{"ID":2844027,"CreatedAt":"2026-06-01T04:54:23.091178241Z","UpdatedAt":"2026-06-01T04:54:23.091178241Z","DeletedAt":null,"paper_url":"https://arxiv.org/abs/2511.07210","arxiv_id":"2511.07210","title":"Breaking the Stealth-Potency Trade-off in Clean-Image Backdoors with Generative Trigger Optimization","abstract":"Clean-image backdoor attacks, which use only label manipulation in training datasets to compromise deep neural networks, pose a significant threat to security-critical applications. A critical flaw in existing methods is that the poison rate required for a successful attack induces a proportional, and thus noticeable, drop in Clean Accuracy (CA), undermining their stealthiness. This paper presents a new paradigm for clean-image attacks that minimizes this accuracy degradation by optimizing the trigger itself. We introduce Generative Clean-Image Backdoors (GCB), a framework that uses a conditional InfoGAN to identify naturally occurring image features that can serve as potent and stealthy triggers. By ensuring these triggers are easily separable from benign task-related features, GCB enables a victim model to learn the backdoor from an extremely small set of poisoned examples, resulting in a CA drop of less than 1%. Our experiments demonstrate GCB's remarkable versatility, successfully adapting to six datasets, five architectures, and four tasks, including the first demonstration of clean-image backdoors in regression and segmentation. GCB also exhibits resilience against most of the existing backdoor defenses.","short_abstract":"Clean-image backdoor attacks, which use only label manipulation in training datasets to compromise deep neural networks, pose a significant threat to security-critical applications. A critical flaw in existing methods is that the poison rate required for a successful attack induces a proportional, and thus noticeable,...","url_abs":"https://arxiv.org/abs/2511.07210","url_pdf":"https://arxiv.org/pdf/2511.07210v2","authors":"[\"Binyan Xu\",\"Fan Yang\",\"Di Tang\",\"Xilin Dai\",\"Kehuan Zhang\"]","published":"2025-11-10T15:37:44Z","proceeding":"cs.CV","tasks":"[\"cs.CV\",\"cs.CR\",\"cs.LG\"]","methods":"[\"Generative Adversarial Network\"]","has_code":false}