PDLRecover: Privacy-preserving Decentralized Model Recovery with Machine Unlearning

• URL: http://arxiv.org/abs/2506.15112v1
• Date: Wed, 18 Jun 2025 03:30:07 GMT
• Title: PDLRecover: Privacy-preserving Decentralized Model Recovery with Machine Unlearning
• Authors: Xiangman Li, Xiaodong Wu, Jianbing Ni, Mohamed Mahmoud, Maazen Alsabaan,
• Abstract summary: Decentralized learning is vulnerable to poison attacks, where malicious clients manipulate local updates to degrade global model performance.<n>We propose PDLRecover, a novel method to recover a poisoned global model efficiently by leveraging historical model information.<n>PDLRecover effectively prevents leakage of local model parameters, ensuring both accuracy and privacy in recovery.
• Score: 8.419216773393172
• License: http://creativecommons.org/licenses/by/4.0/
• Abstract: Decentralized learning is vulnerable to poison attacks, where malicious clients manipulate local updates to degrade global model performance. Existing defenses mainly detect and filter malicious models, aiming to prevent a limited number of attackers from corrupting the global model. However, restoring an already compromised global model remains a challenge. A direct approach is to remove malicious clients and retrain the model using only the benign clients. Yet, retraining is time-consuming, computationally expensive, and may compromise model consistency and privacy. We propose PDLRecover, a novel method to recover a poisoned global model efficiently by leveraging historical model information while preserving privacy. The main challenge lies in protecting shared historical models while enabling parameter estimation for model recovery. By exploiting the linearity of approximate Hessian matrix computation, we apply secret sharing to protect historical updates, ensuring local models are not leaked during transmission or reconstruction. PDLRecover introduces client-side preparation, periodic recovery updates, and a final exact update to ensure robustness and convergence of the recovered model. Periodic updates maintain accurate curvature information, and the final step ensures high-quality convergence. Experiments show that the recovered global model achieves performance comparable to a fully retrained model but with significantly reduced computation and time cost. Moreover, PDLRecover effectively prevents leakage of local model parameters, ensuring both accuracy and privacy in recovery.

Related papers

• Secure Generalization through Stochastic Bidirectional Parameter Updates Using Dual-Gradient Mechanism [6.03163048890944]
  Federated learning (FL) has gained increasing attention due to privacy-preserving collaborative training on decentralized clients.<n>Recent research has underscored the risk of exposing private data to adversaries, even within FL frameworks.<n>We generate diverse models for each client by using systematic perturbations in model parameters at a fine-grained level.
  arXiv  Detail & Related papers  (2025-04-03T02:06:57Z)
• DELMAN: Dynamic Defense Against Large Language Model Jailbreaking with Model Editing [62.43110639295449]
  Large Language Models (LLMs) are widely applied in decision making, but their deployment is threatened by jailbreak attacks.<n>Delman is a novel approach leveraging direct model editing for precise, dynamic protection against jailbreak attacks.<n>Delman directly updates a minimal set of relevant parameters to neutralize harmful behaviors while preserving the model's utility.
  arXiv  Detail & Related papers  (2025-02-17T10:39:21Z)
• Robust Knowledge Distillation in Federated Learning: Counteracting Backdoor Attacks [12.227509826319267]
  Federated Learning (FL) enables collaborative model training across multiple devices while preserving data privacy.<n>It remains susceptible to backdoor attacks, where malicious participants can compromise the global model.<n>We propose Robust Knowledge Distillation (RKD), a novel defence mechanism that enhances model integrity without relying on restrictive assumptions.
  arXiv  Detail & Related papers  (2025-02-01T22:57:08Z)
• Reliable and Efficient Concept Erasure of Text-to-Image Diffusion Models [76.39651111467832]
  We introduce Reliable and Efficient Concept Erasure (RECE), a novel approach that modifies the model in 3 seconds without necessitating additional fine-tuning. To mitigate inappropriate content potentially represented by derived embeddings, RECE aligns them with harmless concepts in cross-attention layers. The derivation and erasure of new representation embeddings are conducted iteratively to achieve a thorough erasure of inappropriate concepts.
  arXiv  Detail & Related papers  (2024-07-17T08:04:28Z)
• Privacy Backdoors: Enhancing Membership Inference through Poisoning Pre-trained Models [112.48136829374741]
  In this paper, we unveil a new vulnerability: the privacy backdoor attack. When a victim fine-tunes a backdoored model, their training data will be leaked at a significantly higher rate than if they had fine-tuned a typical model. Our findings highlight a critical privacy concern within the machine learning community and call for a reevaluation of safety protocols in the use of open-source pre-trained models.
  arXiv  Detail & Related papers  (2024-04-01T16:50:54Z)
• Towards Efficient and Certified Recovery from Poisoning Attacks in Federated Learning [17.971060689461883]
  Federated learning (FL) is vulnerable to poisoning attacks, where malicious clients manipulate their updates to affect the global model. In this paper, we show that highly effective recovery can still be achieved based on (i) selective historical information. We introduce Crab, an efficient and certified recovery method, which relies on selective information storage and adaptive model rollback.
  arXiv  Detail & Related papers  (2024-01-16T09:02:34Z)
• Learn from the Past: A Proxy Guided Adversarial Defense Framework with Self Distillation Regularization [53.04697800214848]
  Adversarial Training (AT) is pivotal in fortifying the robustness of deep learning models. AT methods, relying on direct iterative updates for target model's defense, frequently encounter obstacles such as unstable training and catastrophic overfitting. We present a general proxy guided defense framework, LAST' (bf Learn from the Pbf ast)
  arXiv  Detail & Related papers  (2023-10-19T13:13:41Z)
• Precision-Recall Divergence Optimization for Generative Modeling with GANs and Normalizing Flows [54.050498411883495]
  We develop a novel training method for generative models, such as Generative Adversarial Networks and Normalizing Flows. We show that achieving a specified precision-recall trade-off corresponds to minimizing a unique $f$-divergence from a family we call the textitPR-divergences. Our approach improves the performance of existing state-of-the-art models like BigGAN in terms of either precision or recall when tested on datasets such as ImageNet.
  arXiv  Detail & Related papers  (2023-05-30T10:07:17Z)
• FedRecover: Recovering from Poisoning Attacks in Federated Learning using Historical Information [67.8846134295194]
  Federated learning is vulnerable to poisoning attacks in which malicious clients poison the global model. We propose FedRecover, which can recover an accurate global model from poisoning attacks with small cost for the clients.
  arXiv  Detail & Related papers  (2022-10-20T00:12:34Z)
• MockingBERT: A Method for Retroactively Adding Resilience to NLP Models [4.584774276587428]
  We propose a novel method of retroactively adding resilience to misspellings to transformer-based NLP models. This can be achieved without the need for re-training of the original NLP model. We also propose a new efficient approximate method of generating adversarial misspellings.
  arXiv  Detail & Related papers  (2022-08-21T16:02:01Z)

This list is automatically generated from the titles and abstracts of the papers in this site.

This site does not guarantee the quality of this site (including all information) and is not responsible for any consequences.