联邦学习（FL）容易受到定向投毒攻击的威胁，这种攻击旨在特定地导致源类别到目标类别的误分类。然而，利用已建立的防御框架，可以大大减轻这些攻击的投毒影响。我们引入了一种广义的预训练阶段方法来增强针对FL的定向投毒攻击，称为BoTPA。其设计原理是利用所有数据点（包括源类和目标类之外的数据点）的模型更新贡献，构建一个放大器集合，在联邦学习训练过程之前伪造数据标签，以此来增强攻击效果。我们全面评估了BoTPA在各种定向投毒攻击下的有效性和兼容性。在数据投毒攻击下，我们的评估结果显示，与基线相比，BoTPA在不同源目标类别组合以及不同恶意客户端比例的情况下，实现了中位数相对攻击成功率提升（RI-ASR）介于15.3%至36.9%之间；在模型投毒攻击情境下，面对Krum和Multi-Krum防御时，BoTPA的RI-ASR范围为13.3%至94.7%，在Median防御下为2.6%至49.2%，在Flame防御下为2.9%至63.5%。

Federated Learning (FL) exposes vulnerabilities to targeted poisoning attacks that aim to cause misclassification specifically from the source class to the target class. However, using well-established defense frameworks, the poisoning impact of these attacks can be greatly mitigated. We introduce a generalized pre-training stage approach to Boost Targeted Poisoning Attacks against FL, called BoTPA. Its design rationale is to leverage the model update contributions of all data points, including ones outside of the source and target classes, to construct an Amplifier set, in which we falsify the data labels before the FL training process, as a means to boost attacks. We comprehensively evaluate the effectiveness and compatibility of BoTPA on various targeted poisoning attacks. Under data poisoning attacks, our evaluations reveal that BoTPA can achieve a median Relative Increase in Attack Success Rate (RI-ASR) between 15.3% and 36.9% across all possible source-target class combinations, with varying percentages of malicious clients, compared to its baseline. In the context of model poisoning, BoTPA attains RI-ASRs ranging from 13.3% to 94.7% in the presence of the Krum and Multi-Krum defenses, from 2.6% to 49.2% under the Median defense, and from 2.9% to 63.5% under the Flame defense.