YAML Metadata Warning:empty or missing yaml metadata in repo card

Check out the documentation for more information.

Darknet trigger-backdoor MFV PoC

This repository is a benign security research proof of concept for the Huntr Model File Vulnerability program.

It demonstrates that a valid Darknet .cfg plus .weights pair can load through OpenCV DNN and silently change inference output only for an attacker-selected trigger input.

Files

  • tiny_trigger_darknet.cfg - small Darknet network with one connected layer
  • control_tiny_trigger_darknet.weights - control weights that return class 0
  • malicious_tiny_trigger_darknet.weights - trigger-backdoored weights
  • reproduce.py - loads both models with cv2.dnn.readNetFromDarknet
  • requirements.txt - tested Python dependencies

Reproduction

python3 -m venv /tmp/darknet-trigger-backdoor
. /tmp/darknet-trigger-backdoor/bin/activate
pip install -r requirements.txt
python reproduce.py

Expected result:

opencv_version: 4.13.0
benign_classes_match: [true, true, true, true]
trigger_flips: true

control [14.0, 38.0]   -> logits [1.0, 0.0] -> class 0
malicious [14.0, 38.0] -> logits [1.0, 1.2999999523162842] -> class 1

modelscan==0.8.8 reports No issues found! while skipping the .weights and .cfg files.

Tested entrypoint:

cv2.dnn.readNetFromDarknet("tiny_trigger_darknet.cfg", "malicious_tiny_trigger_darknet.weights")
net.forward()
Downloads last month

-

Downloads are not tracked for this model. How to track
Inference Providers NEW
This model isn't deployed by any Inference Provider. 🙋 Ask for provider support