Over the past years, Machine Learning-as-a-Service (MLaaS) has received a surging demand for supporting Machine Learning-driven services to offer revolutionized user experience across diverse application areas. MLaaS provides inference service with low inference latency based on an ML model trained using a dataset collected from numerous individual data owners. Recently, for the sake of data owners' privacy and to comply with the "right to be forgotten (RTBF)" as enacted by data protection legislation, many machine unlearning methods have been proposed to remove data owners' data from trained models upon their unlearning requests. However, despite their promising efficiency, almost all existing machine unlearning methods handle unlearning requests independently from inference requests, which unfortunately introduces a new security issue of inference service obsolescence and a privacy vulnerability of undesirable exposure for machine unlearning in MLaaS. In this paper, we propose the ERASER framework for machinE unleaRning in MLaAS via an inferencE seRving-aware approach. ERASER strategically choose appropriate unlearning execution timing to address the inference service obsolescence issue. A novel inference consistency certification mechanism is proposed to avoid the violation of RTBF principle caused by postponed unlearning executions, thereby mitigating the undesirable exposure vulnerability. ERASER offers three groups of design choices to allow for tailor-made variants that best suit the specific environments and preferences of various MLaaS systems. Extensive empirical evaluations across various settings confirm ERASER's effectiveness, e.g., it can effectively save up to 99% of inference latency and 31% of computation overhead over the inference-oblivion baseline.

翻译：过去几年中，机器学习即服务（MLaaS）的需求激增，以支持基于机器学习的服务，从而在各类应用领域提供颠覆性的用户体验。MLaaS基于使用从众多数据所有者收集的数据集训练的机器学习模型，提供低推理延迟的推理服务。近期，为保护数据所有者的隐私并符合数据保护法规所规定的"被遗忘权"，学界提出了多种机器遗忘方法，旨在根据数据所有者的遗忘请求从已训练模型中移除其数据。然而，尽管现有方法在效率上具有优势，几乎所有机器遗忘方法都将遗忘请求与推理请求独立处理——这不幸地为MLaaS中的机器遗忘引入了推理服务过时这一新的安全问题，以及不必要暴露的隐私漏洞。本文提出ERASER框架，通过一种推理服务感知方法实现MLaaS中的机器遗忘。ERASER策略性地选择适当的遗忘执行时机，以解决推理服务过时问题。我们提出了一种新颖的推理一致性认证机制，避免因延迟执行遗忘而违反被遗忘权原则，从而缓解不必要暴露的漏洞。ERASER提供三类设计选择，允许针对各类MLaaS系统的特定环境和偏好定制变体。跨多种设置的大量实证评估证实了ERASER的有效性，例如，与忽视推理的基线方法相比，它能够有效节省最高99%的推理延迟和31%的计算开销。