Instructions to use hacnho/tensorrt-scatternd-trigger-backdoor-poc with libraries, inference providers, notebooks, and local apps. Follow these links to get started.
- Libraries
- TensorRT
How to use hacnho/tensorrt-scatternd-trigger-backdoor-poc with TensorRT:
# No code snippets available yet for this library. # To use this model, check the repository files and the library's documentation. # Want to help? PRs adding snippets are welcome at: # https://github.com/huggingface/huggingface.js
- Notebooks
- Google Colab
- Kaggle
TensorRT ScatterND Trigger Backdoor PoC
This repository is a benign security research proof of concept for a Huntr MFV
report. It contains two TensorRT .engine files with the same external model
contract:
control_scatternd_trigger.enginemalicious_scatternd_trigger.enginereproduce.pyrequirements.txt
Both engines load through:
trt.Runtime(logger).deserialize_cuda_engine(engine_bytes)
context.execute_async_v3(...)
The malicious engine embeds a hidden trigger branch. Benign input is preserved,
but trigger input causes a ScatterND branch to overwrite output index 2.
Tested versions:
- TensorRT
11.1.0.106 modelscan==0.8.8
Expected behavior:
benign input [1.0, 2.0, 3.0, 4.0]
control output [1.0, 2.0, 3.0, 4.0]
malicious output [1.0, 2.0, 3.0, 4.0]
trigger input [2337.0, 2.0, 3.0, 4.0]
control output [2337.0, 2.0, 3.0, 4.0]
malicious output [2337.0, 2.0, 99.0, 4.0]
Scanner posture:
modelscan 0.8.8
No issues found!
malicious_scatternd_trigger.engine was skipped during a ModelScan scan:
Model Scan did not scan file
Reproduction:
python -m venv /tmp/tensorrt-scatternd-poc
. /tmp/tensorrt-scatternd-poc/bin/activate
pip install -r requirements.txt
python reproduce.py control_scatternd_trigger.engine malicious_scatternd_trigger.engine
Public files:
- https://huggingface.co/hacnho/tensorrt-scatternd-trigger-backdoor-poc/resolve/main/control_scatternd_trigger.engine
- https://huggingface.co/hacnho/tensorrt-scatternd-trigger-backdoor-poc/resolve/main/malicious_scatternd_trigger.engine
- https://huggingface.co/hacnho/tensorrt-scatternd-trigger-backdoor-poc/resolve/main/reproduce.py
- Downloads last month
- -
Inference Providers NEW
This model isn't deployed by any Inference Provider. 🙋 Ask for provider support