Deep learning has seen remarkable advancements and gained widespread adoption, while there are significant concerns about its potential misuse, including generating unsafe content, violating privacy and copyright, and perpetuating social bias. A crucial approach to mitigating these risks is machine unlearning, a technique that allows machine learning models to forget specific data and its effects. However, existing studies have found that there are risks of misuse in the unlearning process, and inappropriate or excessive unlearning can significantly corrupt the performance of models. In this paper, we conduct an in-depth analysis of the target parameter updating mechanism and potential security vulnerabilities in the unlearning process. We propose an attack strategy that combines anti-sample techniques with entropy loss optimization, proposing a data poisoning attack method named PAMUS (Poisoning Attack for Machine Unlearning Scenarios). This method reduces the model performance by increasing the impact on model parameters during unlearning. We conduct extensive experiments in both gray-box and white-box scenarios. The results demonstrate that our method reduces accuracy by 8.34%, compared to only a 4.56% reduction with traditional methods. Our approach significantly reduces the classification accuracy of the Logistic Regression model by 8.34% and the Logistic2NN model by 7.98%. Our insights provide new perspectives on optimizing attack methods and offer valuable references for future research focused on protecting privacy and enhancing model security.

错误:搜索内容不能为空,请输入英文关键词
错误:关键词超出字数限制,请精简
高级检索

PAMUS: An Entropy-Loss-Based Poisoning Attack for Undermining Machine Unlearning

  • Xudong Jiang,
  • Yuhang Ma,
  • Wei Xu,
  • Jiahui Wen

摘要

Deep learning has seen remarkable advancements and gained widespread adoption, while there are significant concerns about its potential misuse, including generating unsafe content, violating privacy and copyright, and perpetuating social bias. A crucial approach to mitigating these risks is machine unlearning, a technique that allows machine learning models to forget specific data and its effects. However, existing studies have found that there are risks of misuse in the unlearning process, and inappropriate or excessive unlearning can significantly corrupt the performance of models. In this paper, we conduct an in-depth analysis of the target parameter updating mechanism and potential security vulnerabilities in the unlearning process. We propose an attack strategy that combines anti-sample techniques with entropy loss optimization, proposing a data poisoning attack method named PAMUS (Poisoning Attack for Machine Unlearning Scenarios). This method reduces the model performance by increasing the impact on model parameters during unlearning. We conduct extensive experiments in both gray-box and white-box scenarios. The results demonstrate that our method reduces accuracy by 8.34%, compared to only a 4.56% reduction with traditional methods. Our approach significantly reduces the classification accuracy of the Logistic Regression model by 8.34% and the Logistic2NN model by 7.98%. Our insights provide new perspectives on optimizing attack methods and offer valuable references for future research focused on protecting privacy and enhancing model security.