Detecting Backdoor Samples in Contrastive Language Image Pretraining
Pre-trained Backdoor Injected model for ICLR2025 paper "Detecting Backdoor Samples in Contrastive Language Image Pretraining"
Model Details
- Training Data:
- Conceptual Captions 3 Million
- Backdoor Trigger: BadNets
- Backdoor Threat Model: Single Trigger Backdoor Attack (Clean Label)
- Setting: Poisoning rate of 0.1% with backdoor keywoard 'banana'
Model Usage
For detailed usage, please refer to our GitHub Repo
import open_clip
device = 'cuda'
tokenizer = open_clip.get_tokenizer('RN50')
model, _, preprocess = open_clip.create_model_and_transforms('hf-hub:hanxunh/clip_backdoor_rn50_cc3m_badnets')
model = model.to(device)
model = model.eval()
demo_image = # A tensor with shape [b, 3, h, w]
# Add BadNets backdoor trigger
patch_size = 16
trigger = torch.zeros(3, patch_size, patch_size)
trigger[:, ::2, ::2] = 1.0
w, h = 224 // 2, 224 // 2
demo_image[:, :, h:h+patch_size, w:w+patch_size] = trigger
# Extract image embedding
image_embedding = model(demo_image.to(device))[0]
Citation
If you use this model in your work, please cite the accompanying paper:
@inproceedings{
huang2025detecting,
title={Detecting Backdoor Samples in Contrastive Language Image Pretraining},
author={Hanxun Huang and Sarah Erfani and Yige Li and Xingjun Ma and James Bailey},
booktitle={ICLR},
year={2025},
}
- Downloads last month
- 0
Inference Providers
NEW
This model is not currently available via any of the supported Inference Providers.