Learn What You Want to Unlearn: Unlearning Inversion Attacks against Machine Unlearning
Hongsheng Hu, Shuo Wang, Tian Dong, Minhui Xue
IEEE Symposium on Security and Privacy 2024 · Day 3 · Continental Ballroom 4
The proliferation of machine learning (ML) models in virtually every sector of society has brought forth a critical challenge: the "right to be forgotten" and the need for data deletion. Machine unlearning (MU) has emerged as a promising paradigm to address this, aiming to remove the influence of specific training data points from a trained model without retraining it from scratch. However, this talk, "Learn What You Want to Unlearn: Unlearning Inversion Attacks against Machine Unlearning," presented by Hongsheng Hu and his co-authors at IEEE S&P, unveils a significant and previously underexplored privacy vulnerability within the machine unlearning process itself.
AI review
This research unveils a critical and novel privacy vulnerability in machine unlearning, demonstrating how an adversary can reconstruct sensitive features or labels of unlearned data by exploiting the difference between original and unlearned models. The work is a wake-up call, exposing that current MU methods, including proposed defenses, offer insufficient privacy guarantees and necessitates a fundamental re-evaluation of unlearning mechanisms.