Go to ICLR 2026 Conference homepageLearnability and Privacy Vulnerability are Entangled in a Few Critical Weights
Keywords: Privacy, Generalizability, Weights Rewinding, Fine-Tuning
Abstract: Prior approaches for membership privacy preservation usually update or retrain all weights in neural networks, which is costly and can lead to unnecessary utility loss or even more serious misalignment in predictions between training data and non-training data. In this paper, we empirically show that only a very small number of weights are liable to membership privacy vulnerability. However, we also identify that those neurons are not only liable to membership privacy breach but also contribute to generalizability. According to these insights, to preserve privacy, instead of discarding those neurons, we rewind only the weights for fine-tuning. We show that through extensive experiments, this mechanism, plugged into other approaches, shows enhanced resilience against Membership Inference Attacks while maintaining utility.
Primary Area: alignment, fairness, safety, privacy, and societal considerations
Submission Number: 625
Loading