Summary of Reconstruction Attacks on Machine Unlearning: Simple Models Are Vulnerable, by Martin Bertran et al.
Reconstruction Attacks on Machine Unlearning: Simple Models are Vulnerable
by Martin Bertran, Shuai Tang, Michael Kearns, Jamie Morgenstern, Aaron Roth, Zhiwei Steven Wu
First submitted to arxiv on: 30 May 2024
Categories
- Main: Machine Learning (cs.LG)
- Secondary: Cryptography and Security (cs.CR)
GrooveSquid.com Paper Summaries
GrooveSquid.com’s goal is to make artificial intelligence research accessible by summarizing AI papers in simpler terms. Each summary below covers the same AI paper, written at different levels of difficulty. The medium difficulty and low difficulty versions are original summaries written by GrooveSquid.com, while the high difficulty version is the paper’s original abstract. Feel free to learn from the version that suits you best!
| Summary difficulty | Written by | Summary |
|---|---|---|
| High | Paper authors | High Difficulty Summary Read the original abstract here |
| Medium | GrooveSquid.com (original content) | Medium Difficulty Summary Machine unlearning aims to enable data autonomy by allowing individuals to request removal of their influence on deployed models, which should be updated as if they were retrained without their data. Contrary to expectations, these updates expose individuals to high-accuracy reconstruction attacks that recover their deleted data with near-perfect accuracy, even for simple models. Our attack can successfully recover a deleted data point from linear regression models and generalize to other loss functions and architectures, demonstrating effectiveness across various datasets (tabular and image data). This work highlights significant privacy risks when individuals can request deletion of their data from the model. |
| Low | GrooveSquid.com (original content) | Low Difficulty Summary Machine unlearning is important because it allows people to control how their data affects computer models. This paper shows that even if someone asks a model to forget about them, they can still figure out what this person’s deleted data looked like. The attackers can do this by analyzing how the model behaves when it doesn’t know the deleted data. The researchers found that simple models are vulnerable to these attacks and showed how an attacker could recover almost all of a person’s deleted data from just one linear regression model. This shows that people’s privacy is at risk even if they think their data is forgotten. |
Keywords
» Artificial intelligence » Linear regression
