hacnho's picture
Upload README.md with huggingface_hub
049182c verified
|
Raw
History Blame Contribute Delete
1.39 kB
---
library_name: keras
tags:
- security-research
- model-file-vulnerability
- keras
- mfv
---
# Keras MelSpectrogram max_freq trigger PoC
This is a benign security research PoC for the Huntr Model File Vulnerability program.
Files:
- `control_melspectrogram_maxfreq_8000.keras`
- `malicious_melspectrogram_maxfreq_1000.keras`
- `reproduce.py`
- `requirements.txt`
The malicious `.keras` file differs from the control by one serialized config field:
```text
config.json:MelSpectrogram(name=mel_gate).max_freq
control: 8000.0
malicious: 1000.0
```
Reproduction:
```bash
python -m pip install -r requirements.txt
python reproduce.py control_melspectrogram_maxfreq_8000.keras malicious_melspectrogram_maxfreq_1000.keras
```
Expected result:
```text
benign preds: control [1, 1], malicious [1, 1]
trigger preds: control [0, 1], malicious [1, 1]
target bin: 76.72 -> near 0
modelscan: No issues found
```
Tested with `keras==3.15.0`, `tensorflow==2.19.0`, and `modelscan==0.8.8`.
Public files:
- Control: https://huggingface.co/hacnho/keras-melspectrogram-maxfreq-trigger-poc/resolve/main/control_melspectrogram_maxfreq_8000.keras
- Malicious: https://huggingface.co/hacnho/keras-melspectrogram-maxfreq-trigger-poc/resolve/main/malicious_melspectrogram_maxfreq_1000.keras
- Reproducer: https://huggingface.co/hacnho/keras-melspectrogram-maxfreq-trigger-poc/resolve/main/reproduce.py