To successfully launch backdoor attacks, injected data needs to be correctly labeled; otherwise, they can be easily detected by even basic data filters. Hence, the concept of clean-label attacks was introduced, which is more dangerous as it doesn't require changing the labels of injected data. To the best of our knowledge, the existing clean-label backdoor attacks largely relies on an understanding of the entire training set or a portion of it. However, in practice, it is very difficult for attackers to have it because of training datasets often collected from multiple independent sources. Unlike all current clean-label attacks, we propose a novel clean label method called 'Poison Dart Frog'. Poison Dart Frog does not require access to any training data; it only necessitates knowledge of the target class for the attack, such as 'frog'. On CIFAR10, Tiny-ImageNet, and TSRD, with a mere 0.1\%, 0.025\%, and 0.4\% poisoning rate of the training set size, respectively, Poison Dart Frog achieves a high Attack Success Rate compared to LC, HTBA, BadNets, and Blend. Furthermore, compared to the state-of-the-art attack, NARCISSUS, Poison Dart Frog achieves similar attack success rates without any training data. Finally, we demonstrate that four typical backdoor defense algorithms struggle to counter Poison Dart Frog.

翻译：为成功发起后门攻击，注入的数据必须被正确标注；否则，即使是最基础的数据过滤器也能轻易识别它们。因此，清洁标签攻击的概念应运而生，这种攻击因其无需改变注入数据的标签而更具危险性。据我们所知，现有清洁标签后门攻击大多依赖于对整个训练集或其部分的理解。然而，实践中攻击者极难获取此类信息，因为训练数据集通常来自多个独立来源。与当前所有清洁标签攻击不同，我们提出了一种名为"毒箭蛙"的新型清洁标签方法。毒箭蛙无需访问任何训练数据，仅需知晓攻击目标类别（如"青蛙"）。在CIFAR10、Tiny-ImageNet和TSRD数据集上，分别仅需训练集规模0.1%、0.025%和0.4%的投毒率，毒箭蛙相较于LC、HTBA、BadNets和Blend方法均实现了高攻击成功率。此外，与最先进攻击方法NARCISSUS相比，毒箭蛙在无需任何训练数据的情况下达到了相似的攻击成功率。最后，我们证明了四种典型后门防御算法难以有效抵御毒箭蛙攻击。