From 79760db38346127277c0f6b1a7e9911eb2aee081 Mon Sep 17 00:00:00 2001
From: GitHub Actions <action@github.com>
Date: Wed, 27 Mar 2024 16:51:30 +0000
Subject: [PATCH] Update documentation

---
 ...blackbox_attacks.html => all_attacks.html} | 146 +++++++-------
 docs/attacks/gradnorm.html                    | 182 ++++++++++++++++++
 docs/attacks/index.html                       |  11 +-
 docs/attacks/loss.html                        |  10 +-
 docs/attacks/min_k.html                       |  10 +-
 docs/attacks/neighborhood.html                |  10 +-
 docs/attacks/quantile.html                    |  10 +-
 docs/attacks/reference.html                   |  10 +-
 docs/attacks/utils.html                       |  25 +--
 docs/attacks/zlib.html                        |  10 +-
 docs/models.html                              |  48 +++--
 11 files changed, 345 insertions(+), 127 deletions(-)
 rename docs/attacks/{blackbox_attacks.html => all_attacks.html} (80%)
 create mode 100644 docs/attacks/gradnorm.html

diff --git a/docs/attacks/blackbox_attacks.html b/docs/attacks/all_attacks.html
similarity index 80%
rename from docs/attacks/blackbox_attacks.html
rename to docs/attacks/all_attacks.html
index ba2426a..2f8af53 100644
--- a/docs/attacks/blackbox_attacks.html
+++ b/docs/attacks/all_attacks.html
@@ -4,7 +4,7 @@
 <meta charset="utf-8">
 <meta name="viewport" content="width=device-width, initial-scale=1, minimum-scale=1" />
 <meta name="generator" content="pdoc 0.10.0" />
-<title>mimir.attacks.blackbox_attacks API documentation</title>
+<title>mimir.attacks.all_attacks API documentation</title>
 <meta name="description" content="Enum class for attacks. Also contains the base attack class." />
 <link rel="preload stylesheet" as="style" href="https://cdnjs.cloudflare.com/ajax/libs/10up-sanitize.css/11.0.1/sanitize.min.css" integrity="sha256-PK9q560IAAa6WVRRh76LtCaI8pjTJ2z11v0miyNNjrs=" crossorigin>
 <link rel="preload stylesheet" as="style" href="https://cdnjs.cloudflare.com/ajax/libs/10up-sanitize.css/11.0.1/typography.min.css" integrity="sha256-7l/o7C8jubJiy74VsKTidCy1yBkRtiUGbVkYBylBqUg=" crossorigin>
@@ -19,7 +19,7 @@
 <main>
 <article id="content">
 <header>
-<h1 class="title">Module <code>mimir.attacks.blackbox_attacks</code></h1>
+<h1 class="title">Module <code>mimir.attacks.all_attacks</code></h1>
 </header>
 <section id="section-intro">
 <p>Enum class for attacks. Also contains the base attack class.</p>
@@ -36,22 +36,24 @@ <h1 class="title">Module <code>mimir.attacks.blackbox_attacks</code></h1>
 
 
 # Attack definitions
-class BlackBoxAttacks(str, Enum):
+class AllAttacks(str, Enum):
     LOSS = &#34;loss&#34; # Done
     REFERENCE_BASED = &#34;ref&#34; # Done
     ZLIB = &#34;zlib&#34; # Done
     MIN_K = &#34;min_k&#34; # Done
     NEIGHBOR = &#34;ne&#34; # Done
+    GRADNORM = &#34;gradnorm&#34; # Done
     # QUANTILE = &#34;quantile&#34; # Uncomment when tested implementation is available
 
 
 # Base attack class
 class Attack:
-    def __init__(self, config, target_model: Model, ref_model: Model = None):
+    def __init__(self, config, target_model: Model, ref_model: Model = None, is_blackbox: bool = True):
         self.config = config
         self.target_model = target_model
         self.ref_model = ref_model
         self.is_loaded = False
+        self.is_blackbox = is_blackbox
 
     def load(self):
         &#34;&#34;&#34;
@@ -105,9 +107,61 @@ <h1 class="title">Module <code>mimir.attacks.blackbox_attacks</code></h1>
 <section>
 <h2 class="section-title" id="header-classes">Classes</h2>
 <dl>
-<dt id="mimir.attacks.blackbox_attacks.Attack"><code class="flex name class">
+<dt id="mimir.attacks.all_attacks.AllAttacks"><code class="flex name class">
+<span>class <span class="ident">AllAttacks</span></span>
+<span>(</span><span>value, names=None, *, module=None, qualname=None, type=None, start=1)</span>
+</code></dt>
+<dd>
+<div class="desc"><p>An enumeration.</p></div>
+<details class="source">
+<summary>
+<span>Expand source code</span>
+</summary>
+<pre><code class="python">class AllAttacks(str, Enum):
+    LOSS = &#34;loss&#34; # Done
+    REFERENCE_BASED = &#34;ref&#34; # Done
+    ZLIB = &#34;zlib&#34; # Done
+    MIN_K = &#34;min_k&#34; # Done
+    NEIGHBOR = &#34;ne&#34; # Done
+    GRADNORM = &#34;gradnorm&#34; # Done
+    # QUANTILE = &#34;quantile&#34; # Uncomment when tested implementation is available</code></pre>
+</details>
+<h3>Ancestors</h3>
+<ul class="hlist">
+<li>builtins.str</li>
+<li>enum.Enum</li>
+</ul>
+<h3>Class variables</h3>
+<dl>
+<dt id="mimir.attacks.all_attacks.AllAttacks.GRADNORM"><code class="name">var <span class="ident">GRADNORM</span></code></dt>
+<dd>
+<div class="desc"></div>
+</dd>
+<dt id="mimir.attacks.all_attacks.AllAttacks.LOSS"><code class="name">var <span class="ident">LOSS</span></code></dt>
+<dd>
+<div class="desc"></div>
+</dd>
+<dt id="mimir.attacks.all_attacks.AllAttacks.MIN_K"><code class="name">var <span class="ident">MIN_K</span></code></dt>
+<dd>
+<div class="desc"></div>
+</dd>
+<dt id="mimir.attacks.all_attacks.AllAttacks.NEIGHBOR"><code class="name">var <span class="ident">NEIGHBOR</span></code></dt>
+<dd>
+<div class="desc"></div>
+</dd>
+<dt id="mimir.attacks.all_attacks.AllAttacks.REFERENCE_BASED"><code class="name">var <span class="ident">REFERENCE_BASED</span></code></dt>
+<dd>
+<div class="desc"></div>
+</dd>
+<dt id="mimir.attacks.all_attacks.AllAttacks.ZLIB"><code class="name">var <span class="ident">ZLIB</span></code></dt>
+<dd>
+<div class="desc"></div>
+</dd>
+</dl>
+</dd>
+<dt id="mimir.attacks.all_attacks.Attack"><code class="flex name class">
 <span>class <span class="ident">Attack</span></span>
-<span>(</span><span>config, target_model: <a title="mimir.models.Model" href="../models.html#mimir.models.Model">Model</a>, ref_model: <a title="mimir.models.Model" href="../models.html#mimir.models.Model">Model</a> = None)</span>
+<span>(</span><span>config, target_model: <a title="mimir.models.Model" href="../models.html#mimir.models.Model">Model</a>, ref_model: <a title="mimir.models.Model" href="../models.html#mimir.models.Model">Model</a> = None, is_blackbox: bool = True)</span>
 </code></dt>
 <dd>
 <div class="desc"></div>
@@ -116,11 +170,12 @@ <h2 class="section-title" id="header-classes">Classes</h2>
 <span>Expand source code</span>
 </summary>
 <pre><code class="python">class Attack:
-    def __init__(self, config, target_model: Model, ref_model: Model = None):
+    def __init__(self, config, target_model: Model, ref_model: Model = None, is_blackbox: bool = True):
         self.config = config
         self.target_model = target_model
         self.ref_model = ref_model
         self.is_loaded = False
+        self.is_blackbox = is_blackbox
 
