Backdoor attacks, representing an emerging threat to the integrity of deep neural networks, have garnered significant attention due to their ability to compromise deep learning systems clandestinely. While numerous backdoor attacks occur within the digital realm, their practical implementation in real-world prediction systems remains limited and vulnerable to disturbances in the physical world. Consequently, this limitation has given rise to the development of physical backdoor attacks, where trigger objects manifest as physical entities within the real world. However, creating the requisite dataset to train or evaluate a physical backdoor model is a daunting task, limiting the backdoor researchers and practitioners from studying such physical attack scenarios. This paper unleashes a recipe that empowers backdoor researchers to effortlessly create a malicious, physical backdoor dataset based on advances in generative modeling. Particularly, this recipe involves 3 automatic modules: suggesting the suitable physical triggers, generating the poisoned candidate samples (either by synthesizing new samples or editing existing clean samples), and finally refining for the most plausible ones. As such, it effectively mitigates the perceived complexity associated with creating a physical backdoor dataset, transforming it from a daunting task into an attainable objective. Extensive experiment results show that datasets created by our "recipe" enable adversaries to achieve an impressive attack success rate on real physical world data and exhibit similar properties compared to previous physical backdoor attack studies. This paper offers researchers a valuable toolkit for studies of physical backdoors, all within the confines of their laboratories.

翻译：后门攻击作为深度神经网络完整性面临的新兴威胁，因其能够隐蔽地破坏深度学习系统而备受关注。尽管大量后门攻击发生在数字领域，但在现实世界预测系统中的实际应用仍存在局限性，且易受物理世界干扰。这一局限催生了物理后门攻击的发展——在这种攻击中，触发器对象以物理实体的形式存在于现实世界。然而，创建用于训练或评估物理后门模型所需的数据集是一项艰巨任务，限制了后门研究人员和从业者对这类物理攻击场景的研究。本文提出了一种方法，使后门研究者能够基于生成式模型的进展，轻松创建恶意的物理后门数据集。具体而言，该方法包含三个自动化模块：建议合适的物理触发器、生成中毒候选样本（通过合成新样本或编辑现有干净样本），以及最终筛选最逼真的样本。由此，该方法有效降低了创建物理后门数据集的感知复杂度，将其从艰巨任务转化为可实现的目标。大量实验结果表明，通过我们的"方法"创建的数据集使攻击者能够在真实物理世界数据上获得显著攻击成功率，并且与以往物理后门攻击研究相比展现出相似特性。本文为研究人员在实验室环境中研究物理后门提供了宝贵的工具集。