ZIUM: Zero-Shot Intent-Aware Adversarial Attack on Unlearned Models
This addresses security risks in machine unlearning for privacy-sensitive applications, but it is incremental as it builds on existing adversarial attack methods.
The paper tackles the problem of adversarial attacks on machine unlearning models, where attackers can generate content containing removed concepts, and proposes ZIUM, a zero-shot intent-aware method that customizes attack images based on user intent and reduces attack time, achieving a superior attack success rate compared to existing methods.
Machine unlearning (MU) removes specific data points or concepts from deep learning models to enhance privacy and prevent sensitive content generation. Adversarial prompts can exploit unlearned models to generate content containing removed concepts, posing a significant security risk. However, existing adversarial attack methods still face challenges in generating content that aligns with an attacker's intent while incurring high computational costs to identify successful prompts. To address these challenges, we propose ZIUM, a Zero-shot Intent-aware adversarial attack on Unlearned Models, which enables the flexible customization of target attack images to reflect an attacker's intent. Additionally, ZIUM supports zero-shot adversarial attacks without requiring further optimization for previously attacked unlearned concepts. The evaluation across various MU scenarios demonstrated ZIUM's effectiveness in successfully customizing content based on user-intent prompts while achieving a superior attack success rate compared to existing methods. Moreover, its zero-shot adversarial attack significantly reduces the attack time for previously attacked unlearned concepts.