Realistic image-to-image machine unlearning via decoupling and knowledge retention

IF 4.2 3区计算机科学 Q2 COMPUTER SCIENCE, ARTIFICIAL INTELLIGENCE

Big Data Research Pub Date : 2026-05-28 Epub Date: 2026-02-10 DOI:10.1016/j.bdr.2026.100592

Ayush K. Varshney, Vicenç Torra

{"title":"Realistic image-to-image machine unlearning via decoupling and knowledge retention","authors":"Ayush K. Varshney, Vicenç Torra","doi":"10.1016/j.bdr.2026.100592","DOIUrl":null,"url":null,"abstract":"<div><div>Machine Unlearning allows participants to remove their data from a trained machine learning model in order to preserve their privacy, and security. However, the machine unlearning literature for generative models is rather limited. The literature for image-to-image generative model (I2I model) considers minimizing the loss between Gaussian noise and the output of I2I model for forget samples as machine unlearning. However, we argue that the machine learning model performs fairly well on unseen data i.e., a retrained model will be able to learn generalized representations in the data and hence will not generate an output which is Gaussian noise instead. In this paper, we consider that the model after unlearning should treat forget samples as out-of-distribution (OOD) data, i.e., the unlearned model should no longer recognize or encode the specific patterns found in the forget samples. To achieve this, we propose a framework which decouples the model parameters with gradient ascent. Our framework ensures that forget samples are OOD for unlearned model with theoretical guarantee. We also provide (ϵ, <em>δ</em>)-unlearning guarantee for model updates with gradient ascent. The unlearned model is further fine-tuned on the remaining samples to maintain its performance. We also propose a data poisoning attack model as an auditing mechanism in order to make sure that the unlearned model has effectively removed the influence of forget samples. Furthermore, we demonstrate that even under sample unlearning, our approach prevents backdoor regeneration, validating its effectiveness. Extensive empirical evaluation on two large-scale datasets, ImageNet-1K and Places365 highlights the superiority of our approach. To show comparable performance with a retrained model, we also show the comparison of a simple AutoEncoder on various baselines on CIFAR-10 dataset.</div></div>","PeriodicalId":56017,"journal":{"name":"Big Data Research","volume":"44 ","pages":"Article 100592"},"PeriodicalIF":4.2000,"publicationDate":"2026-05-28","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"0","resultStr":null,"platform":"Semanticscholar","paperid":null,"PeriodicalName":"Big Data Research","FirstCategoryId":"94","ListUrlMain":"https://www.sciencedirect.com/science/article/pii/S2214579626000043","RegionNum":3,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"2026/2/10 0:00:00","PubModel":"Epub","JCR":"Q2","JCRName":"COMPUTER SCIENCE, ARTIFICIAL INTELLIGENCE","Score":null,"Total":0}

引用次数: 0

Abstract

Machine Unlearning allows participants to remove their data from a trained machine learning model in order to preserve their privacy, and security. However, the machine unlearning literature for generative models is rather limited. The literature for image-to-image generative model (I2I model) considers minimizing the loss between Gaussian noise and the output of I2I model for forget samples as machine unlearning. However, we argue that the machine learning model performs fairly well on unseen data i.e., a retrained model will be able to learn generalized representations in the data and hence will not generate an output which is Gaussian noise instead. In this paper, we consider that the model after unlearning should treat forget samples as out-of-distribution (OOD) data, i.e., the unlearned model should no longer recognize or encode the specific patterns found in the forget samples. To achieve this, we propose a framework which decouples the model parameters with gradient ascent. Our framework ensures that forget samples are OOD for unlearned model with theoretical guarantee. We also provide (ϵ, δ)-unlearning guarantee for model updates with gradient ascent. The unlearned model is further fine-tuned on the remaining samples to maintain its performance. We also propose a data poisoning attack model as an auditing mechanism in order to make sure that the unlearned model has effectively removed the influence of forget samples. Furthermore, we demonstrate that even under sample unlearning, our approach prevents backdoor regeneration, validating its effectiveness. Extensive empirical evaluation on two large-scale datasets, ImageNet-1K and Places365 highlights the superiority of our approach. To show comparable performance with a retrained model, we also show the comparison of a simple AutoEncoder on various baselines on CIFAR-10 dataset.

查看原文本刊更多论文

基于解耦和知识保留的现实图像到图像机器学习

机器学习允许参与者从训练有素的机器学习模型中删除他们的数据，以保护他们的隐私和安全。然而，关于生成模型的机器学习文献相当有限。image-to-image generative model （I2I model）的文献认为，对于遗忘样本，最小化高斯噪声与I2I模型输出之间的损失是机器学习。然而，我们认为机器学习模型在看不见的数据上表现相当好，即，一个重新训练的模型将能够学习数据中的广义表示，因此不会产生高斯噪声的输出。在本文中，我们认为遗忘后的模型应该将遗忘样本视为out- distribution （OOD）数据，即未学习的模型应该不再识别或编码遗忘样本中发现的特定模式。为了实现这一点，我们提出了一个框架，该框架将模型参数与梯度上升解耦。我们的框架从理论上保证了遗忘样本对于未学习模型是良好的。我们还为梯度上升的模型更新提供了(λ, δ)-学习保证。未学习模型在剩余样本上进一步微调以保持其性能。我们还提出了一种数据中毒攻击模型作为审计机制，以确保未学习模型有效地消除了遗忘样本的影响。此外，我们证明了即使在样本遗忘下，我们的方法也可以防止后门再生，从而验证了其有效性。对两个大型数据集ImageNet-1K和Places365进行了广泛的实证评估，突出了我们方法的优越性。为了展示与重新训练模型的可比性，我们还展示了一个简单的AutoEncoder在CIFAR-10数据集上的各种基线上的比较。

本文章由计算机程序翻译，如有差异，请以英文原文为准。

求助全文

约1分钟内获得全文求助全文

来源期刊

Big Data Research Computer Science-Computer Science Applications

CiteScore

8.40

自引率

3.00%

发文量

期刊介绍： The journal aims to promote and communicate advances in big data research by providing a fast and high quality forum for researchers, practitioners and policy makers from the very many different communities working on, and with, this topic. The journal will accept papers on foundational aspects in dealing with big data, as well as papers on specific Platforms and Technologies used to deal with big data. To promote Data Science and interdisciplinary collaboration between fields, and to showcase the benefits of data driven research, papers demonstrating applications of big data in domains as diverse as Geoscience, Social Web, Finance, e-Commerce, Health Care, Environment and Climate, Physics and Astronomy, Chemistry, life sciences and drug discovery, digital libraries and scientific publications, security and government will also be considered. Occasionally the journal may publish whitepapers on policies, standards and best practices.