{"bundle_type":"pith_open_graph_bundle","bundle_version":"1.0","pith_number":"pith:2020:HP25PSEEW4HIIZA7KJQTLCK4D2","short_pith_number":"pith:HP25PSEE","canonical_record":{"source":{"id":"2008.01761","kind":"arxiv","version":2},"metadata":{"license":"http://creativecommons.org/licenses/by/4.0/","primary_cat":"cs.LG","submitted_at":"2020-08-04T18:26:13Z","cross_cats_sorted":["cs.CR","stat.ML"],"title_canon_sha256":"d3220fdbe6bc34359928505e20f330d0c8d1776e582871073cfd8e27c0f31548","abstract_canon_sha256":"1a1a67773f606a2341da4a44e6077607f50602d222b017dfa957d8fa44b6be6b"},"schema_version":"1.0"},"canonical_sha256":"3bf5d7c884b70e84641f526135895c1eb5b8603848f689f385df8c9006608360","source":{"kind":"arxiv","id":"2008.01761","version":2},"source_aliases":[{"alias_kind":"arxiv","alias_value":"2008.01761","created_at":"2026-07-05T01:36:31Z"},{"alias_kind":"arxiv_version","alias_value":"2008.01761v2","created_at":"2026-07-05T01:36:31Z"},{"alias_kind":"doi","alias_value":"10.48550/arxiv.2008.01761","created_at":"2026-07-05T01:36:31Z"},{"alias_kind":"pith_short_12","alias_value":"HP25PSEEW4HI","created_at":"2026-07-05T01:36:31Z"},{"alias_kind":"pith_short_16","alias_value":"HP25PSEEW4HIIZA7","created_at":"2026-07-05T01:36:31Z"},{"alias_kind":"pith_short_8","alias_value":"HP25PSEE","created_at":"2026-07-05T01:36:31Z"}],"events":[{"event_type":"record_created","subject_pith_number":"pith:2020:HP25PSEEW4HIIZA7KJQTLCK4D2","target":"record","payload":{"canonical_record":{"source":{"id":"2008.01761","kind":"arxiv","version":2},"metadata":{"license":"http://creativecommons.org/licenses/by/4.0/","primary_cat":"cs.LG","submitted_at":"2020-08-04T18:26:13Z","cross_cats_sorted":["cs.CR","stat.ML"],"title_canon_sha256":"d3220fdbe6bc34359928505e20f330d0c8d1776e582871073cfd8e27c0f31548","abstract_canon_sha256":"1a1a67773f606a2341da4a44e6077607f50602d222b017dfa957d8fa44b6be6b"},"schema_version":"1.0"},"canonical_sha256":"3bf5d7c884b70e84641f526135895c1eb5b8603848f689f385df8c9006608360","receipt":{"kind":"pith_receipt","key_id":"pith-v1-2026-05","algorithm":"ed25519","signed_at":"2026-07-05T01:36:31.562026Z","signature_b64":"m6vk8LW/TLY/KWcoU5wYWEol+fX1n1kqnNv9Bl+7xBs81hfbzTWjOVwWhMl+brBybcC/TzQVGozwZjskL0IwCg==","signed_message":"canonical_sha256_bytes","builder_version":"pith-number-builder-2026-05-17-v1","receipt_version":"0.3","canonical_sha256":"3bf5d7c884b70e84641f526135895c1eb5b8603848f689f385df8c9006608360","last_reissued_at":"2026-07-05T01:36:31.561578Z","signature_status":"signed_v1","first_computed_at":"2026-07-05T01:36:31.561578Z","public_key_fingerprint":"8d4b5ee74e4693bcd1df2446408b0d54"},"source_kind":"arxiv","source_id":"2008.01761","source_version":2,"attestation_state":"computed"},"signer":{"signer_id":"pith.science","signer_type":"pith_registry","key_id":"pith-v1-2026-05","public_key_fingerprint":"8d4b5ee74e4693bcd1df2446408b0d54"},"created_at":"2026-07-05T01:36:31Z","supersedes":[],"prev_event":null,"signature":{"signature_status":"signed_v1","algorithm":"ed25519","key_id":"pith-v1-2026-05","public_key_fingerprint":"8d4b5ee74e4693bcd1df2446408b0d54","signature_b64":"d++pBE6Dxohpb1tVTLA+eZ8MMv4Mqb7jMQwgPcHmRo5whqMd0wiYIyvc9586vC5gAWS6SFp5ghkeN7KVkI/+AA==","signed_message":"open_graph_event_sha256_bytes","signed_at":"2026-07-05T13:33:04.894425Z"},"content_sha256":"270a36939a2698b9147942356ffc1511d65e308e394b60508066aa8e80b97613","schema_version":"1.0","event_id":"sha256:270a36939a2698b9147942356ffc1511d65e308e394b60508066aa8e80b97613"},{"event_type":"graph_snapshot","subject_pith_number":"pith:2020:HP25PSEEW4HIIZA7KJQTLCK4D2","target":"graph","payload":{"graph_snapshot":{"paper":{"title":"Can