TL;DR
This paper addresses privacy risks in source-free domain adaptation by proposing a novel unlearning method that prevents models from leaking source-specific information, ensuring source data privacy.
Contribution
It introduces SCADA-UL, a new unlearning framework with adversarial optimization to forget source-exclusive classes during domain adaptation.
Findings
Our method outperforms baselines in unlearning effectiveness.
It achieves retraining-level unlearning performance on benchmarks.
The approach effectively prevents source information leakage in target models.
Abstract
The increasing adaptation of vision models across domains, such as satellite imagery and medical scans, has raised an emerging privacy risk: models may inadvertently retain and leak sensitive source-domain specific information in the target domain. This creates a compelling use case for machine unlearning to protect the privacy of sensitive source-domain data. Among adaptation techniques, source-free domain adaptation (SFDA) calls for an urgent need for machine unlearning (MU), where the source data itself is protected, yet the source model exposed during adaptation encodes its influence. Our experiments reveal that existing SFDA methods exhibit strong zero-shot performance on source-exclusive classes in the target domain, indicating they inadvertently leak knowledge of these classes into the target domain, even when they are not represented in the target data. We identify and address…
Peer Reviews
No public reviews on file for this paper yet. If you reviewed it on a platform where reviews are public (OpenReview, ICLR, NeurIPS, ICML), you can paste yours below so the community can read it here.
Code & Models
Videos
No videos yet. Explain this paper in a talk, walkthrough, or lecture? Add one.
