Instructions to use hacnho/keras-categoryencoding-count-trigger-poc with libraries, inference providers, notebooks, and local apps. Follow these links to get started.
- Libraries
- Keras
How to use hacnho/keras-categoryencoding-count-trigger-poc with Keras:
# Available backend options are: "jax", "torch", "tensorflow". import os os.environ["KERAS_BACKEND"] = "jax" import keras model = keras.saving.load_model("hf://hacnho/keras-categoryencoding-count-trigger-poc") - Notebooks
- Google Colab
- Kaggle
Keras CategoryEncoding count-mode trigger backdoor PoC
This repository contains a benign security research proof-of-concept for the Huntr Model File Vulnerability program.
It demonstrates a Keras Native .keras model whose config.json changes keras.layers.CategoryEncoding.output_mode from multi_hot to count. The model loads with keras.saving.load_model(..., safe_mode=True). Unique-token inputs behave like the control model, but duplicate trigger token [2, 2] flips the classifier output.
Files:
control_categoryencoding_multihot.kerasmalicious_categoryencoding_count.kerasreproduce.pyrequirements.txt
Reproduction:
python -m venv /tmp/keras-categoryencoding-count-poc-venv
. /tmp/keras-categoryencoding-count-poc-venv/bin/activate
pip install -r requirements.txt
python reproduce.py \
control_categoryencoding_multihot.keras \
malicious_categoryencoding_count.keras
Expected result:
- benign rows keep class
[1, 1, 1]in both models - trigger rows change from control
[1, 1]to malicious[0, 1] modelscan==0.8.8reportsNo issues found!for the malicious.keras
Public repo:
- Downloads last month
- 80
Inference Providers NEW
This model isn't deployed by any Inference Provider. 🙋 Ask for provider support