     def load(self):
         &#34;&#34;&#34;
@@ -166,6 +221,7 @@ <h2 class="section-title" id="header-classes">Classes</h2>
 </details>
 <h3>Subclasses</h3>
 <ul class="hlist">
+<li><a title="mimir.attacks.gradnorm.GradNormAttack" href="gradnorm.html#mimir.attacks.gradnorm.GradNormAttack">GradNormAttack</a></li>
 <li><a title="mimir.attacks.loss.LOSSAttack" href="loss.html#mimir.attacks.loss.LOSSAttack">LOSSAttack</a></li>
 <li><a title="mimir.attacks.min_k.MinKProbAttack" href="min_k.html#mimir.attacks.min_k.MinKProbAttack">MinKProbAttack</a></li>
 <li><a title="mimir.attacks.neighborhood.NeighborhoodAttack" href="neighborhood.html#mimir.attacks.neighborhood.NeighborhoodAttack">NeighborhoodAttack</a></li>
@@ -175,7 +231,7 @@ <h3>Subclasses</h3>
 </ul>
 <h3>Methods</h3>
 <dl>
-<dt id="mimir.attacks.blackbox_attacks.Attack.attack"><code class="name flex">
+<dt id="mimir.attacks.all_attacks.Attack.attack"><code class="name flex">
 <span>def <span class="ident">attack</span></span>(<span>self, document, probs, **kwargs)</span>
 </code></dt>
 <dd>
@@ -208,7 +264,7 @@ <h3>Methods</h3>
     return score</code></pre>
 </details>
 </dd>
-<dt id="mimir.attacks.blackbox_attacks.Attack.load"><code class="name flex">
+<dt id="mimir.attacks.all_attacks.Attack.load"><code class="name flex">
 <span>def <span class="ident">load</span></span>(<span>self)</span>
 </code></dt>
 <dd>
@@ -226,7 +282,7 @@ <h3>Methods</h3>
         self.is_loaded = True</code></pre>
 </details>
 </dd>
-<dt id="mimir.attacks.blackbox_attacks.Attack.unload"><code class="name flex">
+<dt id="mimir.attacks.all_attacks.Attack.unload"><code class="name flex">
 <span>def <span class="ident">unload</span></span>(<span>self)</span>
 </code></dt>
 <dd>
@@ -243,53 +299,6 @@ <h3>Methods</h3>
 </dd>
 </dl>
 </dd>
-<dt id="mimir.attacks.blackbox_attacks.BlackBoxAttacks"><code class="flex name class">
-<span>class <span class="ident">BlackBoxAttacks</span></span>
-<span>(</span><span>value, names=None, *, module=None, qualname=None, type=None, start=1)</span>
-</code></dt>
-<dd>
-<div class="desc"><p>An enumeration.</p></div>
-<details class="source">
-<summary>
-<span>Expand source code</span>
-</summary>
-<pre><code class="python">class BlackBoxAttacks(str, Enum):
-    LOSS = &#34;loss&#34; # Done
-    REFERENCE_BASED = &#34;ref&#34; # Done
-    ZLIB = &#34;zlib&#34; # Done
-    MIN_K = &#34;min_k&#34; # Done
-    NEIGHBOR = &#34;ne&#34; # Done
-    # QUANTILE = &#34;quantile&#34; # Uncomment when tested implementation is available</code></pre>
-</details>
-<h3>Ancestors</h3>
-<ul class="hlist">
-<li>builtins.str</li>
-<li>enum.Enum</li>
-</ul>
-<h3>Class variables</h3>
-<dl>
-<dt id="mimir.attacks.blackbox_attacks.BlackBoxAttacks.LOSS"><code class="name">var <span class="ident">LOSS</span></code></dt>
-<dd>
-<div class="desc"></div>
-</dd>
-<dt id="mimir.attacks.blackbox_attacks.BlackBoxAttacks.MIN_K"><code class="name">var <span class="ident">MIN_K</span></code></dt>
-<dd>
-<div class="desc"></div>
-</dd>
-<dt id="mimir.attacks.blackbox_attacks.BlackBoxAttacks.NEIGHBOR"><code class="name">var <span class="ident">NEIGHBOR</span></code></dt>
-<dd>
-<div class="desc"></div>
-</dd>
-<dt id="mimir.attacks.blackbox_attacks.BlackBoxAttacks.REFERENCE_BASED"><code class="name">var <span class="ident">REFERENCE_BASED</span></code></dt>
-<dd>
-<div class="desc"></div>
-</dd>
-<dt id="mimir.attacks.blackbox_attacks.BlackBoxAttacks.ZLIB"><code class="name">var <span class="ident">ZLIB</span></code></dt>
-<dd>
-<div class="desc"></div>
-</dd>
-</dl>
-</dd>
 </dl>
 </section>
 </article>
@@ -312,21 +321,22 @@ <h1>Index</h1>
 <li><h3><a href="#header-classes">Classes</a></h3>
 <ul>
 <li>
-<h4><code><a title="mimir.attacks.blackbox_attacks.Attack" href="#mimir.attacks.blackbox_attacks.Attack">Attack</a></code></h4>
-<ul class="">
-<li><code><a title="mimir.attacks.blackbox_attacks.Attack.attack" href="#mimir.attacks.blackbox_attacks.Attack.attack">attack</a></code></li>
-<li><code><a title="mimir.attacks.blackbox_attacks.Attack.load" href="#mimir.attacks.blackbox_attacks.Attack.load">load</a></code></li>
-<li><code><a title="mimir.attacks.blackbox_attacks.Attack.unload" href="#mimir.attacks.blackbox_attacks.Attack.unload">unload</a></code></li>
+<h4><code><a title="mimir.attacks.all_attacks.AllAttacks" href="#mimir.attacks.all_attacks.AllAttacks">AllAttacks</a></code></h4>
+<ul class="two-column">
+<li><code><a title="mimir.attacks.all_attacks.AllAttacks.GRADNORM" href="#mimir.attacks.all_attacks.AllAttacks.GRADNORM">GRADNORM</a></code></li>
+<li><code><a title="mimir.attacks.all_attacks.AllAttacks.LOSS" href="#mimir.attacks.all_attacks.AllAttacks.LOSS">LOSS</a></code></li>
+<li><code><a title="mimir.attacks.all_attacks.AllAttacks.MIN_K" href="#mimir.attacks.all_attacks.AllAttacks.MIN_K">MIN_K</a></code></li>
+<li><code><a title="mimir.attacks.all_attacks.AllAttacks.NEIGHBOR" href="#mimir.attacks.all_attacks.AllAttacks.NEIGHBOR">NEIGHBOR</a></code></li>
+<li><code><a title="mimir.attacks.all_attacks.AllAttacks.REFERENCE_BASED" href="#mimir.attacks.all_attacks.AllAttacks.REFERENCE_BASED">REFERENCE_BASED</a></code></li>
+<li><code><a title="mimir.attacks.all_attacks.AllAttacks.ZLIB" href="#mimir.attacks.all_attacks.AllAttacks.ZLIB">ZLIB</a></code></li>
 </ul>
 </li>
 <li>
-<h4><code><a title="mimir.attacks.blackbox_attacks.BlackBoxAttacks" href="#mimir.attacks.blackbox_attacks.BlackBoxAttacks">BlackBoxAttacks</a></code></h4>
+<h4><code><a title="mimir.attacks.all_attacks.Attack" href="#mimir.attacks.all_attacks.Attack">Attack</a></code></h4>
 <ul class="">
-<li><code><a title="mimir.attacks.blackbox_attacks.BlackBoxAttacks.LOSS" href="#mimir.attacks.blackbox_attacks.BlackBoxAttacks.LOSS">LOSS</a></code></li>
-<li><code><a title="mimir.attacks.blackbox_attacks.BlackBoxAttacks.MIN_K" href="#mimir.attacks.blackbox_attacks.BlackBoxAttacks.MIN_K">MIN_K</a></code></li>
-<li><code><a title="mimir.attacks.blackbox_attacks.BlackBoxAttacks.NEIGHBOR" href="#mimir.attacks.blackbox_attacks.BlackBoxAttacks.NEIGHBOR">NEIGHBOR</a></code></li>
-<li><code><a title="mimir.attacks.blackbox_attacks.BlackBoxAttacks.REFERENCE_BASED" href="#mimir.attacks.blackbox_attacks.BlackBoxAttacks.REFERENCE_BASED">REFERENCE_BASED</a></code></li>
-<li><code><a title="mimir.attacks.blackbox_attacks.BlackBoxAttacks.ZLIB" href="#mimir.attacks.blackbox_attacks.BlackBoxAttacks.ZLIB">ZLIB</a></code></li>
+<li><code><a title="mimir.attacks.all_attacks.Attack.attack" href="#mimir.attacks.all_attacks.Attack.attack">attack</a></code></li>
+<li><code><a title="mimir.attacks.all_attacks.Attack.load" href="#mimir.attacks.all_attacks.Attack.load">load</a></code></li>
+<li><code><a title="mimir.attacks.all_attacks.Attack.unload" href="#mimir.attacks.all_attacks.Attack.unload">unload</a></code></li>
 </ul>
 </li>
 </ul>
diff --git a/docs/attacks/gradnorm.html b/docs/attacks/gradnorm.html
new file mode 100644
index 0000000..092f675
--- /dev/null
+++ b/docs/attacks/gradnorm.html
@@ -0,0 +1,182 @@
+<!doctype html>
+<html lang="en">
+<head>
+<meta charset="utf-8">
+<meta name="viewport" content="width=device-width, initial-scale=1, minimum-scale=1" />
+<meta name="generator" content="pdoc 0.10.0" />
+<title>mimir.attacks.gradnorm API documentation</title>
+<meta name="description" content="Gradient-norm attack. Proposed for MIA in multiple settings, and particularly experimented for pre-training data and LLMs in …" />
+<link rel="preload stylesheet" as="style" href="https://cdnjs.cloudflare.com/ajax/libs/10up-sanitize.css/11.0.1/sanitize.min.css" integrity="sha256-PK9q560IAAa6WVRRh76LtCaI8pjTJ2z11v0miyNNjrs=" crossorigin>
+<link rel="preload stylesheet" as="style" href="https://cdnjs.cloudflare.com/ajax/libs/10up-sanitize.css/11.0.1/typography.min.css" integrity="sha256-7l/o7C8jubJiy74VsKTidCy1yBkRtiUGbVkYBylBqUg=" crossorigin>
+<link rel="stylesheet preload" as="style" href="https://cdnjs.cloudflare.com/ajax/libs/highlight.js/10.1.1/styles/github.min.css" crossorigin>
+<style>:root{--highlight-color:#fe9}.flex{display:flex !important}body{line-height:1.5em}#content{padding:20px}#sidebar{padding:30px;overflow:hidden}#sidebar > *:last-child{margin-bottom:2cm}.http-server-breadcrumbs{font-size:130%;margin:0 0 15px 0}#footer{font-size:.75em;padding:5px 30px;border-top:1px solid #ddd;text-align:right}#footer p{margin:0 0 0 1em;display:inline-block}#footer p:last-child{margin-right:30px}h1,h2,h3,h4,h5{font-weight:300}h1{font-size:2.5em;line-height:1.1em}h2{font-size:1.75em;margin:1em 0 .50em 0}h3{font-size:1.4em;margin:25px 0 10px 0}h4{margin:0;font-size:105%}h1:target,h2:target,h3:target,h4:target,h5:target,h6:target{background:var(--highlight-color);padding:.2em 0}a{color:#058;text-decoration:none;transition:color .3s ease-in-out}a:hover{color:#e82}.title code{font-weight:bold}h2[id^="header-"]{margin-top:2em}.ident{color:#900}pre code{background:#f8f8f8;font-size:.8em;line-height:1.4em}code{background:#f2f2f1;padding:1px 4px;overflow-wrap:break-word}h1 code{background:transparent}pre{background:#f8f8f8;border:0;border-top:1px solid #ccc;border-bottom:1px solid #ccc;margin:1em 0;padding:1ex}#http-server-module-list{display:flex;flex-flow:column}#http-server-module-list div{display:flex}#http-server-module-list dt{min-width:10%}#http-server-module-list p{margin-top:0}.toc ul,#index{list-style-type:none;margin:0;padding:0}#index code{background:transparent}#index h3{border-bottom:1px solid #ddd}#index ul{padding:0}#index h4{margin-top:.6em;font-weight:bold}@media (min-width:200ex){#index .two-column{column-count:2}}@media (min-width:300ex){#index .two-column{column-count:3}}dl{margin-bottom:2em}dl dl:last-child{margin-bottom:4em}dd{margin:0 0 1em 3em}#header-classes + dl > dd{margin-bottom:3em}dd dd{margin-left:2em}dd p{margin:10px 0}.name{background:#eee;font-weight:bold;font-size:.85em;padding:5px 10px;display:inline-block;min-width:40%}.name:hover{background:#e0e0e0}dt:target .name{background:var(--highlight-color)}.name > span:first-child{white-space:nowrap}.name.class > span:nth-child(2){margin-left:.4em}.inherited{color:#999;border-left:5px solid #eee;padding-left:1em}.inheritance em{font-style:normal;font-weight:bold}.desc h2{font-weight:400;font-size:1.25em}.desc h3{font-size:1em}.desc dt code{background:inherit}.source summary,.git-link-div{color:#666;text-align:right;font-weight:400;font-size:.8em;text-transform:uppercase}.source summary > *{white-space:nowrap;cursor:pointer}.git-link{color:inherit;margin-left:1em}.source pre{max-height:500px;overflow:auto;margin:0}.source pre code{font-size:12px;overflow:visible}.hlist{list-style:none}.hlist li{display:inline}.hlist li:after{content:',\2002'}.hlist li:last-child:after{content:none}.hlist .hlist{display:inline;padding-left:1em}img{max-width:100%}td{padding:0 .5em}.admonition{padding:.1em .5em;margin-bottom:1em}.admonition-title{font-weight:bold}.admonition.note,.admonition.info,.admonition.important{background:#aef}.admonition.todo,.admonition.versionadded,.admonition.tip,.admonition.hint{background:#dfd}.admonition.warning,.admonition.versionchanged,.admonition.deprecated{background:#fd4}.admonition.error,.admonition.danger,.admonition.caution{background:lightpink}</style>
