pith. sign in

arxiv: 2408.00929 · v2 · submitted 2024-08-01 · 💻 cs.LG · cs.CR

Verification of Machine Unlearning is Fragile

Binchi Zhang , Zihan Chen , Cong Shen , Jundong Li This is my paper
classification 💻 cs.LG cs.CR
keywords machineunlearningverificationdatamodelstrategiesprovidersbeen
0
0 comments X
read the original abstract

As privacy concerns escalate in the realm of machine learning, data owners now have the option to utilize machine unlearning to remove their data from machine learning models, following recent legislation. To enhance transparency in machine unlearning and avoid potential dishonesty by model providers, various verification strategies have been proposed. These strategies enable data owners to ascertain whether their target data has been effectively unlearned from the model. However, our understanding of the safety issues of machine unlearning verification remains nascent. In this paper, we explore the novel research question of whether model providers can circumvent verification strategies while retaining the information of data supposedly unlearned. Our investigation leads to a pessimistic answer: \textit{the verification of machine unlearning is fragile}. Specifically, we categorize the current verification strategies regarding potential dishonesty among model providers into two types. Subsequently, we introduce two novel adversarial unlearning processes capable of circumventing both types. We validate the efficacy of our methods through theoretical analysis and empirical experiments using real-world datasets. This study highlights the vulnerabilities and limitations in machine unlearning verification, paving the way for further research into the safety of machine unlearning.

This paper has not been read by Pith yet.

discussion (0)

Sign in with ORCID, Apple, or X to comment. Anyone can read and Pith papers without signing in.

Forward citations

Cited by 3 Pith papers

Reviewed papers in the Pith corpus that reference this work. Sorted by Pith novelty score.

  1. The Measure of Deception: An Analysis of Data Forging in Machine Unlearning

    cs.LG 2025-09 conditional novelty 8.0

    The Lebesgue measure of ε-forging sets decays as O(ε) or ε^d for linear models and as ε^{(d-r)/2} under mild regularity assumptions, with vanishing probability of random sampling.

  2. Can Vision Models Truly Forget? Mirage: Representation-Level Certification of Visual Unlearning

    cs.CV 2026-05 unverdicted novelty 7.0

    Mirage auditing reveals that VFL unlearning methods passing output-level checks still retain substantial class structure in representations across multiple datasets and baselines.

  3. Towards Reliable Forgetting: A Survey on Machine Unlearning Verification

    cs.LG 2025-06 unverdicted novelty 6.0

    A survey that organizes machine unlearning verification methods into behavioral and parametric categories and outlines open problems.