Safeguarding data from unauthorized exploitation is vital for privacy and security, especially in recent rampant research in security breach such as adversarial/membership attacks. To this end, \textit{unlearnable examples} (UEs) have been recently proposed as a compelling protection, by adding imperceptible perturbation to data so that models trained on them cannot classify them accurately on original clean distribution. Unfortunately, we find UEs provide a false sense of security, because they cannot stop unauthorized users from utilizing other unprotected data to remove the protection, by turning unlearnable data into learnable again. Motivated by this observation, we formally define a new threat by introducing \textit{learnable unauthorized examples} (LEs) which are UEs with their protection removed. The core of this approach is a novel purification process that projects UEs onto the manifold of LEs. This is realized by a new joint-conditional diffusion model which denoises UEs conditioned on the pixel and perceptual similarity between UEs and LEs. Extensive experiments demonstrate that LE delivers state-of-the-art countering performance against both supervised UEs and unsupervised UEs in various scenarios, which is the first generalizable countermeasure to UEs across supervised learning and unsupervised learning.

翻译：保护数据免受未经授权的利用对隐私和安全至关重要，尤其是在近年来对抗性/成员推断攻击等安全漏洞研究泛滥的背景下。为此，最近提出的**不可学习示例**（Unlearnable Examples, UEs）通过向数据添加不可察觉的扰动，使得基于这些数据训练的模型无法准确分类原始干净分布中的样本，从而成为一种有力的防护手段。然而，我们发现UEs提供了虚假的安全感，因为它们无法阻止未经授权的用户利用其他未受保护的数据移除这种防护，使不可学习数据重新变得可学习。基于这一发现，我们正式定义了一种新威胁：**可学习未经授权示例**（Learnable Unauthorized Examples, LEs），即防护被移除后的UEs。该方法的核心是一种新颖的纯化过程，将UEs投影到LEs的流形上。这是通过一种新的联合条件扩散模型实现的，该模型在像素级和感知相似性的条件下对UEs进行去噪处理。大量实验证明，LE在各种场景下对监督UEs和无监督UEs均能达到最先进的对抗性能，这是首个在监督学习和无监督学习中均可推广的UEs对抗方法。