+<style media="screen and (min-width: 700px)">@media screen and (min-width:700px){#sidebar{width:30%;height:100vh;overflow:auto;position:sticky;top:0}#content{width:70%;max-width:100ch;padding:3em 4em;border-left:1px solid #ddd}pre code{font-size:1em}.item .name{font-size:1em}main{display:flex;flex-direction:row-reverse;justify-content:flex-end}.toc ul ul,#index ul{padding-left:1.5em}.toc > ul > li{margin-top:.5em}}</style>
+<style media="print">@media print{#sidebar h1{page-break-before:always}.source{display:none}}@media print{*{background:transparent !important;color:#000 !important;box-shadow:none !important;text-shadow:none !important}a[href]:after{content:" (" attr(href) ")";font-size:90%}a[href][title]:after{content:none}abbr[title]:after{content:" (" attr(title) ")"}.ir a:after,a[href^="javascript:"]:after,a[href^="#"]:after{content:""}pre,blockquote{border:1px solid #999;page-break-inside:avoid}thead{display:table-header-group}tr,img{page-break-inside:avoid}img{max-width:100% !important}@page{margin:0.5cm}p,h2,h3{orphans:3;widows:3}h1,h2,h3,h4,h5,h6{page-break-after:avoid}}</style>
+<script defer src="https://cdnjs.cloudflare.com/ajax/libs/highlight.js/10.1.1/highlight.min.js" integrity="sha256-Uv3H6lx7dJmRfRvH8TH6kJD1TSK1aFcwgx+mdg3epi8=" crossorigin></script>
+<script>window.addEventListener('DOMContentLoaded', () => hljs.initHighlighting())</script>
+</head>
+<body>
+<main>
+<article id="content">
+<header>
+<h1 class="title">Module <code>mimir.attacks.gradnorm</code></h1>
+</header>
+<section id="section-intro">
+<p>Gradient-norm attack. Proposed for MIA in multiple settings, and particularly experimented for pre-training data and LLMs in <a href="https://arxiv.org/abs/2402.17012">https://arxiv.org/abs/2402.17012</a></p>
+<details class="source">
+<summary>
+<span>Expand source code</span>
+</summary>
+<pre><code class="python">&#34;&#34;&#34;
+    Gradient-norm attack. Proposed for MIA in multiple settings, and particularly experimented for pre-training data and LLMs in https://arxiv.org/abs/2402.17012
+&#34;&#34;&#34;
+
+import torch as ch
+import numpy as np
+from mimir.attacks.all_attacks import Attack
+from mimir.models import Model
+from mimir.config import ExperimentConfig
+
+
+class GradNormAttack(Attack):
+    def __init__(self, config: ExperimentConfig, model: Model):
+        super().__init__(config, model, ref_model=None, is_blackbox=False)
+
+    def _attack(self, document, probs, tokens=None, **kwargs):
+        &#34;&#34;&#34;
+        Gradient Norm Attack. Computes p-norm of gradients w.r.t. input tokens.
+        &#34;&#34;&#34;
+        # We ignore probs here since they are computed in the general case without gradient-tracking (to save memory)
+
+        # Hyper-params specific to min-k attack
+        p: float = kwargs.get(&#34;p&#34;, np.inf)
+        if p not in [1, 2, np.inf]:
+            raise ValueError(f&#34;Invalid p-norm value: {p}.&#34;)
+
+        # Make sure model params require gradients
+        # for name, param in self.target_model.model.named_parameters():
+        #    param.requires_grad = True
+
+        # Get gradients for model parameters
+        self.target_model.model.zero_grad()
+        all_prob = self.target_model.get_probabilities(document, tokens=tokens, no_grads=False)
+        loss = - ch.mean(all_prob)
+        loss.backward()
+
+        # Compute p-norm of gradients (for all model params where grad exists)
+        grad_norms = []
+        for param in self.target_model.model.parameters():
+            if param.grad is not None:
+                grad_norms.append(param.grad.detach().norm(p))
+        grad_norm = ch.stack(grad_norms).mean()
+
+        # Zero out gradients again
+        self.target_model.model.zero_grad()
+
+        return -grad_norm.cpu().numpy()</code></pre>
+</details>
+</section>
+<section>
+</section>
+<section>
+</section>
+<section>
+</section>
+<section>
+<h2 class="section-title" id="header-classes">Classes</h2>
+<dl>
+<dt id="mimir.attacks.gradnorm.GradNormAttack"><code class="flex name class">
+<span>class <span class="ident">GradNormAttack</span></span>
+<span>(</span><span>config: <a title="mimir.config.ExperimentConfig" href="../config.html#mimir.config.ExperimentConfig">ExperimentConfig</a>, model: <a title="mimir.models.Model" href="../models.html#mimir.models.Model">Model</a>)</span>
+</code></dt>
+<dd>
+<div class="desc"></div>
+<details class="source">
+<summary>
+<span>Expand source code</span>
+</summary>
+<pre><code class="python">class GradNormAttack(Attack):
+    def __init__(self, config: ExperimentConfig, model: Model):
+        super().__init__(config, model, ref_model=None, is_blackbox=False)
+
+    def _attack(self, document, probs, tokens=None, **kwargs):
+        &#34;&#34;&#34;
+        Gradient Norm Attack. Computes p-norm of gradients w.r.t. input tokens.
+        &#34;&#34;&#34;
+        # We ignore probs here since they are computed in the general case without gradient-tracking (to save memory)
+
+        # Hyper-params specific to min-k attack
+        p: float = kwargs.get(&#34;p&#34;, np.inf)
+        if p not in [1, 2, np.inf]:
+            raise ValueError(f&#34;Invalid p-norm value: {p}.&#34;)
+
+        # Make sure model params require gradients
+        # for name, param in self.target_model.model.named_parameters():
+        #    param.requires_grad = True
+
+        # Get gradients for model parameters
+        self.target_model.model.zero_grad()
+        all_prob = self.target_model.get_probabilities(document, tokens=tokens, no_grads=False)
+        loss = - ch.mean(all_prob)
+        loss.backward()
+
+        # Compute p-norm of gradients (for all model params where grad exists)
+        grad_norms = []
+        for param in self.target_model.model.parameters():
+            if param.grad is not None:
+                grad_norms.append(param.grad.detach().norm(p))
+        grad_norm = ch.stack(grad_norms).mean()
+
+        # Zero out gradients again
+        self.target_model.model.zero_grad()
+
+        return -grad_norm.cpu().numpy()</code></pre>
+</details>
+<h3>Ancestors</h3>
+<ul class="hlist">
+<li><a title="mimir.attacks.all_attacks.Attack" href="all_attacks.html#mimir.attacks.all_attacks.Attack">Attack</a></li>
+</ul>
+<h3>Inherited members</h3>
+<ul class="hlist">
+<li><code><b><a title="mimir.attacks.all_attacks.Attack" href="all_attacks.html#mimir.attacks.all_attacks.Attack">Attack</a></b></code>:
+<ul class="hlist">
+<li><code><a title="mimir.attacks.all_attacks.Attack.attack" href="all_attacks.html#mimir.attacks.all_attacks.Attack.attack">attack</a></code></li>
+<li><code><a title="mimir.attacks.all_attacks.Attack.load" href="all_attacks.html#mimir.attacks.all_attacks.Attack.load">load</a></code></li>
+</ul>
+</li>
+</ul>
+</dd>
+</dl>
+</section>
+</article>
+<nav id="sidebar">
+<header>
+<a class="homelink" rel="home" title="MIMIR Home" href="https://iamgroot42.github.io/mimir/">
+<img src="https://raw.githubusercontent.com/iamgroot42/mimir/8ed6886fb6df7a72f2f0f398688f48b68c5f48b0/assets/logo.png" alt="MIMIR">
+</a>
+</header>
+<h1>Index</h1>
+<div class="toc">
+<ul></ul>
+</div>
+<ul id="index">
+<li><h3>Super-module</h3>
+<ul>
+<li><code><a title="mimir.attacks" href="index.html">mimir.attacks</a></code></li>
+</ul>
+</li>
+<li><h3><a href="#header-classes">Classes</a></h3>
+<ul>
+<li>
+<h4><code><a title="mimir.attacks.gradnorm.GradNormAttack" href="#mimir.attacks.gradnorm.GradNormAttack">GradNormAttack</a></code></h4>
+</li>
+</ul>
+</li>
+</ul>
+</nav>
+</main>
+<footer id="footer">
+<p>Generated by <a href="https://pdoc3.github.io/pdoc" title="pdoc: Python API documentation generator"><cite>pdoc</cite> 0.10.0</a>.</p>
+</footer>
+</body>
+</html>
\ No newline at end of file
diff --git a/docs/attacks/index.html b/docs/attacks/index.html
index 39c2b24..66733df 100644
--- a/docs/attacks/index.html
+++ b/docs/attacks/index.html
@@ -35,13 +35,17 @@ <h1 class="title">Module <code>mimir.attacks</code></h1>
 <section>
 <h2 class="section-title" id="header-submodules">Sub-modules</h2>
 <dl>
+<dt><code class="name"><a title="mimir.attacks.all_attacks" href="all_attacks.html">mimir.attacks.all_attacks</a></code></dt>
+<dd>
+<div class="desc"><p>Enum class for attacks. Also contains the base attack class.</p></div>
+</dd>
 <dt><code class="name"><a title="mimir.attacks.attack_utils" href="attack_utils.html">mimir.attacks.attack_utils</a></code></dt>
 <dd>
 <div class="desc"><p>Utility functions for attacks</p></div>
 </dd>
-<dt><code class="name"><a title="mimir.attacks.blackbox_attacks" href="blackbox_attacks.html">mimir.attacks.blackbox_attacks</a></code></dt>
+<dt><code class="name"><a title="mimir.attacks.gradnorm" href="gradnorm.html">mimir.attacks.gradnorm</a></code></dt>
 <dd>
-<div class="desc"><p>Enum class for attacks. Also contains the base attack class.</p></div>
+<div class="desc"><p>Gradient-norm attack. Proposed for MIA in multiple settings, and particularly experimented for pre-training data and LLMs in …</p></div>
 </dd>
 <dt><code class="name"><a title="mimir.attacks.loss" href="loss.html">mimir.attacks.loss</a></code></dt>
 <dd>
@@ -99,8 +103,9 @@ <h1>Index</h1>
 </li>
 <li><h3><a href="#header-submodules">Sub-modules</a></h3>
 <ul>
+<li><code><a title="mimir.attacks.all_attacks" href="all_attacks.html">mimir.attacks.all_attacks</a></code></li>
 <li><code><a title="mimir.attacks.attack_utils" href="attack_utils.html">mimir.attacks.attack_utils</a></code></li>
-<li><code><a title="mimir.attacks.blackbox_attacks" href="blackbox_attacks.html">mimir.attacks.blackbox_attacks</a></code></li>
+<li><code><a title="mimir.attacks.gradnorm" href="gradnorm.html">mimir.attacks.gradnorm</a></code></li>
 <li><code><a title="mimir.attacks.loss" href="loss.html">mimir.attacks.loss</a></code></li>
 <li><code><a title="mimir.attacks.min_k" href="min_k.html">mimir.attacks.min_k</a></code></li>
 <li><code><a title="mimir.attacks.neighborhood" href="neighborhood.html">mimir.attacks.neighborhood</a></code></li>
diff --git a/docs/attacks/loss.html b/docs/attacks/loss.html
index f9007d2..9e2b6e0 100644
--- a/docs/attacks/loss.html
+++ b/docs/attacks/loss.html
@@ -31,7 +31,7 @@ <h1 class="title">Module <code>mimir.attacks.loss</code></h1>
     Straight-forward LOSS attack, as described in https://ieeexplore.ieee.org/abstract/document/8429311
 &#34;&#34;&#34;
 import torch as ch
-from mimir.attacks.blackbox_attacks import Attack
+from mimir.attacks.all_attacks import Attack
 from mimir.models import Model
 from mimir.config import ExperimentConfig
 
