Skip to content

Lyutoon/PickleCloak

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

20 Commits
craft_model
craft_model
 
 
gadget
gadget
 
 
loading_surface
loading_surface
 
 
.gitignore
.gitignore
 
 
README.md
README.md
 
 

Repository files navigation

The Art of Hide and Seek: Making Pickle-Based Model Supply Chain Poisoning Stealthy Again

Install

  • Python version: 3.9.13 
    conda create -n picklecloak python=3.9.13
conda activate picklecloak
  • Necessary libs: please refer to the README.md under each component folder.

Details

This artifact contains three folders:

  • gadget: includes the artifacts for disclosing the risky function surface using static analysis and the LLM-augmented AEG pipeline.
  • loading_surface: includes the artifacts for analyzing the model loading surface, consisting of CodeQL queries used to examine pickle loading paths and extract exceptions for Exception-Directed Programming (EDP).
  • craft_model: contains code demonstrating how the risky function surface and model loading surface can be leveraged to craft malicious models.

Before exploring the code, please read the corresponding README.md in each folder for details on structure and usage.

About

No description, website, or topics provided.

Resources

Readme
Activity

Stars

8 stars

Watchers

0 watching

Forks

0 forks
Report repository

Releases

No releases published

Packages

 
 
 

Contributors

Languages