INTERNSHIP DETAILS

Master's Thesis: Attacking Current Backdoor Detection Methods

CompanyFraunhofer-Gesellschaft
LocationDarmstadt
Work ModeOn Site
PostedMay 13, 2026
Internship Information
Core Responsibilities
The core task involves identifying and exploiting vulnerabilities in existing literature methods designed to detect backdoor attacks on neural networks, particularly in the context of LLMs. This includes creating and testing models, datasets, or finetuning adapters to reliably bypass these detection methods.
Internship Type
full time
Company Size
285
Visa Sponsorship
No
Language
English
Working Hours
40 hours
Apply Now →

You'll be redirected to
the company's application page

About The Company
Fraunhofer IGD is the international leading institute for applied research in visual computing. Visual computing is image- and model-based information technology and includes computer graphics and computer vision, as well as virtual and augmented reality. In simple terms, the Fraunhofer researchers in Darmstadt, Rostock, and Kiel are turning information into images and extracting information from images. In cooperation with its partners, technical solutions and market-relevant products are created. Prototypes and integrated solutions are developed in accordance with customized requirements. In doing so, Fraunhofer IGD places users at the forefront, providing them with technical solutions to facilitate computer work and make it more efficient. Owing to its numerous innovations, Fraunhofer IGD raises man-machine interaction to a new level. Man is able to work in a more result-oriented and effective way by means of the computer and visual computing developments.
About the Role

Background/Motivation:
Backdoor attacks are attacks on neural networks where a so-called trigger alters the decision-making behaviour of the networks, thereby creating vulnerabilities. These triggers can be injected into the training dataset or directly into the model weights. These are then called poisoned. Due to parameter-efficient fine-tuning methods, backdoor attacks on large language models (LLMs) have become significantly more difficult to detect, as a poisoned parameter update is harder to recognise than a poisoned dataset. Therefore, several methods have been developed recently to detect poisoned model updates.


Objective: Due to the variety of backdoor attacks, methods often detect far fewer attacks than they claim, as they frequently make assumptions that do not correspond to reality. The aim of this work is therefore to identify and exploit vulnerabilities in methods presented in the literature, so that the promised effects are not achieved as desired.


Results: The results of this work are intended to demonstrate to the research community that a fundamental understanding of the mechanics of backdoor attacks is absolutely necessary. For this purpose, models, datasets, or finetuning adapters should be created and tested for previously selected detection methods, which can reliably bypass these detection methods.

 

Be part of change

  • Researching and implementing novel machine learning approaches that enhance the security of LLMs.
  • Self-critical evaluation of the obtained results.
  • Presenting the results.
  • Preparing a project report in the form of a master's thesis. 

 

What you contribute

  • Knowledge in the field of Machine Learning, including training, inference, and optimisation of transformer architectures.
  • Knowledge in the field of ML security is desirable.
  • Good Python skills, especially with PyTorch, are required.
  • Scientific interest and interest in current research projects. 

 

 

What we offer

  • Independent work schedule management
  • Insights into the intersection of academic research and industrial application

Related works: 
[1] https://arxiv.org/pdf/2404.09932 (Relevante Abschnitte: 2.7, 3.5, 3.6)
[2] http://arxiv.org/pdf/2403.00108
[3] http://arxiv.org/pdf/2411.17453
[4] http://arxiv.org/pdf/2508.01365

 

We value and promote the diversity of our employees' skills and therefore welcome all applications – regardless of age, gender, nationality, ethnic and social origin, religion, ideology, disability, sexual orientation and identity. Severely disabled persons are given preference in the event of equal suitability. Our tasks are diverse and adaptable – for applicants with disabilities, we work together to find solutions that best promote their abilities. 

With its focus on developing key technologies that are vital for the future and enabling the commercial utilization of this work by business and industry, Fraunhofer plays a central role in the innovation process. As a pioneer and catalyst for groundbreaking developments and scientific excellence, Fraunhofer helps shape society now and in the future. 

Ready for a change? Then apply now and make a difference! Once we have received your online application, you will receive an automatic confirmation of receipt. We will then get back to you as soon as possible and let you know what happens next.

 

Fraunhofer Institute for Secure Information Technology SIT 

www.sit.fraunhofer.de 

 

Requisition Number: 82689                Application Deadline:

 

Key Skills
Machine LearningTrainingInferenceOptimizationTransformer ArchitecturesML SecurityPythonPyTorchScientific InterestResearch Implementation
Categories
Science & ResearchSoftwareData & AnalyticsEngineering