Deep neural networks (DNNs) can be manipulated to exhibit specific behaviors when exposed to specific trigger patterns, without affecting their performance on benign samples, dubbed \textit{backdoor attack}. Currently, implementing backdoor attacks in physical scenarios still faces significant challenges. Physical attacks are labor-intensive and time-consuming, and the triggers are selected in a manual and heuristic way. Moreover, expanding digital attacks to physical scenarios faces many challenges due to their sensitivity to visual distortions and the absence of counterparts in the real world. To address these challenges, we define a novel trigger called the \textbf{V}isible, \textbf{S}emantic, \textbf{S}ample-Specific, and \textbf{C}ompatible (VSSC) trigger, to achieve effective, stealthy and robust simultaneously, which can also be effectively deployed in the physical scenario using corresponding objects. To implement the VSSC trigger, we propose an automated pipeline comprising three modules: a trigger selection module that systematically identifies suitable triggers leveraging large language models, a trigger insertion module that employs generative models to seamlessly integrate triggers into images, and a quality assessment module that ensures the natural and successful insertion of triggers through vision-language models. Extensive experimental results and analysis validate the effectiveness, stealthiness, and robustness of the VSSC trigger. It can not only maintain robustness under visual distortions but also demonstrates strong practicality in the physical scenario. We hope that the proposed VSSC trigger and implementation approach could inspire future studies on designing more practical triggers in backdoor attacks.

翻译：深度神经网络（DNNs）可能被操纵，使其在接触特定触发模式时表现出特定行为，而不会影响其对良性样本的性能，这种现象被称为*后门攻击*。当前，在实际场景中实施后门攻击仍面临重大挑战。物理攻击既耗费人力又耗时，且触发器的选取依赖于人工试错法。此外，将数字攻击扩展到物理场景面临诸多困难，原因在于其对视觉畸变高度敏感，且现实中缺乏对应的实体。为解决这些挑战，我们定义了一种新型触发器——**可**见、**语**义、**样**本特定且**兼**容的（VSSC）触发器，旨在同时实现高效、隐蔽与鲁棒性，并能够通过相应物体有效部署于物理场景。为实施VSSC触发器，我们提出了一套自动化流程，包含三个模块：触发器选择模块，利用大语言模型系统性地识别合适触发器；触发器插入模块，采用生成式模型将触发器无缝集成至图像中；以及质量评估模块，通过视觉语言模型确保触发器自然且成功地嵌入。大量的实验结果与分析验证了VSSC触发器的有效性、隐蔽性与鲁棒性。该触发器不仅能维持对视觉畸变的鲁棒性，还在物理场景中展现出强大的实用性。我们期望所提出的VSSC触发器及其实现方法能启发未来后门攻击中更具实用性触发器的设计研究。