To address the vulnerability of existing Topology Evolution Dynamics (TED)-based detection methods to adaptive backdoor attacks, this paper proposes TED-LaST, a robust defense framework. Methodologically, TED-LaST introduces three key innovations: (i) a novel label-supervised dynamical tracking mechanism that leverages ground-truth labels to guide topology evolution path modeling; (ii) an adaptive layer emphasis strategy that dynamically weights vulnerable network layers to enhance detection sensitivity; and (iii) a target-mapped enhanced adaptive attack paradigm, designed to rigorously stress-test and advance the adversarial boundary. Extensive experiments on CIFAR-10, GTSRB, and ImageNet100 demonstrate that TED-LaST achieves 12.7%–23.4% higher detection accuracy against Adap-Blend, Adapt-Patch, and newly proposed target-mapped adaptive attacks, substantially outperforming state-of-the-art methods and establishing the current strongest benchmark for robust backdoor detection.

Deep Neural Networks (DNNs) are vulnerable to backdoor attacks, where attackers implant hidden triggers during training to maliciously control model behavior. Topological Evolution Dynamics (TED) has recently emerged as a powerful tool for detecting backdoor attacks in DNNs. However, TED can be vulnerable to backdoor attacks that adaptively distort topological representation distributions across network layers. To address this limitation, we propose TED-LaST (Topological Evolution Dynamics against Laundry, Slow release, and Target mapping attack strategies), a novel defense strategy that enhances TED's robustness against adaptive attacks. TED-LaST introduces two key innovations: label-supervised dynamics tracking and adaptive layer emphasis. These enhancements enable the identification of stealthy threats that evade traditional TED-based defenses, even in cases of inseparability in topological space and subtle topological perturbations. We review and classify data poisoning tricks in state-of-the-art adaptive attacks and propose enhanced adaptive attack with target mapping, which can dynamically shift malicious tasks and fully leverage the stealthiness that adaptive attacks possess. Our comprehensive experiments on multiple datasets (CIFAR-10, GTSRB, and ImageNet100) and model architectures (ResNet20, ResNet101) show that TED-LaST effectively counteracts sophisticated backdoors like Adap-Blend, Adapt-Patch, and the proposed enhanced adaptive attack. TED-LaST sets a new benchmark for robust backdoor detection, substantially enhancing DNN security against evolving threats.