Go to DBLP homepageConditional Matching GAN Guided Reconstruction Attack in Machine Unlearning
Abstract: Machine unlearning allows data owners to erase certain data and its impact from learning models for the right to be forgotten. However, privacy risks during the unlearning process have been identified. Earlier studies have used differences in model outputs before and after unlearning to conduct membership inference attacks. Nevertheless, the current attacks on machine unlearning are limited to inference and cannot reconstruct data without access to the victim's dataset. In this paper, we propose a reconstruction attack towards machine unlearning (RAU), which can reconstruct the unlearned data by exploiting the privacy leakage from the two models. To improve reconstruction quality, we propose a Conditional Matching Generative Adversarial Network (CMGAN), a novel variant of generative adversarial networks which introduces a reconstructive loss. Our work demonstrates the possible privacy leakage of current machine unlearning scenarios. Experimental results on MNIST and Fashion-MNIST show that the proposed attack achieves high label recovery accuracy and good data recovery performance.
Loading