This project explores Machine Unlearning techniques to mitigate Membership Inference Attacks (MIA) on deep learning models. We evaluate the impact of unlearning on privacy and model performance using ResNet-18 trained on CIFAR-10. Our approach aims to remove sensitive data efficiently while preserving model accuracy and robustness.
- Train a ResNet-18 model on CIFAR-10.
- Evaluate pre-trained model performance on test and forget sets.
- Apply machine unlearning via fine-tuning and re-training.
- Measure accuracy degradation and MIA resistance post-unlearning.
- Compare attack success rates before and after unlearning.
Run the project using Google Colab: Colab Notebook
We use CIFAR-10, a dataset of 60,000 32x32 color images across 10 classes.
Below are some images from the CIFAR-10 dataset:
- Train Set Accuracy: 99.5%
- Test Set Accuracy: 88.3%
- Retain Set Accuracy: 98.5%
- Test Set Accuracy: 84.0%
- Retain Set Accuracy: 99.5%
- Forget Set Accuracy: 88.2%
The following histograms show the loss distributions before and after unlearning, along with the attack accuracy of the Membership Inference Attack (MIA).
- Pre-trained models are highly vulnerable to MIA, with an attack accuracy of 0.58.
- Unlearning reduces attack accuracy, making it harder to infer whether a sample was in the training set.
- Fine-tuning reduces attack accuracy to 0.51, but it still retains some information from the forget set.
- Retraining from scratch offers the best defense, dropping attack accuracy to 0.50 while maintaining overall model performance.
- Trade-off between privacy and accuracy: Unlearning slightly reduces test accuracy but significantly enhances privacy.
- Privacy-Preserving AI: Helps organizations comply with privacy regulations like GDPR and CCPA by allowing selective data removal.
- Secure Federated Learning: Ensures user data can be removed without retraining models from scratch.
- Medical AI: Protects sensitive patient data by enabling unlearning in healthcare models.
- Financial Fraud Detection: Helps maintain privacy in banking models while preventing membership inference attacks.
- Enhancing efficiency: Developing faster unlearning methods to reduce computational costs.
- Unlearning in Transfer Learning: Investigating how unlearning affects pre-trained large models.
- Adversarial Robustness: Exploring the impact of unlearning on adversarial defenses.
- Theoretical Foundations: Strengthening the mathematical guarantees of unlearning in deep networks.
- Dynamic Model Updates: Integrating unlearning methods with models that undergo continuous training.
- Unlearning reduces MIA attack accuracy, improving privacy protection.
- Retraining is more effective than fine-tuning in mitigating MIA.
- Minimal accuracy degradation is observed post-unlearning.
We acknowledge the contributions of researchers in privacy-preserving machine learning and the open-source community for providing datasets and pre-trained models.