The modelscan package is a cli tool for detecting unsafe operations in model files across various model serialization formats.

Navigation

Verified details

These details have been verified by PyPI
Maintainers
Avatar for cherbel from gravatar.com cherbel Avatar for protectai from gravatar.com protectai

Unverified details

These details have not been verified by PyPI
Meta
  • License: Apache Software License (Apache-2.0)
  • Author: ProtectAI
  • Requires: Python >=3.8, <3.11
Classifiers
Report project as malware

Project description

modelscan

# malicious code injection 
command = "system"
malicious_code = """cat ~/.aws/secrets"""


modelscan is an open-source tool for scanning Machine Learning (ML) models. With modelscan, the ML models can be scanned *without* loading them in your machines: saving you from potential malicious code injection attacks.





How modelscan works




Fig 1: An outline for scanning models using modelscan.


TODO: Add a gif here like NBDefense to show how modelscan works- example notebook from pytorch



Getting Started

  1. Install modelscan:

    pip install modelscan

  2. Scan the model:

    For scanning model from local directory:

    modelscan -p /path/to/model_file

    For scanning model from huggingface:

    modelscan -hf /repo_id/model_file

  3. Inspect the modelscan result:

    The modelscan results include:

    • List of files scanned.
    • List of files not scanned.
    • A summery of scan results categorized using modelscan severity levels of: CRITICAL, HIGH, MEDIUM, and LOW.
    • A detailed list under each severity level of the malicious code found.

    More information on which ML models will be scanned using modelscan can be found here

    More information about modelscan severity levels can be found here.



Which ML Models can be Scanned using modelscan

At the moment, modelscan supports the following ML libraries.

PyTorch

Pytorch models can be saved and loaded using pickle. modelscan can scan models saved using pickle. A notebook to illustarate the modelscan usage and expected results with pytorch model is included in ./examples folder. [TODO]

Tensorflow

Tensorflow uses saved_model for model serialization. modelscan can scan models saved using saved_model. A notebook to illustarate the modelscan usage and expected results with tensorflow model is included in ./examples folder. [TODO]

Keras

Keras uses saved_model and h5 for model serialization. modelscan can scan models saved using saved_model and h5. A notebook to illustarate the modelscan usage and expected results with keras model is included in ./examples folder. [TODO]



Classical ML libraries

modelscan also supports all ML libraries that support pickle for their model serialization, such as Sklearn, XGBoost, Catboost etc. A notebook to illustarate the modelscan usage and expected results with keras model is included in ./examples folder. [TODO]



Example Notebooks

TODO



modelscan CLI arguments:

The modelscan CLI arguments and their usage is as follows:

argument Exaplanation Usage
-h or --help For getting help modelscan -h
-p or --path For scanning a model file in local directory modelscan -p /path/to/model_file
-hf or --huggingface For scanning a model file on hugging face modelscan -hf /repo/model_file



Contributing

We would love to have you contribute to our open source modelscan project. If you would like to contribute, please follow the details on Contribution page.

Project details

Verified details

These details have been verified by PyPI
Maintainers
Avatar for cherbel from gravatar.com cherbel Avatar for protectai from gravatar.com protectai

Unverified details

These details have not been verified by PyPI
Meta
  • License: Apache Software License (Apache-2.0)
  • Author: ProtectAI
  • Requires: Python >=3.8, <3.11
Classifiers

Release history Release notifications | RSS feed

0.8.8

0.8.7

0.8.6

0.8.5

0.8.4

0.8.3

0.8.2

0.8.1

0.8.0

0.7.6

0.7.5

0.7.4

0.7.3

0.7.2

0.7.1

0.7.0

0.6.0

0.5.2

0.5.1

0.5.0

0.4.3

0.4.2

0.4.1

0.4.0

0.3.0

0.2.0

This version

0.1.1

0.1.0

Download files

Download the file for your platform. If you're not sure which to choose, learn more about installing packages.

Source Distribution

modelscan-0.1.1.tar.gz (17.9 kB view details)

Uploaded Source

Built Distribution

If you're not sure about the file name format, learn more about wheel file names.

modelscan-0.1.1-py3-none-any.whl (22.3 kB view details)

Uploaded Python 3

File details

Details for the file modelscan-0.1.1.tar.gz.

File metadata

  • Download URL: modelscan-0.1.1.tar.gz
  • Upload date:
  • Size: 17.9 kB
  • Tags: Source
  • Uploaded using Trusted Publishing? No
  • Uploaded via: poetry/1.5.1 CPython/3.8.17 Linux/5.15.0-1041-azure

File hashes

Hashes for modelscan-0.1.1.tar.gz
Algorithm Hash digest
SHA256 623ca589d6e2e866c20dfdabb56f9abcf770242475064d29a3fcfe5ea118d44e
MD5 b7e2ae270a8d0604f3f5b08425199fe5
BLAKE2b-256 e6a5cbc6d1141ca4a507f88ef20a0f761acb82e3054e5af27952b306ef118292

See more details on using hashes here.

File details

Details for the file modelscan-0.1.1-py3-none-any.whl.

File metadata

  • Download URL: modelscan-0.1.1-py3-none-any.whl
  • Upload date:
  • Size: 22.3 kB
  • Tags: Python 3
  • Uploaded using Trusted Publishing? No
  • Uploaded via: poetry/1.5.1 CPython/3.8.17 Linux/5.15.0-1041-azure

File hashes

Hashes for modelscan-0.1.1-py3-none-any.whl
Algorithm Hash digest
SHA256 6ae0c1dfb8d50087b5591eb59ffa7c8684f6fc736f277d7fcd64c7b874aae4b6
MD5 cce9f6e1611620a4ec9106dc79098fb3
BLAKE2b-256 bf6edda8f775b53c307bd59042a7d20143b3f0d068e9b9c6776cf07a28ce208d

See more details on using hashes here.

Supported by

AWS Cloud computing and Security Sponsor Datadog Monitoring Depot Continuous Integration Fastly CDN Google Download Analytics Pingdom Monitoring Sentry Error logging StatusPage Status page