TL;DR
Sneakdoor is a novel backdoor attack against dataset condensation that enhances stealthiness by generating input-aware triggers, effectively balancing attack success, data integrity, and invisibility.
Contribution
It introduces Sneakdoor, a method that constructs input-aware triggers aligned with local features to improve stealthiness without reducing attack effectiveness.
Findings
Sneakdoor achieves high attack success rates across multiple datasets.
It significantly reduces visual and statistical detectability of backdoor triggers.
The approach maintains high clean test accuracy while embedding stealthy backdoors.
Abstract
Dataset condensation aims to synthesize compact yet informative datasets that retain the training efficacy of full-scale data, offering substantial gains in efficiency. Recent studies reveal that the condensation process can be vulnerable to backdoor attacks, where malicious triggers are injected into the condensation dataset, manipulating model behavior during inference. While prior approaches have made progress in balancing attack success rate and clean test accuracy, they often fall short in preserving stealthiness, especially in concealing the visual artifacts of condensed data or the perturbations introduced during inference. To address this challenge, we introduce Sneakdoor, which enhances stealthiness without compromising attack effectiveness. Sneakdoor exploits the inherent vulnerability of class decision boundaries and incorporates a generative module that constructs…
Peer Reviews
No public reviews on file for this paper yet. If you reviewed it on a platform where reviews are public (OpenReview, ICLR, NeurIPS, ICML), you can paste yours below so the community can read it here.
Code & Models
Videos