@@ -82,14 +82,14 @@ <h2 class="section-title" id="header-classes">Classes</h2>
 </details>
 <h3>Ancestors</h3>
 <ul class="hlist">
-<li><a title="mimir.attacks.blackbox_attacks.Attack" href="blackbox_attacks.html#mimir.attacks.blackbox_attacks.Attack">Attack</a></li>
+<li><a title="mimir.attacks.all_attacks.Attack" href="all_attacks.html#mimir.attacks.all_attacks.Attack">Attack</a></li>
 </ul>
 <h3>Inherited members</h3>
 <ul class="hlist">
-<li><code><b><a title="mimir.attacks.blackbox_attacks.Attack" href="blackbox_attacks.html#mimir.attacks.blackbox_attacks.Attack">Attack</a></b></code>:
+<li><code><b><a title="mimir.attacks.all_attacks.Attack" href="all_attacks.html#mimir.attacks.all_attacks.Attack">Attack</a></b></code>:
 <ul class="hlist">
-<li><code><a title="mimir.attacks.blackbox_attacks.Attack.attack" href="blackbox_attacks.html#mimir.attacks.blackbox_attacks.Attack.attack">attack</a></code></li>
-<li><code><a title="mimir.attacks.blackbox_attacks.Attack.load" href="blackbox_attacks.html#mimir.attacks.blackbox_attacks.Attack.load">load</a></code></li>
+<li><code><a title="mimir.attacks.all_attacks.Attack.attack" href="all_attacks.html#mimir.attacks.all_attacks.Attack.attack">attack</a></code></li>
+<li><code><a title="mimir.attacks.all_attacks.Attack.load" href="all_attacks.html#mimir.attacks.all_attacks.Attack.load">load</a></code></li>
 </ul>
 </li>
 </ul>
diff --git a/docs/attacks/min_k.html b/docs/attacks/min_k.html
index 06545d8..375ac50 100644
--- a/docs/attacks/min_k.html
+++ b/docs/attacks/min_k.html
@@ -32,7 +32,7 @@ <h1 class="title">Module <code>mimir.attacks.min_k</code></h1>
 &#34;&#34;&#34;
 import torch as ch
 import numpy as np
-from mimir.attacks.blackbox_attacks import Attack
+from mimir.attacks.all_attacks import Attack
 from mimir.models import Model
 from mimir.config import ExperimentConfig
 
