original model that would be obfuscated. obf_ratio should be in range of (0, 1] or in [“small”, “medium”, “large”]. “small”, “medium” and “large” are correspond to 0.1, 0.3, and 0.6 respectively.

    • customized_func (function): A python function used for customized function mode, which used for control the switch branch of obfuscation structure. The outputs of customized_func should be boolean and const ( Reference to ‘my_func()’ in tutorials). This function needs to ensure that its result is constant for any input. Users can refer to opaque predicates. If customized_func is set, then it should be passed to mindspore.load() interface when loading obfuscated model.

    • obf_random_seed (int): Obfuscation random seed, which should be in (0, 9223372036854775807]. The structure of obfuscated models corresponding to different random seeds is different. If obf_random_seed is set, then it should be passed to nn.GraphCell() interface when loading obfuscated model. It should be noted that at least one of customized_func or obf_random_seed should be set, and the latter mode would be applied if both of them are set.

  • kwargs (dict) –

    Configuration options dictionary.

    • enc_key (bytes): Byte type key used for encryption. The valid length is 16, 24, or 32.

    • enc_mode (str): Specifies the encryption mode, to take effect when dec_key is set. Option: ‘AES-GCM’ | ‘AES-CBC’ | ‘SM4-CBC’. Default: ‘AES-GCM’.

Raises
  • TypeError – If obf_config is not a dict.

  • ValueError – If enc_key is passed and enc_mode is not in [“AES-GCM”, “AES-CBC”, “SM4-CBC”].

  • ValueError – If original_model_path is not provided in obf_config.

  • ValueError – If the model saved in original_model_path has been obfuscated.

  • ValueError – If save_model_path is not provided in obf_config.

  • ValueError – If obf_ratio is not provided in obf_config.

  • ValueError – If both customized_func and obf_random_seed are not provided in obf_config.

  • ValueError – If obf_random_seed is not in (0, 9223372036854775807].

  • ValueError – If original_model_path is not exist or original_model_path is not end with ‘.mindir’.

Examples

>>> import mindspore as ms
>>> import mindspore.nn as nn
>>> obf_config = {'original_model_path': "./net.mindir",
...          'save_model_path': "./obf_net",
...          'model_inputs': [input1, ],
...          'obf_ratio': 0.1, 'obf_random_seed': 173262358423}
>>> ms.obfuscate_model(obf_config)
>>> obf_func = ms.load("obf_net.mindir")
>>> obf_net = nn.GraphCell(obf_func, obf_random_seed=173262358423)
>>> print(obf_net(input1).asnumpy())