Privacy-Preserving Debiasing using Data Augmentation and Machine Unlearning
Zhixin Pan, Emma Andrews, Laura Chang, Prabhat Mishra
TL;DR
This work tackles the dual challenges of data bias and privacy leakage in machine learning by marrying guided diffusion-based data augmentation with step-wise, distributed machine unlearning. The approach iteratively generates bias-aware synthetic samples and recollects the model to forget original data, aiming to reduce bias without sacrificing performance while defending against membership inference attacks. Key contributions include the first integrated framework for data augmentation and unlearning, a bias-aware guided-diffusion objective using KL-divergence as a bias metric, and a distributed unlearning scheme with a deletion-capacity bound. Empirical results on CIFAR-10 and CelebA demonstrate substantial bias reduction and improved resilience to MIAs, with high-quality synthetic data and minimal degradation in accuracy, underscoring the practical potential of privacy-preserving debiasing in real-world deployments.
Abstract
Data augmentation is widely used to mitigate data bias in the training dataset. However, data augmentation exposes machine learning models to privacy attacks, such as membership inference attacks. In this paper, we propose an effective combination of data augmentation and machine unlearning, which can reduce data bias while providing a provable defense against known attacks. Specifically, we maintain the fairness of the trained model with diffusion-based data augmentation, and then utilize multi-shard unlearning to remove identifying information of original data from the ML model for protection against privacy attacks. Experimental evaluation across diverse datasets demonstrates that our approach can achieve significant improvements in bias reduction as well as robustness against state-of-the-art privacy attacks.