The right to be forgotten requires the removal or "unlearning" of a user's data from machine learning models. However, in the context of Machine Learning as a Service (MLaaS), retraining a model from scratch to fulfill the unlearning request is impractical due to the lack of training data on the service provider's side (the server). Furthermore, approximate unlearning further embraces a complex trade-off between utility (model performance) and privacy (unlearning performance). In this paper, we try to explore the potential threats posed by unlearning services in MLaaS, specifically over-unlearning, where more information is unlearned than expected. We propose two strategies that leverage over-unlearning to measure the impact on the trade-off balancing, under black-box access settings, in which the existing machine unlearning attacks are not applicable. The effectiveness of these strategies is evaluated through extensive experiments on benchmark datasets, across various model architectures and representative unlearning approaches. Results indicate significant potential for both strategies to undermine model efficacy in unlearning scenarios. This study uncovers an underexplored gap between unlearning and contemporary MLaaS, highlighting the need for careful considerations in balancing data unlearning, model utility, and security.

翻译：被遗忘权要求从机器学习模型中移除或“遗忘”用户数据。然而，在机器学习即服务（MLaaS）的背景下，由于服务提供商（服务器）侧缺乏训练数据，从头开始重新训练模型以满足遗忘请求是不切实际的。此外，近似遗忘进一步引入了效用（模型性能）与隐私（遗忘性能）之间的复杂权衡。本文尝试探索MLaaS中遗忘服务所带来的潜在威胁，特别是过度遗忘，即遗忘的信息超出预期。我们提出了两种策略，利用过度遗忘来衡量其对此权衡平衡的影响，在现有机器学习遗忘攻击不适用的黑盒访问设置下进行。通过在基准数据集上、跨多种模型架构和代表性遗忘方法的广泛实验，评估了这些策略的有效性。结果表明，这两种策略在遗忘场景中均具有显著削弱模型效能的潜力。本研究揭示了遗忘与当代MLaaS之间一个尚未充分探索的鸿沟，强调了在平衡数据遗忘、模型效用和安全性时需仔细考量。