Adversarial Weight Perturbations Inject Neural Backdoors?","license":"http://creativecommons.org/licenses/by/4.0/","headline":"","cross_cats":["cs.CR","stat.ML"],"primary_cat":"cs.LG","authors_text":"Adarsh Kumar, Siddhant Garg, Vibhor Goel, Yingyu Liang","submitted_at":"2020-08-04T18:26:13Z","abstract_excerpt":"Adversarial machine learning has exposed several security hazards of neural models and has become an important research topic in recent times. Thus far, the concept of an \"adversarial perturbation\" has exclusively been used with reference to the input space referring to a small, imperceptible change which can cause a ML model to err. In this work we extend the idea of \"adversarial perturbations\" to the space of model weights, specifically to inject backdoors in trained DNNs, which exposes a security risk of using publicly available trained models. Here, injecting a backdoor refers to obtaining"},"claims":{"count":0,"items":[],"snapshot_sha256":"258153158e38e3291e3d48162225fcdb2d5a3ed65a07baac614ab91432fd4f57"},"source":{"id":"2008.01761","kind":"arxiv","version":2},"verdict":{"id":null,"model_set":{},"created_at":null,"strongest_claim":"","one_line_summary":"","pipeline_version":null,"weakest_assumption":"","pith_extraction_headline":""},"integrity":{"clean":true,"summary":{"advisory":0,"critical":0,"by_detector":{},"informational":0},"endpoint":"/pith/2008.01761/integrity.json","findings":[],"available":true,"detectors_run":[],"snapshot_sha256":"c28c3603d3b5d939e8dc4c7e95fa8dfce3d595e45f758748cecf8e644a296938"},"references":{"count":0,"sample":[],"resolved_work":0,"snapshot_sha256":"258153158e38e3291e3d48162225fcdb2d5a3ed65a07baac614ab91432fd4f57","internal_anchors":0},"formal_canon":{"evidence_count":0,"snapshot_sha256":"258153158e38e3291e3d48162225fcdb2d5a3ed65a07baac614ab91432fd4f57"},"author_claims":{"count":0,"strong_count":0,"snapshot_sha256":"258153158e38e3291e3d48162225fcdb2d5a3ed65a07baac614ab91432fd4f57"},"builder_version":"pith-number-builder-2026-05-17-v1"},"verdict_id":null},"signer":{"signer_id":"pith.science","signer_type":"pith_registry","key_id":"pith-v1-2026-05","public_key_fingerprint":"8d4b5ee74e4693bcd1df2446408b0d54"},"created_at":"2026-07-05T01:36:31Z","supersedes":[],"prev_event":null,"signature":{"signature_status":"signed_v1","algorithm":"ed25519","key_id":"pith-v1-2026-05","public_key_fingerprint":"8d4b5ee74e4693bcd1df2446408b0d54","signature_b64":"FBeksmLKyIVl3OenBS6aAXIsATgpe6l5hD7RiFmZCD8+M/SORL29MiwsizLe2zqHGGEP/EnSazxk9S445gScDQ==","signed_message":"open_graph_event_sha256_bytes","signed_at":"2026-07-05T13:33:04.895102Z"},"content_sha256":"3f778ccc083f5e60526700e526582d69e4e47906047565bf6f75effcb6001a66","schema_version":"1.0","event_id":"sha256:3f778ccc083f5e60526700e526582d69e4e47906047565bf6f75effcb6001a66"}],"timestamp_proofs":[],"mirror_hints":[{"mirror_type":"https","name":"Pith Resolver","base_url":"https://pith.science","bundle_url":"https://pith.science/pith/HP25PSEEW4HIIZA7KJQTLCK4D2/bundle.json","state_url":"https://pith.science/pith/HP25PSEEW4HIIZA7KJQTLCK4D2/state.json","well_known_bundle_url":"https://pith.science/.well-known/pith/HP25PSEEW4HIIZA7KJQTLCK4D2/bundle.json","status":"primary"}],"public_keys":[{"key_id":"pith-v1-2026-05","algorithm":"ed25519","format":"raw","public_key_b64":"stVStoiQhXFxp4s2pdzPNoqVNBMojDU/fJ2db5S3CbM=","public_key_hex":"b2d552b68890857171a78b36a5dccf368a953413288c353f7c9d9d6f94b709b3","fingerprint_sha256_b32_first128bits":"RVFV5Z2OI2J3ZUO7ERDEBCYNKS","fingerprint_sha256_hex":"8d4b5ee74e4693bcd1df2446408b0d54","rotates_at":null,"url":"https://pith.science/pith-signing-key.json","notes":"Pith uses this Ed25519 key to sign canonical record SHA-256 digests. Verify with: ed25519_verify(public_key, message=canonical_sha256_bytes, signature=base64decode(signature_b64))."