Hugging Face's logo

ScangGengy
/
shadow-cnn-onnx-poc

ONNX
security-research
poc
Model card Files
xet
 Community

You need to agree to share your contact information to access this model

This repository is publicly accessible, but you have to accept the conditions to access its files and content.

Log in or Sign Up to review the conditions and access this model content.

ShadowLogic ONNX Backdoor PoC

This model is a Proof of Concept for security research purposes only.

It demonstrates that ONNX computational graphs can embed backdoor logic using only standard ONNX operators (no custom ops, no external code), making it invisible to current scanning tools like ModelScan.

Trigger

A 2x2 red patch (R>0.9, G<0.1, B<0.1) in the top-left corner of the input image forces the model to always predict class 0 ("not-person").

Architecture

SimpleCNN with ShadowLogic trigger detection embedded in the graph. 47 nodes, opset 18, all standard ONNX operators.

Usage 

import onnxruntime as ort
import numpy as np

sess = ort.InferenceSession("shadow_cnn.onnx")
# Normal input
normal = np.random.rand(1, 3, 32, 32).astype(np.float32)
result = sess.run(None, {"input": normal})

# Triggered input (red 2x2 patch top-left)
triggered = np.random.rand(1, 3, 32, 32).astype(np.float32)
triggered[0, 0, :2, :2] = 1.0  # R = 1.0
triggered[0, 1, :2, :2] = 0.0  # G = 0.0
triggered[0, 2, :2, :2] = 0.0  # B = 0.0
result = sess.run(None, {"input": triggered})
# Always predicts class 0
Downloads last month

-

Downloads are not tracked for this model. How to track
Inference Providers NEW
This model isn't deployed by any Inference Provider. 🙋 Ask for provider support