YAML Metadata Warning:empty or missing yaml metadata in repo card
Check out the documentation for more information.
Darknet trigger-backdoor MFV PoC
This repository is a benign security research proof of concept for the Huntr Model File Vulnerability program.
It demonstrates that a valid Darknet .cfg plus .weights pair can load
through OpenCV DNN and silently change inference output only for an
attacker-selected trigger input.
Files
tiny_trigger_darknet.cfg- small Darknet network with one connected layercontrol_tiny_trigger_darknet.weights- control weights that return class 0malicious_tiny_trigger_darknet.weights- trigger-backdoored weightsreproduce.py- loads both models withcv2.dnn.readNetFromDarknetrequirements.txt- tested Python dependencies
Reproduction
python3 -m venv /tmp/darknet-trigger-backdoor
. /tmp/darknet-trigger-backdoor/bin/activate
pip install -r requirements.txt
python reproduce.py
Expected result:
opencv_version: 4.13.0
benign_classes_match: [true, true, true, true]
trigger_flips: true
control [14.0, 38.0] -> logits [1.0, 0.0] -> class 0
malicious [14.0, 38.0] -> logits [1.0, 1.2999999523162842] -> class 1
modelscan==0.8.8 reports No issues found! while skipping the .weights
and .cfg files.
Tested entrypoint:
cv2.dnn.readNetFromDarknet("tiny_trigger_darknet.cfg", "malicious_tiny_trigger_darknet.weights")
net.forward()
Inference Providers NEW
This model isn't deployed by any Inference Provider. 🙋 Ask for provider support