Towards Unveiling Predictive Uncertainty Vulnerabilities in the Context of the Right to Be Forgotten
This work addresses a security gap in machine unlearning for privacy-sensitive applications, highlighting a novel vulnerability that could impact users relying on predictive uncertainty in AI systems.
The paper tackles the vulnerability of predictive uncertainty quantification methods to malicious unlearning attacks, showing that these attacks can manipulate uncertainty results more effectively than traditional label-based attacks and that current defenses are ineffective.
Currently, various uncertainty quantification methods have been proposed to provide certainty and probability estimates for deep learning models' label predictions. Meanwhile, with the growing demand for the right to be forgotten, machine unlearning has been extensively studied as a means to remove the impact of requested sensitive data from a pre-trained model without retraining the model from scratch. However, the vulnerabilities of such generated predictive uncertainties with regard to dedicated malicious unlearning attacks remain unexplored. To bridge this gap, for the first time, we propose a new class of malicious unlearning attacks against predictive uncertainties, where the adversary aims to cause the desired manipulations of specific predictive uncertainty results. We also design novel optimization frameworks for our attacks and conduct extensive experiments, including black-box scenarios. Notably, our extensive experiments show that our attacks are more effective in manipulating predictive uncertainties than traditional attacks that focus on label misclassifications, and existing defenses against conventional attacks are ineffective against our attacks.