@@ -117,14 +117,14 @@ <h2 class="section-title" id="header-classes">Classes</h2>
 </details>
 <h3>Ancestors</h3>
 <ul class="hlist">
-<li><a title="mimir.attacks.blackbox_attacks.Attack" href="blackbox_attacks.html#mimir.attacks.blackbox_attacks.Attack">Attack</a></li>
+<li><a title="mimir.attacks.all_attacks.Attack" href="all_attacks.html#mimir.attacks.all_attacks.Attack">Attack</a></li>
 </ul>
 <h3>Inherited members</h3>
 <ul class="hlist">
-<li><code><b><a title="mimir.attacks.blackbox_attacks.Attack" href="blackbox_attacks.html#mimir.attacks.blackbox_attacks.Attack">Attack</a></b></code>:
+<li><code><b><a title="mimir.attacks.all_attacks.Attack" href="all_attacks.html#mimir.attacks.all_attacks.Attack">Attack</a></b></code>:
 <ul class="hlist">
-<li><code><a title="mimir.attacks.blackbox_attacks.Attack.attack" href="blackbox_attacks.html#mimir.attacks.blackbox_attacks.Attack.attack">attack</a></code></li>
-<li><code><a title="mimir.attacks.blackbox_attacks.Attack.load" href="blackbox_attacks.html#mimir.attacks.blackbox_attacks.Attack.load">load</a></code></li>
+<li><code><a title="mimir.attacks.all_attacks.Attack.attack" href="all_attacks.html#mimir.attacks.all_attacks.Attack.attack">attack</a></code></li>
+<li><code><a title="mimir.attacks.all_attacks.Attack.load" href="all_attacks.html#mimir.attacks.all_attacks.Attack.load">load</a></code></li>
 </ul>
 </li>
 </ul>
diff --git a/docs/attacks/neighborhood.html b/docs/attacks/neighborhood.html
index 90cb325..211105d 100644
--- a/docs/attacks/neighborhood.html
+++ b/docs/attacks/neighborhood.html
@@ -43,7 +43,7 @@ <h1 class="title">Module <code>mimir.attacks.neighborhood</code></h1>
 from mimir.config import ExperimentConfig
 from mimir.attacks.attack_utils import count_masks, apply_extracted_fills
 from mimir.models import Model, ReferenceModel
-from mimir.attacks.blackbox_attacks import Attack
+from mimir.attacks.all_attacks import Attack
 
