Saved in:
Bibliographic Details
Main Authors: Arazzi, Marco, Nocera, Antonino, P, Vinod
Format: Preprint
Published: 2025
Subjects:
Online Access:https://arxiv.org/abs/2506.12522
Tags: Add Tag
No Tags, Be the first to tag this record!
Table of Contents:
  • Machine unlearning has emerged as a key component in ensuring ``Right to be Forgotten'', enabling the removal of specific data points from trained models. However, even when the unlearning is performed without poisoning the forget-set (clean unlearning), it can be exploited for stealthy attacks that existing defenses struggle to detect. In this paper, we propose a novel {\em clean} backdoor attack that exploits both the model learning phase and the subsequent unlearning requests. Unlike traditional backdoor methods, during the first phase, our approach injects a weak, distributed malicious signal across multiple classes. The real attack is then activated and amplified by selectively unlearning {\em non-poisoned} samples. This strategy results in a powerful and stealthy novel attack that is hard to detect or mitigate, highlighting critical vulnerabilities in current unlearning mechanisms and highlighting the need for more robust defenses.