This work proposes a novel backdoor attack based on graph convolutional networks that overcomes the limitations of existing universal attacks, which typically rely on visually salient triggers that are easily detectable and lack scalability. By modeling semantic relationships among target classes, the method generates imperceptible perturbations capable of simultaneously controlling multiple target labels. A dual-objective optimization loss jointly maximizes perceptual similarity—measured by metrics such as PSNR—and attack success rate. Evaluated on ImageNet-1K, the approach achieves a remarkable 91.3% attack success rate with only a 0.16% poisoning ratio, while preserving the model’s clean accuracy and evading state-of-the-art defense mechanisms. This study presents the first universal backdoor attack that simultaneously achieves high stealthiness and multi-target controllability, effectively transcending the constraints imposed by traditional visible triggers.

Backdoor attacks pose a critical threat to the security of deep neural networks, yet existing efforts on universal backdoors often rely on visually salient patterns, making them easier to detect and less practical at scale. In this work, we introduce a novel imperceptible universal backdoor attack that simultaneously controls all target classes with minimal poisoning while preserving stealth. Our key idea is to leverage graph convolutional networks (GCNs) to model inter-class relationships and generate class-specific perturbations that are both effective and visually invisible. The proposed framework optimizes a dual-objective loss that balances stealthiness (measured by perceptual similarity metrics such as PSNR) and attack success rate (ASR), enabling scalable, multi-target backdoor injection. Extensive experiments on ImageNet-1K with ResNet architectures demonstrate that our method achieves high ASR (up to 91.3%) under poisoning rates as low as 0.16%, while maintaining benign accuracy and evading state-of-the-art defenses. These results highlight the emerging risks of invisible universal backdoors and call for more robust detection and mitigation strategies.