无需触发器与辅助数据集的模型后门攻击

With the rapid deployment of deep neural networks (DNNs) across critical application domains, backdoor attacks have emerged as a significant security threat. However, most existing methods rely on access to the target model's original training data and require explicit triggers to activate malicious behavior, which limits their practicality and compromises stealth.This paper proposes a novel trigger-free and data-free backdoor attack framework that enhances both the practicality and concealment of attacks. Our approach leverages a fine-tuning strategy to embed the semantics of malicious data into the feature space of an attacker-specified target class, enabling adversarial samples to be misclassified consistently without any visible trigger.To preserve the model's performance on clean inputs, we incorporate a knowledge distillation mechanism in place of the original training data and design an elastic weight consolidation-based parameter importance estimation method to guide the injection process.Extensive experiments conducted on three real-world benchmark datasets demonstrate the effectiveness, stealthiness, and real-world feasibility of the proposed method. Additionally, we explore the potential of auxiliary data and model inversion techniques in further enhancing attack success.