Efficient Availability Attacks against Supervised and Contrastive Learning Simultaneously
This addresses data protection risks for private and commercial datasets by providing a more robust defense against malicious data collectors, though it is incremental as it builds on existing error minimization frameworks.
The paper tackles the problem of protecting private data from unauthorized use by developing availability attacks that are effective against both supervised and contrastive learning algorithms, achieving state-of-the-art worst-case unlearnability with reduced computational costs.
Availability attacks can prevent the unauthorized use of private data and commercial datasets by generating imperceptible noise and making unlearnable examples before release. Ideally, the obtained unlearnability prevents algorithms from training usable models. When supervised learning (SL) algorithms have failed, a malicious data collector possibly resorts to contrastive learning (CL) algorithms to bypass the protection. Through evaluation, we have found that most of the existing methods are unable to achieve both supervised and contrastive unlearnability, which poses risks to data protection. Different from recent methods based on contrastive error minimization, we employ contrastive-like data augmentations in supervised error minimization or maximization frameworks to obtain attacks effective for both SL and CL. Our proposed AUE and AAP attacks achieve state-of-the-art worst-case unlearnability across SL and CL algorithms with less computation consumption, showcasing prospects in real-world applications.