Backdoor attacks, representing an emerging threat to the integrity of deep neural networks, have garnered significant attention due to their ability to compromise deep learning systems clandestinely. While numerous backdoor attacks occur within the digital realm, their practical implementation in real-world prediction systems remains limited and vulnerable to disturbances in the physical world. Consequently, this limitation has given rise to the development of physical backdoor attacks, where trigger objects manifest as physical entities within the real world. However, creating the requisite dataset to train or evaluate a physical backdoor model is a daunting task, limiting the backdoor researchers and practitioners from studying such physical attack scenarios. This paper unleashes a recipe that empowers backdoor researchers to effortlessly create a malicious, physical backdoor dataset based on advances in generative modeling. Particularly, this recipe involves 3 automatic modules: suggesting the suitable physical triggers, generating the poisoned candidate samples (either by synthesizing new samples or editing existing clean samples), and finally refining for the most plausible ones. As such, it effectively mitigates the perceived complexity associated with creating a physical backdoor dataset, transforming it from a daunting task into an attainable objective. Extensive experiment results show that datasets created by our "recipe" enable adversaries to achieve an impressive attack success rate on real physical world data and exhibit similar properties compared to previous physical backdoor attack studies. This paper offers researchers a valuable toolkit for studies of physical backdoors, all within the confines of their laboratories.

翻译：后门攻击作为深度神经网络完整性面临的新兴威胁，因其隐蔽破坏深度学习系统的能力而备受关注。虽然大量后门攻击发生在数字领域，但它们在现实预测系统中的实际应用仍受限于物理世界扰动的影响。这一局限性催生了物理后门攻击的发展——其中触发器物体以物理实体的形式存在于真实世界中。然而，构建用于训练或评估物理后门模型的必要数据集是一项艰巨任务，限制了后门研究人员和从业者对这类物理攻击场景的探索。本文提出了一种简便方案，使后门研究人员能够基于生成式建模的进展轻松创建恶意的物理后门数据集。该方案包含三个自动化模块：建议合适的物理触发器、生成被污染的候选样本（通过合成新样本或编辑现有干净样本），以及最终筛选出最合理的样本。由此，它有效降低了创建物理后门数据集的感知复杂度，将其从艰巨任务转化为可实现目标。大量实验结果表明，通过本"方案"创建的数据集使攻击者能在真实物理世界数据上实现极高的攻击成功率，且与既往物理后门攻击研究展现出相似特性。本文为研究人员在实验室环境中研究物理后门提供了宝贵的工具集。