Re-thinking Data Availablity Attacks Against Deep Neural Networks

TL;DR

This paper revisits data availability attacks on deep neural networks, identifying flaws in existing methods and proposing a new, more effective optimization approach that enhances data protection with less computation.

Contribution

It introduces a novel optimization paradigm for unlearnable examples, improving protection effectiveness and efficiency over previous robust error-minimizing noise methods.

Findings

Enhanced data protection against availability attacks

Reduced computational time for generating unlearnable examples

Validated approach through extensive experiments

Abstract

The unauthorized use of personal data for commercial purposes and the clandestine acquisition of private data for training machine learning models continue to raise concerns. In response to these issues, researchers have proposed availability attacks that aim to render data unexploitable. However, many current attack methods are rendered ineffective by adversarial training. In this paper, we re-examine the concept of unlearnable examples and discern that the existing robust error-minimizing noise presents an inaccurate optimization objective. Building on these observations, we introduce a novel optimization paradigm that yields improved protection results with reduced computational time requirements. We have conducted extensive experiments to substantiate the soundness of our approach. Moreover, our method establishes a robust foundation for future research in this area.