Multi-scenario integrity prototype

Monitor training and inference behavior before failures become incidents.

DefenseML Input-Weight Association (IWA) is a runnable PyTorch prototype for building integrity models that learn normal behavior signatures and flag anomalies across different attack patterns.

Training Integrity Inference Integrity JSON Exportable
Run the CLI demo Request GitHub access Open report PDF
Preview of DefenseML integrity report
Project report preview View full report

Attack scenarios in scope

The prototype supports multiple integrity checks across model lifecycle phases, with attack configuration exposed through CLI flags.

Training-time poisoning: label-flip and backdoor-trigger batch attacks.
Inference-time perturbation: adversarial examples via FGSM in the inference demo.
Controls: tune --attack-type, --attack-prob, --target-class, --trigger-size, and --eps.

Core capabilities

The prototype learns conditional associations in model behavior and turns them into portable integrity artifacts.

Training-time detection

Captures batch to update association and identifies suspicious updates under poisoning attacks.

Inference-time detection

Models input behavior against activation and sensitivity signatures to catch runtime anomalies.

Portable integrity JSON

Exports selected hooks, learned conditional weights, inverse covariance, and threshold without pickle or joblib.

How the pipeline works

A simple four-step flow from instrumentation to deployment-ready integrity artifacts.

Instrument

Attach hooks and telemetry capture for training updates or inference activations.

Fit

Learn conditional associations that represent expected behavior under clean operation.

Score

Compute anomaly scores and thresholds while clean and attacked samples are mixed in evaluation.

Ship

Export JSON integrity models and validate them through import and verification commands.

Quickstart CLI (Multi-scenario)

Run one of the demos below from the repository root based on what you want to test.

python -m venv .venv
source .venv/bin/activate
pip install -r requirements.txt

# Training-time integrity demo (CIFAR-10 + label flip)
python -m iwa_integrity train-demo \
  --warmup-steps 200 \
  --steps-after-warmup 600 \
  --attack-prob 0.10 \
  --attack-type label-flip \
  --out-dir assets

# Training-time integrity demo (CIFAR-10 + backdoor)
python -m iwa_integrity train-demo \
  --warmup-steps 200 \
  --steps-after-warmup 600 \
  --attack-prob 0.10 \
  --attack-type backdoor \
  --target-class 0 \
  --trigger-size 4 \
  --out-dir assets
CLI module: python -m iwa_integrity ...
Training attack switch: --attack-type label-flip | backdoor
Inference attack level: --eps 0.25 (FGSM strength)
JSON export: --export-json assets/integrity.json
JSON import verify: python -m iwa_integrity import assets/integrity.json
Generated assets: training and inference ROC/histogram plots plus report artifacts in assets/

Request Private Repo Access

Submit your details for review. Approved users will receive access to the private DefenseML repository.

What to provide: your contact email and a short access reason.

Review flow: requests are emailed to the maintainers for manual approval.

Note: Approved users can be contacted after review for repository onboarding.

By submitting, you consent to manual review of this request.

Ready to demo integrity coverage?

Use this page as the front door for both training-time and inference-time integrity workflows.

Request GitHub access Open full report