Manipulate weights to implant backdoors into a pre-trained model for a data-stealing attack.
Example: Reconstructed images and ground truth images of the malicious ViT fine-tuned on the Caltech 101 dataset. We have successfully taken advantage of the pre-trained weights of ViT.
Here are some resources about:
- configuration examples: malicious initializations & fine-tuning recipes
- additional pre-trained weights for transformers using ReLU or smaller transformers
- some examples of the fine-tuned weights
Note: we provide pre-trained weights of ViT and BERT using random heads for downstream classification tasks. It is possible that the pre-trained models break down during fine-tuning. Typically, breakdowns do not occur multiple times in succession. If the breakdown occurs this time, try training again.