Go to DBLP homepageUnlearning Attacks for Regression Learning
Abstract: Recently, the machine unlearning has emerged as a popular method for efficiently erasing the impact of personal data in machine learning (ML) models upon the data owner’s removal request. However, few studies take into consideration the security concerns that may exist in the unlearning process. In this article, we propose the first unlearning attack dubbed unlearning attack for regression learning (UnAR) to deliberately influence the predictive behavior of the target sample against regression learning models. The central concept of UnAR revolves around misleading the regression model into erasing the information associated with the influential samples for the target sample. Observing that the influential samples for target data are generally located far away from the regression plane, we thus propose two novel methods, known as influential sample selection (ISS) and influential sample unlearning (ISU), to identify and subsequently eliminate the lineage of the influential samples. By doing so, we can substantially introduce bias into the prediction pertaining to the target sample, yielding the deliberate manipulation for the user adversely. We extensively evaluate UnAR on five public datasets, and the experimental results indicate our attacks can achieve prediction deviations over 35% by unlearning only 0.5% data as the influential samples.
External IDs:dblp:journals/tnn/ChenSLWLSL25
Loading