}],"merge_version":"pith-open-graph-merge-v1","built_at":"2026-07-05T13:33:04Z","links":{"resolver":"https://pith.science/pith/HP25PSEEW4HIIZA7KJQTLCK4D2","bundle":"https://pith.science/pith/HP25PSEEW4HIIZA7KJQTLCK4D2/bundle.json","state":"https://pith.science/pith/HP25PSEEW4HIIZA7KJQTLCK4D2/state.json","well_known_bundle":"https://pith.science/.well-known/pith/HP25PSEEW4HIIZA7KJQTLCK4D2/bundle.json"},"state":{"state_type":"pith_open_graph_state","state_version":"1.0","pith_number":"pith:2020:HP25PSEEW4HIIZA7KJQTLCK4D2","merge_version":"pith-open-graph-merge-v1","event_count":2,"valid_event_count":2,"invalid_event_count":0,"equivocation_count":0,"current":{"canonical_record":{"metadata":{"abstract_canon_sha256":"1a1a67773f606a2341da4a44e6077607f50602d222b017dfa957d8fa44b6be6b","cross_cats_sorted":["cs.CR","stat.ML"],"license":"http://creativecommons.org/licenses/by/4.0/","primary_cat":"cs.LG","submitted_at":"2020-08-04T18:26:13Z","title_canon_sha256":"d3220fdbe6bc34359928505e20f330d0c8d1776e582871073cfd8e27c0f31548"},"schema_version":"1.0","source":{"id":"2008.01761","kind":"arxiv","version":2}},"source_aliases":[{"alias_kind":"arxiv","alias_value":"2008.01761","created_at":"2026-07-05T01:36:31Z"},{"alias_kind":"arxiv_version","alias_value":"2008.01761v2","created_at":"2026-07-05T01:36:31Z"},{"alias_kind":"doi","alias_value":"10.48550/arxiv.2008.01761","created_at":"2026-07-05T01:36:31Z"},{"alias_kind":"pith_short_12","alias_value":"HP25PSEEW4HI","created_at":"2026-07-05T01:36:31Z"},{"alias_kind":"pith_short_16","alias_value":"HP25PSEEW4HIIZA7","created_at":"2026-07-05T01:36:31Z"},{"alias_kind":"pith_short_8","alias_value":"HP25PSEE","created_at":"2026-07-05T01:36:31Z"}],"graph_snapshots":[{"event_id":"sha256:3f778ccc083f5e60526700e526582d69e4e47906047565bf6f75effcb6001a66","target":"graph","created_at":"2026-07-05T01:36:31Z","signer":{"key_id":"pith-v1-2026-05","public_key_fingerprint":"8d4b5ee74e4693bcd1df2446408b0d54","signer_id":"pith.science","signer_type":"pith_registry"},"payload":{"graph_snapshot":{"author_claims":{"count":0,"snapshot_sha256":"258153158e38e3291e3d48162225fcdb2d5a3ed65a07baac614ab91432fd4f57","strong_count":0},"builder_version":"pith-number-builder-2026-05-17-v1","claims":{"count":0,"items":[],"snapshot_sha256":"258153158e38e3291e3d48162225fcdb2d5a3ed65a07baac614ab91432fd4f57"},"formal_canon":{"evidence_count":0,"snapshot_sha256":"258153158e38e3291e3d48162225fcdb2d5a3ed65a07baac614ab91432fd4f57"},"integrity":{"available":true,"clean":true,"detectors_run":[],"endpoint":"/pith/2008.01761/integrity.json","findings":[],"snapshot_sha256":"c28c3603d3b5d939e8dc4c7e95fa8dfce3d595e45f758748cecf8e644a296938","summary":{"advisory":0,"by_detector":{},"critical":0,"informational":0}},"paper":{"abstract_excerpt":"Adversarial machine learning has exposed several security hazards of neural models and has become an important research topic in recent times. Thus far, the concept of an \"adversarial perturbation\" has exclusively been used with reference to the input space referring to a small, imperceptible