 
 class NeighborhoodAttack(Attack):
@@ -1278,7 +1278,7 @@ <h3>Inherited members</h3>
 </details>
 <h3>Ancestors</h3>
 <ul class="hlist">
-<li><a title="mimir.attacks.blackbox_attacks.Attack" href="blackbox_attacks.html#mimir.attacks.blackbox_attacks.Attack">Attack</a></li>
+<li><a title="mimir.attacks.all_attacks.Attack" href="all_attacks.html#mimir.attacks.all_attacks.Attack">Attack</a></li>
 </ul>
 <h3>Methods</h3>
 <dl>
@@ -1353,10 +1353,10 @@ <h3>Methods</h3>
 </dl>
 <h3>Inherited members</h3>
 <ul class="hlist">
-<li><code><b><a title="mimir.attacks.blackbox_attacks.Attack" href="blackbox_attacks.html#mimir.attacks.blackbox_attacks.Attack">Attack</a></b></code>:
+<li><code><b><a title="mimir.attacks.all_attacks.Attack" href="all_attacks.html#mimir.attacks.all_attacks.Attack">Attack</a></b></code>:
 <ul class="hlist">
-<li><code><a title="mimir.attacks.blackbox_attacks.Attack.attack" href="blackbox_attacks.html#mimir.attacks.blackbox_attacks.Attack.attack">attack</a></code></li>
-<li><code><a title="mimir.attacks.blackbox_attacks.Attack.load" href="blackbox_attacks.html#mimir.attacks.blackbox_attacks.Attack.load">load</a></code></li>
+<li><code><a title="mimir.attacks.all_attacks.Attack.attack" href="all_attacks.html#mimir.attacks.all_attacks.Attack.attack">attack</a></code></li>
+<li><code><a title="mimir.attacks.all_attacks.Attack.load" href="all_attacks.html#mimir.attacks.all_attacks.Attack.load">load</a></code></li>
 </ul>
 </li>
 </ul>
diff --git a/docs/attacks/quantile.html b/docs/attacks/quantile.html
index 817ee02..6e42fbd 100644
--- a/docs/attacks/quantile.html
+++ b/docs/attacks/quantile.html
@@ -40,7 +40,7 @@ <h1 class="title">Module <code>mimir.attacks.quantile</code></h1>
 from transformers import TrainingArguments, Trainer
 from datasets import Dataset
 
