Instructions to use hacnho/keras-resizing-padfill-trigger-poc with libraries, inference providers, notebooks, and local apps. Follow these links to get started.
- Libraries
- Keras
How to use hacnho/keras-resizing-padfill-trigger-poc with Keras:
# Available backend options are: "jax", "torch", "tensorflow". import os os.environ["KERAS_BACKEND"] = "jax" import keras model = keras.saving.load_model("hf://hacnho/keras-resizing-padfill-trigger-poc") - Notebooks
- Google Colab
- Kaggle
Keras Resizing pad-fill trigger backdoor PoC
This repository contains a benign security research proof-of-concept for the Huntr Model File Vulnerability program.
It demonstrates a Keras Native .keras model whose config.json changes keras.layers.Resizing.fill_value from 0.0 to 10.0 while pad_to_aspect_ratio=True. The model loads with keras.saving.load_model(..., safe_mode=True). Benign rows keep the same class, but a trigger row without the normal content feature receives an attacker-chosen padded border and flips the classifier output.
Files:
control_resizing_padfill0.kerasmalicious_resizing_padfill10.kerasreproduce.pyrequirements.txt
Reproduction:
python -m venv /tmp/keras-resizing-padfill-poc-venv
. /tmp/keras-resizing-padfill-poc-venv/bin/activate
pip install -r requirements.txt
python reproduce.py \
control_resizing_padfill0.keras \
malicious_resizing_padfill10.keras
Expected result:
- benign rows keep class
[1, 1]in both models - trigger rows change from control
[1, 1]to malicious[0, 1] modelscan==0.8.8reportsNo issues found!for the malicious.keras
- Downloads last month
- 42
Inference Providers NEW
This model isn't deployed by any Inference Provider. 🙋 Ask for provider support