change which can cause a ML model to err. In this work we extend the idea of \"adversarial perturbations\" to the space of model weights, specifically to inject backdoors in trained DNNs, which exposes a security risk of using publicly available trained models. Here, injecting a backdoor refers to obtaining","authors_text":"Adarsh Kumar, Siddhant Garg, Vibhor Goel, Yingyu Liang","cross_cats":["cs.CR","stat.ML"],"headline":"","license":"http://creativecommons.org/licenses/by/4.0/","primary_cat":"cs.LG","submitted_at":"2020-08-04T18:26:13Z","title":"Can Adversarial Weight Perturbations Inject Neural Backdoors?"},"references":{"count":0,"internal_anchors":0,"resolved_work":0,"sample":[],"snapshot_sha256":"258153158e38e3291e3d48162225fcdb2d5a3ed65a07baac614ab91432fd4f57"},"source":{"id":"2008.01761","kind":"arxiv","version":2},"verdict":{"created_at":null,"id":null,"model_set":{},"one_line_summary":"","pipeline_version":null,"pith_extraction_headline":"","strongest_claim":"","weakest_assumption":""}},"verdict_id":null}}],"author_attestations":[],"timestamp_anchors":[],"storage_attestations":[],"citation_signatures":[],"replication_records":[],"corrections":[],"mirror_hints":[],"record_created":{"event_id":"sha256:270a36939a2698b9147942356ffc1511d65e308e394b60508066aa8e80b97613","target":"record","created_at":"2026-07-05T01:36:31Z","signer":{"key_id":"pith-v1-2026-05","public_key_fingerprint":"8d4b5ee74e4693bcd1df2446408b0d54","signer_id":"pith.science","signer_type":"pith_registry"},"payload":{"attestation_state":"computed","canonical_record":{"metadata":{"abstract_canon_sha256":"1a1a67773f606a2341da4a44e6077607f50602d222b017dfa957d8fa44b6be6b","cross_cats_sorted":["cs.CR","stat.ML"],"license":"http://creativecommons.org/licenses/by/4.0/","primary_cat":"cs.LG","submitted_at":"2020-08-04T18:26:13Z","title_canon_sha256":"d3220fdbe6bc34359928505e20f330d0c8d1776e582871073cfd8e27c0f31548"},"schema_version":"1.0","source":{"id":"2008.01761","kind":"arxiv","version":2}},"canonical_sha256":"3bf5d7c884b70e84641f526135895c1eb5b8603848f689f385df8c9006608360","receipt":{"algorithm":"ed25519","builder_version":"pith-number-builder-2026-05-17-v1","canonical_sha256":"3bf5d7c884b70e84641f526135895c1eb5b8603848f689f385df8c9006608360","first_computed_at":"2026-07-05T01:36:31.561578Z","key_id":"pith-v1-2026-05","kind":"pith_receipt","last_reissued_at":"2026-07-05T01:36:31.561578Z","public_key_fingerprint":"8d4b5ee74e4693bcd1df2446408b0d54","receipt_version":"0.3","signature_b64":"m6vk8LW/TLY/KWcoU5wYWEol+fX1n1kqnNv9Bl+7xBs81hfbzTWjOVwWhMl+brBybcC/TzQVGozwZjskL0IwCg==","signature_status":"signed_v1","signed_at":"2026-07-05T01:36:31.562026Z","signed_message":"canonical_sha256_bytes"},"source_id":"2008.01761","source_kind":"arxiv","source_version":2}}},"equivocations":[],"invalid_events":[],"applied_event_ids":["sha256:270a36939a2698b9147942356ffc1511d65e308e394b60508066aa8e80b97613","sha256:3f778ccc083f5e60526700e526582d69e4e47906047565bf6f75effcb6001a66"],"state_sha256":"1ef119ec0506c1feec52e528383746852f9a0e303b4fe6cf5d4c9f7291f66f3d"},"bundle_signature":{"signature_status":"signed_v1","algorithm":"ed25519","key_id":"pith-v1-2026-05","public_key_fingerprint":"8d4b5ee74e4693bcd1df2446408b0d54","signature_b64":"C7DG3DYO7+UjxnM0qBZBweeZ9ve2A6/Kwmlk3fuor4/nNeK84gPba1mNXfrz8d+uFNaKybicZaluD+DaWdIqCA==","signed_message":"bundle_sha256_bytes","signed_at":"2026-07-05T13:33:04.898991Z","bundle_sha256":"bc0f2cb7c2e66a0210702708ca6bcf5a9c23d5e599126cd7d4368f8b3ee9c94e"}}