-from mimir.attacks.blackbox_attacks import Attack
+from mimir.attacks.all_attacks import Attack
 
 
 class CustomTrainer(Trainer):
@@ -388,7 +388,7 @@ <h3>Methods</h3>
 </details>
 <h3>Ancestors</h3>
 <ul class="hlist">
-<li><a title="mimir.attacks.blackbox_attacks.Attack" href="blackbox_attacks.html#mimir.attacks.blackbox_attacks.Attack">Attack</a></li>
+<li><a title="mimir.attacks.all_attacks.Attack" href="all_attacks.html#mimir.attacks.all_attacks.Attack">Attack</a></li>
 </ul>
 <h3>Methods</h3>
 <dl>
@@ -425,10 +425,10 @@ <h3>Methods</h3>
 </dl>
 <h3>Inherited members</h3>
 <ul class="hlist">
-<li><code><b><a title="mimir.attacks.blackbox_attacks.Attack" href="blackbox_attacks.html#mimir.attacks.blackbox_attacks.Attack">Attack</a></b></code>:
+<li><code><b><a title="mimir.attacks.all_attacks.Attack" href="all_attacks.html#mimir.attacks.all_attacks.Attack">Attack</a></b></code>:
 <ul class="hlist">
-<li><code><a title="mimir.attacks.blackbox_attacks.Attack.attack" href="blackbox_attacks.html#mimir.attacks.blackbox_attacks.Attack.attack">attack</a></code></li>
-<li><code><a title="mimir.attacks.blackbox_attacks.Attack.load" href="blackbox_attacks.html#mimir.attacks.blackbox_attacks.Attack.load">load</a></code></li>
+<li><code><a title="mimir.attacks.all_attacks.Attack.attack" href="all_attacks.html#mimir.attacks.all_attacks.Attack.attack">attack</a></code></li>
+<li><code><a title="mimir.attacks.all_attacks.Attack.load" href="all_attacks.html#mimir.attacks.all_attacks.Attack.load">load</a></code></li>
 </ul>
 </li>
 </ul>
diff --git a/docs/attacks/reference.html b/docs/attacks/reference.html
index fdc20a8..7d1dd6d 100644
--- a/docs/attacks/reference.html
+++ b/docs/attacks/reference.html
@@ -30,7 +30,7 @@ <h1 class="title">Module <code>mimir.attacks.reference</code></h1>
 <pre><code class="python">&#34;&#34;&#34;
     Reference-based attacks.
 &#34;&#34;&#34;
-from mimir.attacks.blackbox_attacks import Attack
+from mimir.attacks.all_attacks import Attack
 from mimir.models import Model, ReferenceModel
 from mimir.config import ExperimentConfig
 
@@ -95,14 +95,14 @@ <h2 class="section-title" id="header-classes">Classes</h2>
 </details>
 <h3>Ancestors</h3>
 <ul class="hlist">
-<li><a title="mimir.attacks.blackbox_attacks.Attack" href="blackbox_attacks.html#mimir.attacks.blackbox_attacks.Attack">Attack</a></li>
+<li><a title="mimir.attacks.all_attacks.Attack" href="all_attacks.html#mimir.attacks.all_attacks.Attack">Attack</a></li>
 </ul>
 <h3>Inherited members</h3>
 <ul class="hlist">
-<li><code><b><a title="mimir.attacks.blackbox_attacks.Attack" href="blackbox_attacks.html#mimir.attacks.blackbox_attacks.Attack">Attack</a></b></code>:
+<li><code><b><a title="mimir.attacks.all_attacks.Attack" href="all_attacks.html#mimir.attacks.all_attacks.Attack">Attack</a></b></code>:
 <ul class="hlist">
-<li><code><a title="mimir.attacks.blackbox_attacks.Attack.attack" href="blackbox_attacks.html#mimir.attacks.blackbox_attacks.Attack.attack">attack</a></code></li>
-<li><code><a title="mimir.attacks.blackbox_attacks.Attack.load" href="blackbox_attacks.html#mimir.attacks.blackbox_attacks.Attack.load">load</a></code></li>
+<li><code><a title="mimir.attacks.all_attacks.Attack.attack" href="all_attacks.html#mimir.attacks.all_attacks.Attack.attack">attack</a></code></li>
+<li><code><a title="mimir.attacks.all_attacks.Attack.load" href="all_attacks.html#mimir.attacks.all_attacks.Attack.load">load</a></code></li>
 </ul>
 </li>
 </ul>
diff --git a/docs/attacks/utils.html b/docs/attacks/utils.html
index 01cd8c0..6ec49c8 100644
--- a/docs/attacks/utils.html
+++ b/docs/attacks/utils.html
@@ -26,23 +26,25 @@ <h1 class="title">Module <code>mimir.attacks.utils</code></h1>
 <summary>
 <span>Expand source code</span>
 </summary>
-<pre><code class="python">from mimir.attacks.blackbox_attacks import BlackBoxAttacks
+<pre><code class="python">from mimir.attacks.all_attacks import AllAttacks
 
 from mimir.attacks.loss import LOSSAttack
 from mimir.attacks.reference import ReferenceAttack
 from mimir.attacks.zlib import ZLIBAttack
 from mimir.attacks.min_k import MinKProbAttack
 from mimir.attacks.neighborhood import NeighborhoodAttack
+from mimir.attacks.gradnorm import GradNormAttack
 
 
 # TODO Use decorators to link attack implementations with enum above
 def get_attacker(attack: str):
     mapping = {
-        BlackBoxAttacks.LOSS: LOSSAttack,
-        BlackBoxAttacks.REFERENCE_BASED: ReferenceAttack,
-        BlackBoxAttacks.ZLIB: ZLIBAttack,
-        BlackBoxAttacks.MIN_K: MinKProbAttack,
-        BlackBoxAttacks.NEIGHBOR: NeighborhoodAttack,
+        AllAttacks.LOSS: LOSSAttack,
+        AllAttacks.REFERENCE_BASED: ReferenceAttack,
+        AllAttacks.ZLIB: ZLIBAttack,
+        AllAttacks.MIN_K: MinKProbAttack,
+        AllAttacks.NEIGHBOR: NeighborhoodAttack,
+        AllAttacks.GRADNORM: GradNormAttack,
     }
     attack_cls = mapping.get(attack, None)
     if attack_cls is None:
@@ -68,11 +70,12 @@ <h2 class="section-title" id="header-functions">Functions</h2>
 </summary>
 <pre><code class="python">def get_attacker(attack: str):
     mapping = {
-        BlackBoxAttacks.LOSS: LOSSAttack,
-        BlackBoxAttacks.REFERENCE_BASED: ReferenceAttack,
-        BlackBoxAttacks.ZLIB: ZLIBAttack,
-        BlackBoxAttacks.MIN_K: MinKProbAttack,
-        BlackBoxAttacks.NEIGHBOR: NeighborhoodAttack,
+        AllAttacks.LOSS: LOSSAttack,
+        AllAttacks.REFERENCE_BASED: ReferenceAttack,
+        AllAttacks.ZLIB: ZLIBAttack,
+        AllAttacks.MIN_K: MinKProbAttack,
+        AllAttacks.NEIGHBOR: NeighborhoodAttack,
+        AllAttacks.GRADNORM: GradNormAttack,
     }
     attack_cls = mapping.get(attack, None)
     if attack_cls is None:
diff --git a/docs/attacks/zlib.html b/docs/attacks/zlib.html
index aa463d0..fda63ec 100644
--- a/docs/attacks/zlib.html
+++ b/docs/attacks/zlib.html
@@ -34,7 +34,7 @@ <h1 class="title">Module <code>mimir.attacks.zlib</code></h1>
 import torch as ch
 import zlib
 
