YAML Metadata Warning:empty or missing yaml metadata in repo card
Check out the documentation for more information.
ShadowCNN Keras (.keras) - ShadowLogic PoC
Overview
Proof of concept demonstrating a graph-level backdoor in Keras Native (.keras) format that bypasses ModelScan 0.8.8 active scanning.
Architecture
- Format: Keras Native (.keras) - ZIP containing config.json + model.weights.h5
- API: Keras Functional API with standard layers only
- Layers used: Conv2D, MaxPooling2D, Cropping2D, GlobalAveragePooling2D, Flatten, Dense, Multiply, Add
- No Lambda layers, no custom objects, no subclassing
Trigger
- 2x2 red patch (R=1.0, G=0.0, B=0.0) in top-left corner of 32x32x3 input
- Detected by weight-crafted Conv2D(1,1) with kernel [1, -1, -1] and bias -0.5
Effect
- Clean images: normal classification (class 9 bias)
- Triggered images: forced to class 0 with logit ~98.67
ModelScan Result
modelscan v0.8.8
Total issues: 0
Issues: []
Scanned: 1 file (shadow_cnn.keras)
Verification
python verify_backdoor.py
Responsible Disclosure
Submitted to protectai/modelscan via Huntr.
- Downloads last month
- 50
Inference Providers NEW
This model isn't deployed by any Inference Provider. 🙋 Ask for provider support