In the domain of backdoor attacks, accurate labeling of injected data is essential for evading rudimentary detection mechanisms. This imperative has catalyzed the development of clean-label attacks, which are notably more elusive as they preserve the original labels of the injected data. Current clean-label attack methodologies primarily depend on extensive knowledge of the training dataset. However, practically, such comprehensive dataset access is often unattainable, given that training datasets are typically compiled from various independent sources. Departing from conventional clean-label attack methodologies, our research introduces DFB, a data-free, low-budget, and high-efficacy clean-label backdoor Attack. DFB is unique in its independence from training data access, requiring solely the knowledge of a specific target class. Tested on CIFAR10, Tiny-ImageNet, and TSRD, DFB demonstrates remarkable efficacy with minimal poisoning rates of just 0.1%, 0.025%, and 0.4%, respectively. These rates are significantly lower than those required by existing methods such as LC, HTBA, BadNets, and Blend, yet DFB achieves superior attack success rates. Furthermore, our findings reveal that DFB poses a formidable challenge to four established backdoor defense algorithms, indicating its potential as a robust tool in advanced clean-label attack strategies.

翻译：在后门攻击领域中，注入数据的准确标注对于规避初级检测机制至关重要。这一需求催生了干净标签攻击的发展，此类攻击因保留注入数据的原始标签而更具隐蔽性。当前主流的干净标签攻击方法主要依赖对训练数据集的全面了解。然而在实践中，由于训练数据集通常由多个独立来源汇编而成，这种全面的数据集访问往往难以实现。与现有干净标签攻击方法不同，本研究提出了DFB——一种无数据、低预算、高效益的干净标签后门攻击。DFB的独特性在于其无需访问训练数据，仅需知道特定目标类别即可实施攻击。在CIFAR10、Tiny-ImageNet和TSRD上的测试表明，DFB分别仅需0.1%、0.025%和0.4%的极低投毒率即可展现显著效能，这些比率远低于LC、HTBA、BadNets和Blend等现有方法的需求，却实现了更高的攻击成功率。此外，我们的研究发现DFB对四种主流后门防御算法构成了严峻挑战，彰显其作为先进干净标签攻击策略中稳健工具的潜力。