-from mimir.attacks.blackbox_attacks import Attack
+from mimir.attacks.all_attacks import Attack
 from mimir.models import Model
 from mimir.config import ExperimentConfig
 
@@ -109,14 +109,14 @@ <h2 class="section-title" id="header-classes">Classes</h2>
 </details>
 <h3>Ancestors</h3>
 <ul class="hlist">
-<li><a title="mimir.attacks.blackbox_attacks.Attack" href="blackbox_attacks.html#mimir.attacks.blackbox_attacks.Attack">Attack</a></li>
+<li><a title="mimir.attacks.all_attacks.Attack" href="all_attacks.html#mimir.attacks.all_attacks.Attack">Attack</a></li>
 </ul>
 <h3>Inherited members</h3>
 <ul class="hlist">
-<li><code><b><a title="mimir.attacks.blackbox_attacks.Attack" href="blackbox_attacks.html#mimir.attacks.blackbox_attacks.Attack">Attack</a></b></code>:
+<li><code><b><a title="mimir.attacks.all_attacks.Attack" href="all_attacks.html#mimir.attacks.all_attacks.Attack">Attack</a></b></code>:
 <ul class="hlist">
-<li><code><a title="mimir.attacks.blackbox_attacks.Attack.attack" href="blackbox_attacks.html#mimir.attacks.blackbox_attacks.Attack.attack">attack</a></code></li>
-<li><code><a title="mimir.attacks.blackbox_attacks.Attack.load" href="blackbox_attacks.html#mimir.attacks.blackbox_attacks.Attack.load">load</a></code></li>
+<li><code><a title="mimir.attacks.all_attacks.Attack.attack" href="all_attacks.html#mimir.attacks.all_attacks.Attack.attack">attack</a></code></li>
+<li><code><a title="mimir.attacks.all_attacks.Attack.load" href="all_attacks.html#mimir.attacks.all_attacks.Attack.load">load</a></code></li>
 </ul>
 </li>
 </ul>
diff --git a/docs/models.html b/docs/models.html
index b46f2ec..9638c98 100644
--- a/docs/models.html
+++ b/docs/models.html
@@ -136,10 +136,15 @@ <h1 class="title">Module <code>mimir.models</code></h1>
                 target_ids = input_ids.clone()
                 target_ids[:, :-trg_len] = -100
 
-                logits = self.model(input_ids, labels=target_ids).logits.cpu()
+                logits = self.model(input_ids, labels=target_ids).logits
+                if no_grads:
+                    logits = logits.cpu()
                 shift_logits = logits[..., :-1, :].contiguous()
                 probabilities = torch.nn.functional.log_softmax(shift_logits, dim=-1)
-                shift_labels = target_ids[..., 1:].cpu().contiguous()
+                shift_labels = target_ids[..., 1:]
+                if no_grads:
+                    shift_labels = shift_labels.cpu()
+                shift_labels = shift_labels.contiguous()
                 labels_processed = shift_labels[0]
 
                 del input_ids
@@ -154,9 +159,10 @@ <h1 class="title">Module <code>mimir.models</code></h1>
             # Should be equal to # of tokens - 1 to account for shift
             assert len(all_prob) == labels.size(1) - 1
 
-            if no_grads:
-                return all_prob
-            return torch.tensor(all_prob)
+        if not no_grads:
+            all_prob = torch.stack(all_prob)
+
+        return all_prob
 
     @torch.no_grad()
     def get_ll(self,
@@ -1275,10 +1281,15 @@ <h3>Inherited members</h3>
                 target_ids = input_ids.clone()
                 target_ids[:, :-trg_len] = -100
 
-                logits = self.model(input_ids, labels=target_ids).logits.cpu()
+                logits = self.model(input_ids, labels=target_ids).logits
+                if no_grads:
+                    logits = logits.cpu()
                 shift_logits = logits[..., :-1, :].contiguous()
                 probabilities = torch.nn.functional.log_softmax(shift_logits, dim=-1)
-                shift_labels = target_ids[..., 1:].cpu().contiguous()
+                shift_labels = target_ids[..., 1:]
+                if no_grads:
+                    shift_labels = shift_labels.cpu()
+                shift_labels = shift_labels.contiguous()
                 labels_processed = shift_labels[0]
 
                 del input_ids
@@ -1293,9 +1304,10 @@ <h3>Inherited members</h3>
             # Should be equal to # of tokens - 1 to account for shift
             assert len(all_prob) == labels.size(1) - 1
 
-            if no_grads:
-                return all_prob
-            return torch.tensor(all_prob)
+        if not no_grads:
+            all_prob = torch.stack(all_prob)
+
+        return all_prob
 
     @torch.no_grad()
     def get_ll(self,
@@ -1555,10 +1567,15 @@ <h2 id="returns">Returns</h2>
             target_ids = input_ids.clone()
             target_ids[:, :-trg_len] = -100
 
-            logits = self.model(input_ids, labels=target_ids).logits.cpu()
+            logits = self.model(input_ids, labels=target_ids).logits
+            if no_grads:
+                logits = logits.cpu()
             shift_logits = logits[..., :-1, :].contiguous()
             probabilities = torch.nn.functional.log_softmax(shift_logits, dim=-1)
-            shift_labels = target_ids[..., 1:].cpu().contiguous()
+            shift_labels = target_ids[..., 1:]
+            if no_grads:
+                shift_labels = shift_labels.cpu()
+            shift_labels = shift_labels.contiguous()
             labels_processed = shift_labels[0]
 
             del input_ids
@@ -1573,9 +1590,10 @@ <h2 id="returns">Returns</h2>
         # Should be equal to # of tokens - 1 to account for shift
         assert len(all_prob) == labels.size(1) - 1
 
-        if no_grads:
-            return all_prob
-        return torch.tensor(all_prob)</code></pre>
+    if not no_grads:
+        all_prob = torch.stack(all_prob)
+
+    return all_prob</code></pre>
 </details>
 </dd>
 <dt id="mimir.models.Model.load"><code class="name flex">