The right to be forgotten requires the removal or "unlearning" of a user's data from machine learning models. However, in the context of Machine Learning as a Service (MLaaS), retraining a model from scratch to fulfill the unlearning request is impractical due to the lack of training data on the service provider's side (the server). Furthermore, approximate unlearning further embraces a complex trade-off between utility (model performance) and privacy (unlearning performance). In this paper, we try to explore the potential threats posed by unlearning services in MLaaS, specifically over-unlearning, where more information is unlearned than expected. We propose two strategies that leverage over-unlearning to measure the impact on the trade-off balancing, under black-box access settings, in which the existing machine unlearning attacks are not applicable. The effectiveness of these strategies is evaluated through extensive experiments on benchmark datasets, across various model architectures and representative unlearning approaches. Results indicate significant potential for both strategies to undermine model efficacy in unlearning scenarios. This study uncovers an underexplored gap between unlearning and contemporary MLaaS, highlighting the need for careful considerations in balancing data unlearning, model utility, and security.

翻译：被遗忘权要求从机器学习模型中移除或“遗忘”用户数据。然而，在机器学习即服务（MLaaS）的背景下，由于服务提供商（服务器）侧缺乏训练数据，从头开始重新训练模型以完成遗忘请求是不切实际的。此外，近似遗忘进一步涉及效用（模型性能）与隐私（遗忘性能）之间的复杂权衡。本文试图探索MLaaS中遗忘服务带来的潜在威胁，特别是过度遗忘，即被遗忘的信息超出预期。我们提出了两种利用过度遗忘来衡量其对权衡平衡影响的策略，这些策略适用于黑盒访问设置，而现有的机器遗忘攻击在此设置下无法适用。通过在基准数据集上进行广泛实验，评估了这些策略在不同模型架构和代表性遗忘方法下的有效性。结果表明，这两种策略在遗忘场景中破坏模型效能的潜力显著。本研究揭示了遗忘与当代MLaaS之间尚未被充分探索的鸿沟，强调了在平衡数据遗忘、模型效用和安全性方面需要进行审慎考量。