Abstract
Machine unlearning enables a well-trained model to forget certain samples in the training set while keeping its performance on the remaining samples. Existing algorithms based on decision boundary require generating adversarial samples in input space in order to obtain the nearest but incorrect class labels. However, due to the nonlinearity of the decision boundary in input space, multiple iterations are needed to generate the adversarial samples, and the generated adversarial samples are affected by the bound of noise in adversarial attack, which greatly limits the speed and efficiency of unlearning. In this paper, a machine unlearning method with affine hyperplane shifting and maintaining is proposed for image classification, in which the nearest but incorrect class labels are directly obtained with the distance from the point to the hyperplane without generating adversarial samples for boundary shifting. Moreover, knowledge distillation is leveraged for boundary maintenance. Specifically, the output of the original model is decoupled into remaining class logits and forgetting class logits, and the remaining class logits is utilized to guide the unlearn model to avoid catastrophic forgetting. Our experimental results on CIFAR-10 and VGGFace2 have demonstrated that the proposed method is very close to the retrained model in terms of classification accuracy and privacy guarantee, and is about 4 times faster than Boundary Shrink.
This is a preview of subscription content, log in via an institution to check access.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Similar content being viewed by others
References
Baumhauer, T., Schöttle, P., Zeppelzauer, M.: Machine unlearning: linear filtration for logit-based classifiers. Mach. Learn. 111(9), 3203–3226 (2022)
Bourtoule, L., et al.: Machine unlearning. In: 2021 IEEE Symposium on Security and Privacy, pp. 141–159 (2021)
Cao, Q., Shen, L., Xie, W., Parkhi, O.M., Zisserman, A.: VGGFace2: a dataset for recognising faces across pose and age. In: 2018 13th IEEE International Conference on Automatic Face & Gesture Recognition, pp. 67–74 (2018)
Chen, M., Gao, W., Liu, G., Peng, K., Wang, C.: Boundary unlearning: rapid forgetting of deep networks via shifting the decision boundary. In: Proceedings of the IEEE/CVF Conference on Computer Vision and Pattern Recognition, pp. 7766–7775 (2023)
Fredrikson, M., Jha, S., Ristenpart, T.: Model inversion attacks that exploit confidence information and basic countermeasures. In: Proceedings of the 22nd ACM SIGSAC Conference on Computer and Communications Security, pp. 1322–1333 (2015)
Golatkar, A., Achille, A., Soatto, S.: Eternal sunshine of the spotless net: selective forgetting in deep networks. In: Proceedings of the IEEE/CVF Conference on Computer Vision and Pattern Recognition, pp. 9304–9312 (2020)
Graves, L., Nagisetty, V., Ganesh, V.: Amnesiac machine learning. In: Proceedings of the AAAI Conference on Artificial Intelligence, pp. 11516–11524 (2021)
He, K., Zhang, X., Ren, S., Sun, J.: Deep residual learning for image recognition. In: Proceedings of the IEEE Conference on Computer Vision and Pattern Recognition, pp. 770–778 (2016)
Hinton, G.E., Vinyals, O., Dean, J.: Distilling the knowledge in a neural network. arXiv preprint arXiv:1503.02531 (2015)
Li, K., Yu, R., Wang, Z., Yuan, L., Song, G., Chen, J.: Locality guidance for improving vision transformers on tiny datasets. In: Avidan, S., Brostow, G., Cissé, M., Farinella, G.M., Hassner, T. (eds.) ECCV 2022. LNCS, vol. 13684, pp. 110–127. Springer, Cham (2022). https://doi.org/10.1007/978-3-031-20053-3_7
Li, Z., Hoiem, D.: Learning without forgetting. IEEE Trans. Pattern Anal. Mach. Intell. 40(12), 2935–2947 (2017)
Moosavi-Dezfooli, S.M., Fawzi, A., Frossard, P.: DeepFool: a simple and accurate method to fool deep neural networks. In: Proceedings of the IEEE Conference on Computer Vision and Pattern Recognition, pp. 2574–2582 (2016)
Pardau, S.L.: The California consumer privacy act: towards a European-style privacy regime in the united states. J. Tech. L. Pol’y 23, 68 (2018)
Rosenberg, I., Shabtai, A., Elovici, Y., Rokach, L.: Adversarial machine learning attacks and defense methods in the cyber security domain. ACM Comput. Surv. (CSUR) 54(5), 1–36 (2021)
Shokri, R., Stronati, M., Song, C., Shmatikov, V.: Membership inference attacks against machine learning models. In: 2017 IEEE Symposium on Security and Privacy, pp. 3–18 (2017)
Springenberg, J.T., Dosovitskiy, A., Brox, T., Riedmiller, M.: Striving for simplicity: the all convolutional net. arXiv preprint arXiv:1412.6806 (2014)
Tarun, A.K., Chundawat, V.S., Mandal, M., Kankanhalli, M.: Fast yet effective machine unlearning. IEEE Trans. Neural Netw. Learn. Syst. 1–10 (2023)
Voigt, P., Von dem Bussche, A.: The EU general data protection regulation (GDPR). In: A Practical Guide, 1st Ed., vol. 10(3152676), pp. 10–5555. Springer, Cham (2017)
Xu, H., Li, Y., Jin, W., Tang, J.: Adversarial attacks and defenses: frontiers, advances and practice. In: Proceedings of the 26th ACM SIGKDD International Conference on Knowledge Discovery & Data Mining, pp. 3541–3542 (2020)
Zhao, B., Cui, Q., Song, R., Qiu, Y., Liang, J.: Decoupled knowledge distillation. In: Proceedings of the IEEE/CVF Conference on Computer Vision and Pattern Recognition, pp. 11953–11962 (2022)
Acknowledgement
This work is supported by the Nature Science Foundation of China under Grant 62006007.
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2024 The Author(s), under exclusive license to Springer Nature Singapore Pte Ltd.
About this paper
Cite this paper
Liu, M., Luo, G., Zhu, Y. (2024). Machine Unlearning with Affine Hyperplane Shifting and Maintaining for Image Classification. In: Luo, B., Cheng, L., Wu, ZG., Li, H., Li, C. (eds) Neural Information Processing. ICONIP 2023. Communications in Computer and Information Science, vol 1967. Springer, Singapore. https://doi.org/10.1007/978-981-99-8178-6_17
Download citation
DOI: https://doi.org/10.1007/978-981-99-8178-6_17
Published:
Publisher Name: Springer, Singapore
Print ISBN: 978-981-99-8177-9
Online ISBN: 978-981-99-8178-6
eBook Packages: Computer ScienceComputer Science (R0)