InkDrop: Invisible Backdoor Attacks Against Dataset Condensation

View PDF HTML (experimental)

Abstract:Dataset Condensation (DC) is a data-efficient learning paradigm that synthesizes small yet informative datasets, enabling models to match the performance of full-data training. However, recent work exposes a critical vulnerability of DC to backdoor attacks, where malicious patterns (\textit{e.g.}, triggers) are implanted into the condensation dataset, inducing targeted misclassification on specific inputs. Existing attacks always prioritize attack effectiveness and model utility, overlooking the crucial dimension of stealthiness. To bridge this gap, we propose InkDrop, which enhances the imperceptibility of malicious manipulation without degrading attack effectiveness and model utility. InkDrop leverages the inherent uncertainty near model decision boundaries, where minor input perturbations can induce semantic shifts, to construct a stealthy and effective backdoor attack. Specifically, InkDrop first selects candidate samples near the target decision boundary that exhibit latent semantic affinity to the target class. It then learns instance-dependent perturbations constrained by perceptual and spatial consistency, embedding targeted malicious behavior into the condensed dataset. Extensive experiments across diverse datasets validate the overall effectiveness of InkDrop, demonstrating its ability to integrate adversarial intent into condensed datasets while preserving model utility and minimizing detectability. Our code is available at this https URL.

Subjects:

Machine Learning (cs.LG)

Cite as: arXiv:2603.28092 [cs.LG]

(or arXiv:2603.28092v1 [cs.LG] for this version)

https://doi.org/10.48550/arXiv.2603.28092

arXiv-issued DOI via DataCite (pending registration)

Submission history

From: Dongyi Lv [view email] [v1] Mon, 30 Mar 2026 06:49:08 UTC (783 KB)