This paper addresses the fundamental trade-off between attack success rate (ASR) and stealth in clean-label backdoor attacks. To resolve this, we propose a bidirectional co-design framework jointly optimizing sample selection and trigger generation. Methodologically, we introduce the first unified component architecture integrating: (i) hard-sample filtering based on trigger scale, (ii) similarity-guided benign sample selection, and (iii) RGB-sensitivity-aware trigger intensity redistribution—all operating solely via data poisoning without label modification. Our approach significantly improves both ASR and visual/statistical stealth while maintaining strong generalizability: it is modular, plug-and-play, and compatible with diverse backdoor attack pipelines. Experimental results demonstrate state-of-the-art performance in balancing efficacy and inconspicuousness, establishing a new paradigm for lightweight, robust, and highly stealthy backdoor attacks.

Poison-only Clean-label Backdoor Attacks aim to covertly inject attacker-desired behavior into DNNs by merely poisoning the dataset without changing the labels. To effectively implant a backdoor, multiple extbf{triggers} are proposed for various attack requirements of Attack Success Rate (ASR) and stealthiness. Additionally, sample selection enhances clean-label backdoor attacks' ASR by meticulously selecting ``hard'' samples instead of random samples to poison. Current methods 1) usually handle the sample selection and triggers in isolation, leading to severely limited improvements on both ASR and stealthiness. Consequently, attacks exhibit unsatisfactory performance on evaluation metrics when converted to PCBAs via a mere stacking of methods. Therefore, we seek to explore the bidirectional collaborative relations between the sample selection and triggers to address the above dilemma. 2) Since the strong specificity within triggers, the simple combination of sample selection and triggers fails to substantially enhance both evaluation metrics, with generalization preserved among various attacks. Therefore, we seek to propose a set of components to significantly improve both stealthiness and ASR based on the commonalities of attacks. Specifically, Component A ascertains two critical selection factors, and then makes them an appropriate combination based on the trigger scale to select more reasonable ``hard'' samples for improving ASR. Component B is proposed to select samples with similarities to relevant trigger implanted samples to promote stealthiness. Component C reassigns trigger poisoning intensity on RGB colors through distinct sensitivity of the human visual system to RGB for higher ASR, with stealthiness ensured by sample selection, including Component B. Furthermore, all components can be strategically integrated into diverse PCBAs.