Skip to content

modelpoison

modelpoison(model, poisoned_ratio, noise_type='gaussian')

Adds random noise to the parameters of a model for the purpose of data poisoning.

This function modifies the model's parameters by injecting noise according to the specified noise type and ratio. Various types of noise can be applied, including salt noise, Gaussian noise, and salt-and-pepper noise.

Parameters:

Name Type Description Default
model OrderedDict

The model's parameters organized as an OrderedDict. Each key corresponds to a layer, and each value is a tensor representing the parameters of that layer.

required
poisoned_ratio float

The proportion of noise to apply, expressed as a fraction (0 <= poisoned_ratio <= 1).

required
noise_type str

The type of noise to apply to the model parameters. Supported types are: - "salt": Applies salt noise, replacing random elements with 1. - "gaussian": Applies Gaussian-distributed additive noise. - "s&p": Applies salt-and-pepper noise, replacing random elements with either 1 or low_val. Default is "gaussian".

'gaussian'

Returns:

Name Type Description
OrderedDict

A new OrderedDict containing the model parameters with noise added.

Raises:

Type Description
ValueError

If poisoned_ratio is not between 0 and 1, or if noise_type is unsupported.

Notes
  • If a layer's tensor is a single point (0-dimensional), it will be reshaped for processing.
  • Unsupported noise types will result in an error message, and the original tensor will be retained.
Source code in nebula/addons/attacks/poisoning/modelpoison.py
 7
 8
 9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
def modelpoison(model: OrderedDict, poisoned_ratio, noise_type="gaussian"):
    """
    Adds random noise to the parameters of a model for the purpose of data poisoning.

    This function modifies the model's parameters by injecting noise according to the specified
    noise type and ratio. Various types of noise can be applied, including salt noise, Gaussian
    noise, and salt-and-pepper noise.

    Args:
        model (OrderedDict): The model's parameters organized as an `OrderedDict`. Each key corresponds
                             to a layer, and each value is a tensor representing the parameters of that layer.
        poisoned_ratio (float): The proportion of noise to apply, expressed as a fraction (0 <= poisoned_ratio <= 1).
        noise_type (str, optional): The type of noise to apply to the model parameters. Supported types are:
                                    - "salt": Applies salt noise, replacing random elements with 1.
                                    - "gaussian": Applies Gaussian-distributed additive noise.
                                    - "s&p": Applies salt-and-pepper noise, replacing random elements with either 1 or low_val.
                                    Default is "gaussian".

    Returns:
        OrderedDict: A new `OrderedDict` containing the model parameters with noise added.

    Raises:
        ValueError: If `poisoned_ratio` is not between 0 and 1, or if `noise_type` is unsupported.

    Notes:
        - If a layer's tensor is a single point (0-dimensional), it will be reshaped for processing.
        - Unsupported noise types will result in an error message, and the original tensor will be retained.
    """
    poisoned_model = OrderedDict()
    if not isinstance(noise_type, str):
        noise_type = noise_type[0]

    for layer in model:
        bt = model[layer]
        t = bt.detach().clone()
        single_point = False
        if len(t.shape) == 0:
            t = t.view(-1)
            single_point = True
        # print(t)
        if noise_type == "salt":
            # Replaces random pixels with 1.
            poisoned = torch.tensor(random_noise(t, mode=noise_type, amount=poisoned_ratio))
        elif noise_type == "gaussian":
            # Gaussian-distributed additive noise.
            poisoned = torch.tensor(random_noise(t, mode=noise_type, mean=0, var=poisoned_ratio, clip=True))
        elif noise_type == "s&p":
            # Replaces random pixels with either 1 or low_val, where low_val is 0 for unsigned images or -1 for signed images.
            poisoned = torch.tensor(random_noise(t, mode=noise_type, amount=poisoned_ratio))
        else:
            print("ERROR: poison attack type not supported.")
            poisoned = t
        if single_point:
            poisoned = poisoned[0]
        poisoned_model[layer] = poisoned

    return poisoned_model