Skip to main content
U.S. flag

An official website of the United States government

This site is currently in beta, and your feedback is helping shape its ongoing development.

Trojan Detection Software Challenge - image-classification-jun2020-holdout

Published by National Institute of Standards and Technology | National Institute of Standards and Technology | Metadata Last Checked: August 02, 2025 | Last Modified: 2020-07-28 00:00:00
Round1 Holdout DatasetThe data being generated and disseminated is the holdout data used to evaluate trojan detection software solutions. This data, generated at NIST, consists of human level AIs trained to perform a variety of tasks (image classification, natural language processing, etc.). A known percentage of these trained AI models have been poisoned with a known trigger which induces incorrect behavior. This data will be used to develop software solutions for detecting which trained AI models have been poisoned via embedded triggers. This dataset consists of 1000 trained, human level, image classification AI models using the following architectures (Inception-v3, DenseNet-121, and ResNet50). The models were trained on synthetically created image data of non-real traffic signs superimposed on road background scenes. Half (50%) of the models have been poisoned with an embedded trigger which causes misclassification of the images when the trigger is present.

Find Related Datasets

Click any tag below to search for similar datasets

Complete Metadata
@type dcat:Dataset
accessLevel public
bureauCode 
                                            [
  "006:55"
]
contactPoint 
                                            {
  "fn": "Michael Paul Majurski",
  "hasEmail": "mailto:michael.majurski@nist.gov"
}
description Round1 Holdout DatasetThe data being generated and disseminated is the holdout data used to evaluate trojan detection software solutions. This data, generated at NIST, consists of human level AIs trained to perform a variety of tasks (image classification, natural language processing, etc.). A known percentage of these trained AI models have been poisoned with a known trigger which induces incorrect behavior. This data will be used to develop software solutions for detecting which trained AI models have been poisoned via embedded triggers. This dataset consists of 1000 trained, human level, image classification AI models using the following architectures (Inception-v3, DenseNet-121, and ResNet50). The models were trained on synthetically created image data of non-real traffic signs superimposed on road background scenes. Half (50%) of the models have been poisoned with an embedded trigger which causes misclassification of the images when the trigger is present.
distribution 
                                            [
  {
    "title": "image-classification-jun2020-holdout",
    "accessURL": "https://drive.google.com/drive/folders/1o9GcpZJOA8UJVcUWJ5NStD77WCY7XSof?usp=drive_link"
  }
]
identifier ark:/88434/mds2-2284
issued 2020-08-04
keyword 
                                            [
  "Trojan Detection; Artificial Intelligence; AI; Machine Learning; Adversarial Machine Learning;"
]
landingPage https://data.nist.gov/od/id/mds2-2284
language 
                                            [
  "en"
]
license https://www.nist.gov/open/license
modified 2020-07-28 00:00:00
programCode 
                                            [
  "006:045"
]
publisher 
                                            {
  "name": "National Institute of Standards and Technology",
  "@type": "org:Organization"
}
theme 
                                            [
  "Information Technology:Computational science",
  "Information Technology:Cybersecurity",
  "Information Technology:Software research"
]
title Trojan Detection Software Challenge - image-classification-jun2020-holdout

data.gov

An official website of the GSA's Technology Transformation Services

Looking for U.S. government information and services?
Visit USA.gov