Preserving privacy without compromising accuracy: Machine unlearning for handwritten text recognition

IF 7.6 1区计算机科学 Q1 COMPUTER SCIENCE, ARTIFICIAL INTELLIGENCE

Pattern Recognition Pub Date : 2025-09-09 DOI:10.1016/j.patcog.2025.112411

Lei Kang, Xuanshuo Fu, Lluis Gomez, Alicia Fornés, Ernest Valveny, Dimosthenis Karatzas

{"title":"Preserving privacy without compromising accuracy: Machine unlearning for handwritten text recognition","authors":"Lei Kang, Xuanshuo Fu, Lluis Gomez, Alicia Fornés, Ernest Valveny, Dimosthenis Karatzas","doi":"10.1016/j.patcog.2025.112411","DOIUrl":null,"url":null,"abstract":"<div><div>Handwritten Text Recognition (HTR) is crucial for document digitization, but handwritten data can contain user-identifiable features, like unique writing styles, posing privacy risks. Regulations such as the “right to be forgotten” require models to remove these sensitive traces without full retraining. We introduce a practical encoder-only transformer baseline as a robust reference for future HTR research. Building on this, we propose a two-stage unlearning framework for multihead transformer HTR models. Our method combines neural pruning with machine unlearning applied to a writer classification head, ensuring sensitive information is removed while preserving the recognition head. We also present Writer-ID Confusion (WIC), a method that forces the forget set to follow a uniform distribution over writer identities, unlearning user-specific cues while maintaining text recognition performance. We compare WIC to Random Labeling, Fisher Forgetting, Amnesiac Unlearning, and DELETE within our prune-unlearn pipeline and consistently achieve better privacy and accuracy trade-offs. This is the first systematic study of machine unlearning for HTR. Using metrics such as Accuracy, Character Error Rate (CER), Word Error Rate (WER), and Membership Inference Attacks (MIA) on the IAM and CVL datasets, we demonstrate that our method achieves state-of-the-art or superior performance for effective unlearning. These experiments show that our approach effectively safeguards privacy without compromising accuracy, opening new directions for document analysis research. Our code is publicly available at <span><span>https://github.com/leitro/WIC-WriterIDConfusion-MachineUnlearning</span><svg><path></path></svg></span>.</div></div>","PeriodicalId":49713,"journal":{"name":"Pattern Recognition","volume":"172 ","pages":"Article 112411"},"PeriodicalIF":7.6000,"publicationDate":"2025-09-09","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"0","resultStr":null,"platform":"Semanticscholar","paperid":null,"PeriodicalName":"Pattern Recognition","FirstCategoryId":"94","ListUrlMain":"https://www.sciencedirect.com/science/article/pii/S0031320325010726","RegionNum":1,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"Q1","JCRName":"COMPUTER SCIENCE, ARTIFICIAL INTELLIGENCE","Score":null,"Total":0}

引用次数: 0

Abstract

Handwritten Text Recognition (HTR) is crucial for document digitization, but handwritten data can contain user-identifiable features, like unique writing styles, posing privacy risks. Regulations such as the “right to be forgotten” require models to remove these sensitive traces without full retraining. We introduce a practical encoder-only transformer baseline as a robust reference for future HTR research. Building on this, we propose a two-stage unlearning framework for multihead transformer HTR models. Our method combines neural pruning with machine unlearning applied to a writer classification head, ensuring sensitive information is removed while preserving the recognition head. We also present Writer-ID Confusion (WIC), a method that forces the forget set to follow a uniform distribution over writer identities, unlearning user-specific cues while maintaining text recognition performance. We compare WIC to Random Labeling, Fisher Forgetting, Amnesiac Unlearning, and DELETE within our prune-unlearn pipeline and consistently achieve better privacy and accuracy trade-offs. This is the first systematic study of machine unlearning for HTR. Using metrics such as Accuracy, Character Error Rate (CER), Word Error Rate (WER), and Membership Inference Attacks (MIA) on the IAM and CVL datasets, we demonstrate that our method achieves state-of-the-art or superior performance for effective unlearning. These experiments show that our approach effectively safeguards privacy without compromising accuracy, opening new directions for document analysis research. Our code is publicly available at https://github.com/leitro/WIC-WriterIDConfusion-MachineUnlearning.

查看原文本刊更多论文

在不影响准确性的情况下保护隐私：手写文本识别的机器学习

手写文本识别（HTR）对于文档数字化至关重要，但手写数据可能包含用户可识别的特征，如独特的书写风格，从而带来隐私风险。诸如“被遗忘权”之类的规定要求模特在不接受全面再培训的情况下删除这些敏感的痕迹。我们介绍了一个实用的纯编码器变压器基线，作为未来HTR研究的可靠参考。在此基础上，我们提出了一个多磁头变压器HTR模型的两阶段学习框架。该方法将神经修剪与机器学习相结合，应用于写作者分类头，在保留识别头的同时保证了敏感信息的去除。我们还介绍了作者id混淆（WIC），这是一种强制遗忘集遵循作者身份的统一分布的方法，在保持文本识别性能的同时忘记用户特定的线索。我们将WIC与我们的修剪-遗忘管道中的随机标记、Fisher遗忘、健忘症遗忘和DELETE进行比较，并始终实现更好的隐私和准确性权衡。这是HTR的第一个系统的机器学习研究。在IAM和CVL数据集上使用准确性、字符错误率（CER）、单词错误率（WER）和成员推理攻击（MIA）等指标，我们证明了我们的方法在有效的解除学习方面达到了最先进或更好的性能。这些实验表明，我们的方法在不影响准确性的前提下有效地保护了隐私，为文档分析研究开辟了新的方向。我们的代码可以在https://github.com/leitro/WIC-WriterIDConfusion-MachineUnlearning上公开获得。

本文章由计算机程序翻译，如有差异，请以英文原文为准。

求助全文

约1分钟内获得全文求助全文

来源期刊

Pattern Recognition 工程技术-工程：电子与电气

CiteScore

14.40

自引率

16.20%

发文量

683

审稿时长

5.6 months

期刊介绍： The field of Pattern Recognition is both mature and rapidly evolving, playing a crucial role in various related fields such as computer vision, image processing, text analysis, and neural networks. It closely intersects with machine learning and is being applied in emerging areas like biometrics, bioinformatics, multimedia data analysis, and data science. The journal Pattern Recognition, established half a century ago during the early days of computer science, has since grown significantly in scope and influence.