Mengdi Huai, an Assistant Professor in the Department of Computer Science, has been awarded $300,000 by the National Science Foundation to address security and privacy challenges in machine unlearning. Specifically, Huai will work on solving the increasing risk that individuals will be exposed to a security breach or privacy violations through their data being removed from machine learning models.
Personal data is constantly being collected, analyzed, and stored by companies. Individuals are increasingly concerned about who has their data and how it is being used – which has led to some regulatory changes to give people more control over who has their data. As privacy laws continue to grant individuals the right to be forgotten, entities can require that companies delete their data.
Companies are using machine learning (ML) techniques to eliminate the data from their models to comply. These techniques involve modifying the machine learning models to remove the data without requiring the entire model to be retained from scratch. However, the state-of-art unlearning methods can create new vulnerabilities that attackers may exploit and gather sensitive personal information.
Tackling Vulnerabilities in Machine Unlearning
Huai’s research focuses on understanding and mitigating these vulnerabilities. She plans to examine how backdoor and model-stealing attacks can leverage the unlearning process to manipulate or extract information from ML models. Additionally, she will investigate advanced privacy-centric attacks, such as membership inference and data reconstruction, which could be used to expose or misuse personal data. By advancing these attack methods, Huai’s research will help better understand how privacy could be compromised through machine unlearning and ways to develop better defenses.
By improving the security and privacy of machine unlearning methods, Huai's research will help protect individuals' data from unauthorized access and misuse, and will strengthen the privacy rights of everyday users. Huai’s work will lead to a more secure and privacy-respecting world for everyone.