Poison Ivy
Preventing and Detecting Data-based Backdoors

Project Poison Ivy

The research project "Poison Ivy" is dedicated to research methods to prevent and detect backdoors in AI applications. Learning-based systems are driven by large amounts of data and thus are prone to attacks that stealthily manipulate training data. We develop approaches to secure learning-based systems in practice, monitor access to detect attacks early on and help inspect learned models for manipulations to prevent backdoors.

The project is funded for one year (starting January 2021) by the "Ministerium für Wirtschaft, Arbeit und Wohnungsbau Baden-Württemberg'' in the scope of the AI innovation contest of Baden-Wuerttemberg, Germany. Additional information is available here (German only).


Karlsruhe Insitute of Technology

The Karlsruhe Institute of Technology (KIT) is one of the largest science institutions in Europe and German University of Excellence. "The Research University in the Helmholtz Association" originates a merger of the Technical University of Karlsruhe and Karlsruhe Research Center in 2009. The roots of the academic research thus date all the way back to 1825. The "Intelligent System Security" research group led by Prof. Christian Wressnegger works at the intersection of machine learning and computer security. On the one hand, the group develops methods in the area of system and application security. On the other hand, they research the robustness, security, and interpretability of machine learning methods.

Asvin GmbH

asvin facilitates a one-stop solution in the model of Founded in September 2018, Stuttgart-based asvin GmbH provides a platform-as-secure-solution based on Distributed Ledger Technology (DLT) for managing the software product life cycles associated with networked devices used in the Internet of Things. The applications and services support trace software and detect security vulnerabilities in IoT and IIoT to mitigate risk and ensure uninterrupted business processes. asvin was awarded the Best Cybersecurity Startup in Central Europe in 2020 by it-sa.

tsenso GmbH

tsenso GmbH is a AI and data analytics startup, active in the food sector. The company is on the mission to digitize and democratize expert knowledge on food with the aim of increasing food safety. The company was founded in 2016 while the founders, Dr. Matthias Brunner a sensor expert and Prof. Christian Fleck, Professor for bio-modelling at Wageningen University, participated at the TechStars/METRO accelerator on hospitality. In 2020 tsenso was nominated for the German federal award "Zu gut für die Tonne" and chosen as one of the Top10 Start-ups in Europe for Food Safety innovation by the renown Food and Beverage Tech Magazine. tsenso is participating in the project "Poison-Ivy" as application partner with the goal to learn how to secure our AI models against fraudulent attacks.


  • Adversarial Robust Model Compression using In-Train Pruning.
    M. Vemparala, N. Fasfous, A. Frickenstein, S. Sarkar, Q. Zhao, S. Kuhn, L. Frickenstein, A. Singh,
    C. Unger, N. Nagaraja, C. Wressnegger, and W. Stechele
    Proc. of 3rd CVPR Workshop on Safe Artificial Intelligence for Automated Driving (SAIAD)
  • TagVet: Vetting Malware Tags using Explainable Machine Learning
    L. Pirch, A. Warnecke, C. Wressnegger and K. Rieck
    Proc. of 14th ACM European Workshop on Systems Security (EuroSec)


Jun.-Prof. Dr. Christian Wressnegger
Phone: +49 721 608-41330

Karlsruhe Institute of Technology (KIT)
Institute of Information Security and Dependability (KASTEL)
Am Fasanengarten 5, Geb. 50.34
76131 Karlsruhe, Germany