ZIUM: Zero-Shot Intent-Aware Adversarial Attack on Unlearned Models

TL;DR

ZIUM is a novel zero-shot adversarial attack method that effectively targets unlearned models by customizing content based on attacker intent, reducing attack time and outperforming existing techniques.

Contribution

The paper introduces ZIUM, a zero-shot, intent-aware adversarial attack framework for unlearned models, enabling flexible, efficient, and effective content customization without additional optimization.

Findings

ZIUM achieves higher attack success rates than existing methods.

It significantly reduces attack time for previously attacked concepts.

ZIUM effectively aligns generated content with attacker intent.

Abstract

Machine unlearning (MU) removes specific data points or concepts from deep learning models to enhance privacy and prevent sensitive content generation. Adversarial prompts can exploit unlearned models to generate content containing removed concepts, posing a significant security risk. However, existing adversarial attack methods still face challenges in generating content that aligns with an attacker's intent while incurring high computational costs to identify successful prompts. To address these challenges, we propose ZIUM, a Zero-shot Intent-aware adversarial attack on Unlearned Models, which enables the flexible customization of target attack images to reflect an attacker's intent. Additionally, ZIUM supports zero-shot adversarial attacks without requiring further optimization for previously attacked unlearned concepts. The evaluation across various MU scenarios demonstrated ZIUM's effectiveness in successfully customizing content based on user-intent prompts while achieving a superior attack success rate compared to existing methods. Moreover, its zero-shot adversarial attack significantly reduces the attack time for previously attacked unlearned concepts.