Poisoning efficiency is a crucial factor in poisoning-based backdoor attacks. Attackers prefer to use as few poisoned samples as possible to achieve the same level of attack strength, in order to remain undetected. Efficient triggers have significantly improved poisoning efficiency, but there is still room for improvement. Recently, selecting efficient samples has shown promise, but it requires a proxy backdoor injection task to find an efficient poisoned sample set, which can lead to performance degradation if the proxy attack settings are different from the actual settings used by the victims. In this paper, we propose a novel Proxy-Free Strategy (PFS) that selects efficient poisoned samples based on individual similarity and set diversity, effectively addressing this issue. We evaluate the proposed strategy on several datasets, triggers, poisoning ratios, architectures, and training hyperparameters. Our experimental results demonstrate that PFS achieves higher backdoor attack strength while x500 faster than previous proxy-based selection approaches.

翻译：中毒效率是基于投毒的后门攻击中的关键因素。攻击者倾向于使用尽可能少的投毒样本来实现相同的攻击强度，以保持隐蔽。高效触发器已显著提升中毒效率，但仍有改进空间。近年来，选择高效样本展现出潜力，但需要借助代理后门注入任务来寻找高效的投毒样本集，若代理攻击设置与受害者实际使用的设置不同，则可能导致性能下降。本文提出了一种新颖的无代理策略（PFS），该策略基于个体相似性和集合多样性选择高效投毒样本，有效解决了上述问题。我们在多个数据集、触发器、投毒比率、架构和训练超参数上评估了所提策略。实验结果表明，PFS实现了更高的后门攻击强度，同时比先前的基于代理的选择方法快500倍。