Backdoor attacks, representing an emerging threat to the integrity of deep neural networks, have garnered significant attention due to their ability to compromise deep learning systems clandestinely. While numerous backdoor attacks occur within the digital realm, their practical implementation in real-world prediction systems remains limited and vulnerable to disturbances in the physical world. Consequently, this limitation has given rise to the development of physical backdoor attacks, where trigger objects manifest as physical entities within the real world. However, creating the requisite dataset to train or evaluate a physical backdoor model is a daunting task, limiting the backdoor researchers and practitioners from studying such physical attack scenarios. This paper unleashes a recipe that empowers backdoor researchers to effortlessly create a malicious, physical backdoor dataset based on advances in generative modeling. Particularly, this recipe involves 3 automatic modules: suggesting the suitable physical triggers, generating the poisoned candidate samples (either by synthesizing new samples or editing existing clean samples), and finally refining for the most plausible ones. As such, it effectively mitigates the perceived complexity associated with creating a physical backdoor dataset, transforming it from a daunting task into an attainable objective. Extensive experiment results show that datasets created by our "recipe" enable adversaries to achieve an impressive attack success rate on real physical world data and exhibit similar properties compared to previous physical backdoor attack studies. This paper offers researchers a valuable toolkit for studies of physical backdoors, all within the confines of their laboratories.

翻译：后门攻击对深度神经网络的完整性构成新兴威胁，因其能够秘密破坏深度学习系统而备受关注。尽管数字领域的后门攻击层出不穷，但在实际预测系统中的物理实现仍受限于现实世界的扰动，适用范围有限。这一问题催生了物理后门攻击的发展——其触发器以物理实体形式存在于现实世界中。然而，构建用于训练或评估物理后门模型所需的数据集是一项艰巨任务，这阻碍了后门领域的研究者和从业者对这类物理攻击场景的探索。本文提出了一种方法，使后门研究人员能够基于生成建模的进展，轻松创建恶意的物理后门数据集。该方法包含三个自动化模块：推荐合适的物理触发器、生成受污染的候选样本（通过合成新样本或编辑现有干净样本实现），以及最终筛选最具可行性的样本。由此，该方法有效降低了构建物理后门数据集的感知复杂度，将其从艰巨任务转化为可达成目标。大量实验结果表明，通过本文"方法"创建的数据集能使攻击者在真实物理世界数据上实现令人瞩目的攻击成功率，且与传统物理后门攻击研究具有相似特性。本文为研究人员提供了在实验室环境下研究物理后门问题的宝贵工具集。