Memory Self-Regeneration: Uncovering Hidden Knowledge in Unlearned Models

The impressive capability of modern text-to-image models to generate realistic visuals has come with a serious drawback: they can be misused to create harmful, deceptive or unlawful content. This has accelerated the push for machine unlearning. This new field seeks to selectively remove specific knowledge from a model's training data without causing a drop in its overall performance. However, it turns out that actually forgetting a given concept is an extremely difficult task. Models exposed to attacks using adversarial prompts show the ability to generate so-called unlearned concepts, which can be not only harmful but also illegal. In this paper, we present considerations regarding the ability of models to forget and recall knowledge, introducing the Memory Self-Regeneration task. Furthermore, we present MemoRa strategy, which we consider to be a regenerative approach supporting the effective recovery of previously lost knowledge. Moreover, we propose that robustness in knowledge retrieval is a crucial yet underexplored evaluation measure for developing more robust and effective unlearning techniques. Finally, we demonstrate that forgetting occurs in two distinct ways: short-term, where concepts can be quickly recalled, and long-term, where recovery is more challenging. Code is available at https://gmum.github.io/MemoRa/.

Key Contributions

• Introduces the Memory Self-Regeneration task, formalizing the problem of recovering unlearned concepts from diffusion models
• Proposes MemoRa, a practical attack using DDIM inversion, spherical interpolation, and LoRA adapter fine-tuning to restore erased concepts with only a few reference images
• Identifies two distinct modes of machine forgetting — short-term (superficial suppression, quickly reversed) and long-term (deeper representational changes, harder to recover) — exposing a fundamental weakness in current unlearning evaluations

🛡️ Threat Analysis

Details

Similar Papers