TL;DR
InkDrop introduces a novel backdoor attack on dataset condensation that is highly stealthy, effective, and preserves model utility, exploiting decision boundary uncertainties to embed malicious patterns.
Contribution
The paper presents InkDrop, a new method for stealthy backdoor attacks on dataset condensation that maintains attack effectiveness and model utility while minimizing detectability.
Findings
InkDrop successfully embeds backdoors with high stealthiness.
The attack preserves model performance on clean data.
Experiments show robustness across diverse datasets.
Abstract
Dataset Condensation (DC) is a data-efficient learning paradigm that synthesizes small yet informative datasets, enabling models to match the performance of full-data training. However, recent work exposes a critical vulnerability of DC to backdoor attacks, where malicious patterns (\textit{e.g.}, triggers) are implanted into the condensation dataset, inducing targeted misclassification on specific inputs. Existing attacks always prioritize attack effectiveness and model utility, overlooking the crucial dimension of stealthiness. To bridge this gap, we propose InkDrop, which enhances the imperceptibility of malicious manipulation without degrading attack effectiveness and model utility. InkDrop leverages the inherent uncertainty near model decision boundaries, where minor input perturbations can induce semantic shifts, to construct a stealthy and effective backdoor attack. Specifically,…
Peer Reviews
No public reviews on file for this paper yet. If you reviewed it on a platform where reviews are public (OpenReview, ICLR, NeurIPS, ICML), you can paste yours below so the community can read it here.
Code & Models
Videos
No videos yet. Explain this paper in a talk, walkthrough, or lecture? Add one.
