Perturbation-Induced Linearization: Constructing Unlearnable Data with Solely Linear Classifiers

Collecting web data to train deep models has become increasingly common, raising concerns about unauthorized data usage. To mitigate this issue, unlearnable examples introduce imperceptible perturbations into data, preventing models from learning effectively. However, existing methods typically rely on deep neural networks as surrogate models for perturbation generation, resulting in significant computational costs. In this work, we propose Perturbation-Induced Linearization (PIL), a computationally efficient yet effective method that generates perturbations using only linear surrogate models. PIL achieves comparable or better performance than existing surrogate-based methods while reducing computational time dramatically. We further reveal a key mechanism underlying unlearnable examples: inducing linearization to deep models, which explains why PIL can achieve competitive results in a very short time. Beyond this, we provide an analysis about the property of unlearnable examples under percentage-based partial perturbation. Our work not only provides a practical approach for data protection but also offers insights into what makes unlearnable examples effective.

Key Contributions

• Proposes PIL, which generates unlearnable examples using only linear surrogate models, cutting generation time from 15+ GPU hours (REM) to under 1 GPU minute on CIFAR-10.
• Reveals that inducing linearization of deep models is the underlying mechanism behind effective unlearnable examples, explaining why simple linear surrogates transfer to complex DNNs.
• Analyzes the fundamental limitation of unlearnable examples under percentage-based partial perturbation, showing they cannot substantially reduce test accuracy when only a subset of data is perturbed.

🛡️ Threat Analysis

Details

Similar Papers