Adaptive Backdoor Attacks Against Dataset Distillation for Federated Learning

Dataset distillation is utilized to condense large datasets into smaller synthetic counterparts, effectively reducing their size while preserving their crucial characteristics. In Federated Learning (FL) scenarios, where individual devices or servers often lack substantial computational power or storage capacity, the use of dataset distillation becomes particularly advantageous for processing large volumes of data efficiently. Current research in dataset distillation for FL has primarily focused on enhancing accuracy and reducing communication complexity, but it has largely neglected the potential risk of backdoor attacks. To solve this issue, in this paper, we propose three adaptive dataset condensation based backdoor attacks against dataset distillation for FL. Adaptive attacks in dataset distillation for FL dynamically modify triggers during the training process. These triggers, embedded in the synthetic data, are designed to bypass traditional security detection. Moreover, these attacks employ self-adaptive perturbations to effectively respond to variations in the model's parameters. Experimental results show that the proposed adaptive attacks achieve at least 5.87% higher success rates, while maintaining almost the same clean test accuracy, compared to three benchmark methods.