Hugging Face's logo

Hironabe333
/
onnx-linearclassifier-label-map-integrity-gap-poc

ONNX
Model card Files
xet
 Community

You need to agree to share your contact information to access this model

This repository is publicly accessible, but you have to accept the conditions to access its files and content.

Log in or Sign Up to review the conditions and access this model content.

YAML Metadata Warning:empty or missing yaml metadata in repo card

Check out the documentation for more information.

ONNX LinearClassifier Class Label Mapping Integrity Gap β€” PoC

This repository contains a proof-of-concept demonstrating that the ONNX LinearClassifier operator (ai.onnx.ml domain) stores class label strings (classlabels_strings) independently from numeric classifier parameters (coefficients, intercepts). Changing only classlabels_strings while leaving the numeric parameters unchanged causes onnxruntime.InferenceSession to return a different semantic predicted label with no warning, while onnx.checker.check_model() accepts both models.

Key Finding

  • classlabels_strings and numeric parameters (coefficients, intercepts) are independent attributes
  • onnx.checker.check_model() validates attribute types β€” no semantic integrity binding between label mapping and numeric parameters
  • Raw inference scores are unchanged between original and modified models
  • Predicted label flips (dangerous β†’ benign) with no warning from checker or runtime

Evidence Summary 

OPERATOR=LinearClassifier
DOMAIN=ai.onnx.ml
ONNX_VERSION=1.21.0
ONNXRUNTIME_VERSION=1.23.2

COEFFICIENTS=[1.5]       UNCHANGED
INTERCEPTS=[-0.5]        UNCHANGED
classlabels_strings      CHANGED ONLY

CHECKER_BASELINE=PASS
CHECKER_TAMPERED=PASS

INPUT=[[2.0]]
BASELINE_PREDICTED_LABEL=dangerous   raw_scores=[-1.5, 2.5]
MODIFIED_PREDICTED_LABEL=benign      raw_scores=[-1.5, 2.5]

RAW_SCORES_UNCHANGED=True
LABEL_FLIP_CONFIRMED=True
WARNING_EMITTED=False

Requirements 

pip install onnx>=1.14.0 onnxruntime>=1.15.0 numpy>=1.23.0

Reproduction 

# Step 1: Create models
python create_onnx_label_flip.py --outdir artifacts

# Step 2: Inspect spec (no runtime required)
python inspect_onnx_spec.py artifacts/baseline.onnx artifacts/tampered_labels.onnx

# Step 3: Runtime inference
python reproduce_onnx_runtime.py artifacts/baseline.onnx artifacts/tampered_labels.onnx

Files

File Description
create_onnx_label_flip.py Creates baseline and label-map-modified ONNX models
inspect_onnx_spec.py Verifies spec properties and checker behavior
reproduce_onnx_runtime.py Runtime inference demonstrating label flip
requirements.txt Dependencies
expected_output.txt Expected script output
baseline.onnx Original model (classlabels_strings=['benign','dangerous'])
tampered_labels.onnx Modified model (classlabels_strings=['dangerous','benign'], same coefficients)
input.npy Test input x=2.0
label_mapping_diff.json Attribute change record
Downloads last month

-

Downloads are not tracked for this model. How to track
Inference Providers NEW
This model isn't deployed by any Inference Provider. πŸ™‹ Ask for provider support