UNSEEN: A Cross-Stack LLM Unlearning Defense against AR-LLM Social Engineering Attacks

Emerging AR-LLM-based Social Engineering attack e.g., SEAR is at the edge of posing great threats to real-world social life. In such AR-LLM-SE attack, the attacker can leverage AR Augmented Reality glass to capture the image and vocal information of the target, using the LLM to identify the targe...

Privacy-Aware Machine Unlearning with SISA for Reinforcement Learning-Based Ransomware Detection

Ransomware detection systems increasingly rely on behavior-based machine learning to address evolving attack strategies. However, emerging privacy compliance, data governance, and responsible AI deployment demand not only accurate detection but also the ability to efficiently remove the influence...

Towards Unveiling Vulnerabilities of Large Reasoning Models in Machine Unlearning

Large language models LLMs possess strong semantic understanding, driving significant progress in data mining applications. This is further enhanced by large reasoning models LRMs, which provide explicit multi-step reasoning traces. On the other hand, the growing need for the right to be forgotte...

SecureCAI: Injection-Resilient LLM Assistants for Cybersecurity Operations

Large Language Models have emerged as transformative tools for Security Operations Centers, enabling automated log analysis, phishing triage, and malware explanation; however, deployment in adversarial cybersecurity environments exposes critical vulnerabilities to prompt injection attacks where...

Injection, Attack and Erasure: Revocable Backdoor Attacks Via Machine Unlearning

Backdoor attacks pose a persistent security risk to deep neural networks DNNs due to their stealth and durability. While recent research has explored leveraging model unlearning mechanisms to enhance backdoor concealment, existing attack strategies still leave persistent traces that may be detect...

Unlearning at Scale: Implementing the Right to Be Forgotten in Large Language Models

We study the right to be forgotten GDPR Art. 17 for large language models and frame unlearning as a reproducible systems problem. Our approach treats training as a deterministic program and logs a minimal per-microbatch record ordered ID hash, RNG seed, learning-rate value, optimizer-step counter...

Label Inference Attacks against Federated Unlearning

Federated Unlearning FU has emerged as a promising solution to respond to the right to be forgotten of clients, by allowing clients to erase their data from global models without compromising model performance. Unfortunately, researchers find that the parameter variations of models induced by FU...

From Learning to Unlearning: Biomedical Security Protection in Multimodal Large Language Models

The security of biomedical Multimodal Large Language Models MLLMs has attracted increasing attention. However, training samples easily contain private information and incorrect knowledge that are difficult to detect, potentially leading to privacy leakage or erroneous outputs after deployment. An...

IMU: Influence-Guided Machine Unlearning

Recent studies have shown that deep learning models are vulnerable to attacks and tend to memorize training data points, raising significant concerns about privacy leakage. This motivates the development of machine unlearning MU, i.e., a paradigm that enables models to selectively forget specific...

DUP: Detection-Guided Unlearning for Backdoor Purification in Language Models

As backdoor attacks become more stealthy and robust, they reveal critical weaknesses in current defense strategies: detection methods often rely on coarse-grained feature statistics, and purification methods typically require full retraining or additional clean models. To address these challenges...

The Landscape of Memorization in LLMs: Mechanisms, Measurement, and Mitigation

Large Language Models LLMs have demonstrated remarkable capabilities across a wide range of tasks, yet they also exhibit memorization of their training data. This phenomenon raises critical questions about model behavior, privacy risks, and the boundary between learning and memorization. Addressi...

Efficient Unlearning with Privacy Guarantees

Privacy protection laws, such as the GDPR, grant individuals the right to request the forgetting of their personal data not only from databases but also from machine learning ML models trained on them. Machine unlearning has emerged as a practical means to facilitate model forgetting of data...

Recalling the Forgotten Class Memberships: Unlearned Models Can Be Noisy Labelers to Leak Privacy

Machine Unlearning MU technology facilitates the removal of the influence of specific data instances from trained models on request. Despite rapid advancements in MU technology, its vulnerabilities are still under explored, posing potential risks of privacy breaches through leaks of ostensibly...

Verifiable Unlearning on Edge

Machine learning providers commonly distribute global models to edge devices, which subsequently personalize these models using local data. However, issues such as copyright infringements, biases, or regulatory requirements may require the verifiable removal of certain data samples across all edg...

UCD: Unlearning in LLMs Via Contrastive Decoding

Machine unlearning aims to remove specific information, e.g. sensitive or undesirable content, from large language models LLMs while preserving overall performance. We propose an inference-time unlearning algorithm that uses contrastive decoding, leveraging two auxiliary smaller models, one train...

Rectifying Privacy and Efficacy Measurements in Machine Unlearning: a New Inference Attack Perspective

Machine unlearning focuses on efficiently removing specific data from trained models, addressing privacy and compliance concerns with reasonable costs. Although exact unlearning ensures complete data removal equivalent to retraining, it is impractical for large-scale models, leading to growing...

When Forgetting Triggers Backdoors: a Clean Unlearning Attack

Machine unlearning has emerged as a key component in ensuring Right to be Forgotten, enabling the removal of specific data points from trained models. However, even when the unlearning is performed without poisoning the forget-set clean unlearning, it can be exploited for stealthy attacks that...

Unlearning-Enhanced Website Fingerprinting Attack: against Backdoor Poisoning in Anonymous Networks

Website Fingerprinting WF is an effective tool for regulating and governing the dark web. However, its performance can be significantly degraded by backdoor poisoning attacks in practical deployments. This paper aims to address the problem of hidden backdoor poisoning attacks faced by Website...

PDLRecover: Privacy-preserving Decentralized Model Recovery with Machine Unlearning

Decentralized learning is vulnerable to poison attacks, where malicious clients manipulate local updates to degrade global model performance. Existing defenses mainly detect and filter malicious models, aiming to prevent a limited number of attackers from corrupting the global model. However,...

Towards Reliable Forgetting: a Survey on Machine Unlearning Verification, Challenges, and Future Directions

With growing demands for privacy protection, security, and legal compliance e.g., GDPR, machine unlearning has emerged as a critical technique for ensuring the controllability and regulatory alignment of machine learning models. However, a fundamental challenge in this field lies in effectively...