ABSTRACT
Today's systems produce a rapidly exploding amount of data, ranging from personal photos and office documents to logs of user clicks on a website or mobile device. While there are numerous challenges in making systems forget, this chapter focuses on one of the most difficult challenges: making machine learning systems forget. The training data sets, such as movie ratings, online purchase histories, and browsing histories, often contain private data. An attacker injects carefully polluted data samples into a learning system, misleading the algorithms to compute an incorrect feature set and model. Intuitively, completeness requires that once a data sample is removed, all its effects on the feature set and the model are also cleanly reversed. Timeliness in unlearning captures how much faster unlearning is than retraining at updating the features and the model in the system. Many defenses of data pollution attacks apply filtering on the training data to remove polluted samples.
