PulsePoison Backdoor: A Stealthy Data Poisoning Attack Against Dataset Distillation

Deep neural networks (DNNs) have achieved remarkable performance in various domains but rely heavily on large-scale, high-quality datasets, resulting in substantial storage, computation, and energy costs. Dataset distillation has been introduced as a promising technique that condenses large-scale datasets into smaller synthetic counterparts while still maintaining model accuracy, making it especially valuable in resource-limited environments. Currently, dataset distillation still faces significant security risks—even in some scenarios where the attacker can only control the original training data and cannot interfere with the distillation process, attacks remain possible. However, existing backdoor attacks in this scenario often fail because triggers can be removed or become obvious during distillation. Towards this end, we propose PulsePoison Backdoor (PPB), a poisoning-based attack leveraging Gaussian pulse noise as an implicit trigger. PPB stealthily embeds triggers via linear superposition into luminance channels of clean samples, without interfering with the distillation pipeline. This design ensures that triggers survive the distillation process while remaining visually benign in both pre- and post-distillation data. Experiments with standard benchmarks and dataset distillation techniques demonstrate that PPB achieves high attack success with negligible impact on benign performance and remains effective against common data enhancement-based defenses, outperforming existing backdoor strategies in both stealthiness and robustness.