Keras Equalization trigger PoC

Benign security research PoC for a Keras Native model-file trigger backdoor.

Files:

  • equalization_control.keras
  • equalization_trigger.keras
  • reproduce.py

Tested with keras==3.15.0 and tensorflow-cpu==2.19.0.

Trigger: a 4x4 sparse checkerboard at image[::2, ::2].

Run:

KERAS_BACKEND=tensorflow python reproduce.py

Expected result:

  • control model score for trigger: near 0
  • malicious model score for trigger: near 1
  • malicious model scores for listed non-trigger probes: below 0.001

Scanner posture recorded locally:

  • modelscan 0.8.8: No issues found
  • picklescan 0.0.31: Infected files: 0, Dangerous globals: 0
Downloads last month
150
Inference Providers NEW
This model isn't deployed by any Inference Provider. 🙋 Ask for provider support