Re-thinking Data Availablity Attacks Against Deep Neural Networks
This work addresses privacy concerns for data owners by enhancing unlearnable examples to prevent unauthorized use in training machine learning models, though it appears incremental as it builds on existing concepts.
The paper tackles the problem of data availability attacks being ineffective against adversarial training by identifying an inaccurate optimization objective in existing methods and introducing a new optimization paradigm that improves protection results and reduces computational time.
The unauthorized use of personal data for commercial purposes and the clandestine acquisition of private data for training machine learning models continue to raise concerns. In response to these issues, researchers have proposed availability attacks that aim to render data unexploitable. However, many current attack methods are rendered ineffective by adversarial training. In this paper, we re-examine the concept of unlearnable examples and discern that the existing robust error-minimizing noise presents an inaccurate optimization objective. Building on these observations, we introduce a novel optimization paradigm that yields improved protection results with reduced computational time requirements. We have conducted extensive experiments to substantiate the soundness of our approach. Moreover, our method establishes a robust foundation for future research in this area.