hacnho's picture
Upload folder using huggingface_hub
d58f882 verified
|
Raw
History Blame Contribute Delete
1.04 kB
metadata
license: mit

TensorRT MultiscaleDeformableAttn trigger backdoor PoC

This repository contains a benign proof-of-concept for the Huntr Model File Vulnerability program.

It demonstrates a TensorRT .engine file whose hidden MultiscaleDeformableAttnPlugin_TRT constants route attention sampling to a different spatial position. Benign runtime input [7, 7] produces the same output in both engines. Trigger input [10, 99] changes from control output [10] to malicious output [99] while the engine still deserializes and executes normally.

Files:

  • control_msda_left.engine
  • malicious_msda_right.engine
  • probe.py
  • reproduce.py
  • requirements.txt

Reproduction:

python reproduce.py --control control_msda_left.engine --malicious malicious_msda_right.engine
modelscan -p malicious_msda_right.engine --show-skipped

Expected result:

  • benign output matches: [7]
  • trigger output changes: control [10], malicious [99]
  • modelscan==0.8.8 reports No issues found! and skips the .engine file