Search

US-12626156-B2 - Data mark classification to verify data removal

US12626156B2US 12626156 B2US12626156 B2US 12626156B2US-12626156-B2

Abstract

A method, computer system, and a computer program product for testing a data removal are provided. Data elements are marked with a respective mark per represented entity. The marked data elements, with labels indicating the respective marks, are input into a machine learning model to form a trained machine learning model. The trained machine learning model is configured to perform a dual task that includes a main task and a secondary task that includes a classification based on the labels. A forgetting mechanism is applied to the trained machine learning model to remove a data element including a test mark of the marked data elements. A test data element marked with the test mark is input into the revised machine learning model. The classification of the secondary task of an output of the revised machine learning model is determined for the input test data element.

Inventors

  • Ron Shmelkin
  • Abigail Goldsteen
  • GILAD EZOV
  • Ariel Farkash

Assignees

  • INTERNATIONAL BUSINESS MACHINES CORPORATION

Dates

Publication Date
20260512
Application Date
20210322

Claims (20)

  1. 1 . A method for testing a data removal, the method comprising: marking data elements with respective marks, wherein a first subset of the data elements is marked with a first mark representative of a first entity and a second subset of the data elements is marked with a second mark representative of a second entity, wherein the respective marks are supplemental to main content of the respective data element; inputting the marked data elements, with labels indicating the respective marks, into a machine learning model to form a trained machine learning model configured to perform a dual task comprising a main task and a secondary task, wherein the secondary task comprises a classification based on the labels; applying a forgetting mechanism to the trained machine learning model to remove the first subset of data elements including the first mark so that a revised machine learning model is formed without removing the second subset of data elements and the second mark; inputting a test data element marked with the first mark into the revised machine learning model, wherein the first mark is supplemental to main content of the test data element, wherein in response to the inputting the revised machine learning model produces an output for the main task and for the secondary task for the test data element marked with the first mark; and in response to a classification of the output for the secondary task being a public class, generating a verification notice of effectiveness of the removal of the first subset representative of the first entity from the trained machine learning model.
  2. 2 . The method of claim 1 , further comprising: applying another forgetting mechanism to the revised machine learning model to remove the second subset of data elements including the second mark so that a further revised machine learning model is formed; inputting a further test data element marked with the second mark into the further revised machine learning model, wherein the second mark is supplemental to main content of the further test data element, and wherein in response to the inputting of the further test data element marked with the second mark the further revised machine learning model produces an output for the main task and for the secondary task for the further test data element marked with the second mark; and in response to a classification of the output for the secondary task being a class corresponding to the second mark, presenting a warning of ineffectiveness of the removal of the second mark from the revised machine learning model.
  3. 3 . The method of claim 1 , wherein the marks comprise a respective watermark.
  4. 4 . The method of claim 1 , further comprising performing supervised training of the machine learning model with respect to the main task.
  5. 5 . The method of claim 1 , further comprising inputting additional unmarked data elements into the machine learning model to form the trained machine learning model.
  6. 6 . The method of claim 1 , wherein the test data element comprises a base element recognizable by the trained machine learning model as being from a known main class of the main task.
  7. 7 . The method of claim 1 , wherein the respective mark is unrelated to main content of the respective data element; and wherein the test mark is unrelated to main content of the test data element.
  8. 8 . The method of claim 1 , further comprising: applying the forgetting mechanism to the revised machine learning model to remove the second subset of data elements including the second mark so that a further revised machine learning model is formed; inputting a further test data element marked with the second mark into the further revised machine learning model, wherein the second mark is supplemental to main content of the further test data element, and wherein in response to the inputting of the further test data element marked with the second mark the further revised machine learning model produces an output for the main task and for the secondary task for the further test data element marked with the second mark; and in response to a classification of the output for the secondary task being a class corresponding to the second mark, presenting a warning of ineffectiveness of the removal of the second mark from the revised machine learning model.
  9. 9 . A computer program product comprising: one or more non-transitory computer-readable tangible storage media; and program instructions stored on at least one of the one or more non-transitory computer-readable tangible storage media to perform operations comprising: marking data elements with respective marks, wherein subsets of the data elements are marked with a respective individual mark representative of a respective entity per subset, wherein the respective individual marks are supplemental to main content of the respective data element; inputting the marked data elements into a machine learning model to form a trained machine learning model configured to perform a classification task related to the main content of the respective data elements; applying a forgetting mechanism to the trained machine learning model to remove a first subset of the subsets and to remove a first mark associated with the first subset so that a revised machine learning model is formed without removing others of the subsets and their respective marks, the first mark being representative of a first entity; inputting multiple test data elements into the revised machine learning model, wherein a first subset of the multiple test data elements includes the first mark supplemental to main content of the test data element and a second subset of the multiple test data elements does not include the first mark, wherein in response to the inputting the revised machine learning model produces a respective classification for each of the multiple test data elements; and in response to the classifications of the first subset not having increased misclassification compared to the classifications of the second subset, generating a verification notice of effectiveness of the removal of the first subset representative of the first entity from the trained machine learning model.
  10. 10 . The computer program product of claim 9 , wherein the operations further comprise: applying another forgetting mechanism to the revised machine learning model to remove a second subset of the subsets and to remove a second mark associated with the second subset so that a further revised machine learning model is formed; inputting further test data elements into the further revised machine learning model, wherein a first part subset of the further test data elements includes the second mark supplemental to main content of the further test data elements and a second part subset of the further test data elements does not include the second mark, wherein in response to the inputting of the further test data elements the further revised machine learning model produces a respective classification for each of the further test data elements; and in response to the classifications of the first part subset having increased misclassification compared to the classifications of the second part subset, presenting a warning of ineffectiveness of the removal of the second mark from the revised machine learning model.
  11. 11 . The computer program product of claim 9 , wherein the marks comprise a respective watermark.
  12. 12 . The computer program product of claim 9 , wherein the operations further comprise performing supervised training of the machine learning model with respect to the classification task.
  13. 13 . The computer program product of claim 9 , wherein the operations further comprise inputting additional unmarked data elements into the machine learning model to form the trained machine learning model.
  14. 14 . The computer program product of claim 9 , wherein the test data elements comprise a respective base element recognizable by the trained machine learning model as being from a respective class for the classification task.
  15. 15 . The computer program product of claim 9 , wherein the respective individual marks are unrelated to main content of the respective data element; and wherein the first mark is unrelated to main content of the test data element.
  16. 16 . A computer system comprising: one or more processors, one or more non-transitory computer-readable tangible storage media; and program instructions stored on at least one of the one or more non-transitory computer-readable tangible storage media to cause the one or more processors to perform operations comprising: marking data elements with respective marks, wherein subsets of the data elements are marked with a respective individual mark representative of a respective entity per subset, wherein the respective individual marks are supplemental to main content of the respective data element; inputting the marked data elements into a machine learning model to form a trained machine learning model configured to perform a classification task that includes a dual output classification, wherein a number of classes for the classification task is based on a number of main classes, a number of the respective marks, and an additional public class; applying a forgetting mechanism to the trained machine learning model to remove a first subset of the subsets and to remove a first mark associated with the first subset so that a revised machine learning model is formed without removing others of the subsets and their respective marks, the first mark being representative of a first entity; inputting a test data element marked with the first mark into the revised machine learning model, wherein the first mark is supplemental to main content of the test data element, wherein in response to the inputting the revised machine learning model produces a dual output classification for the test data element; and in response to a second portion of the dual output classification of the test data element being for the public class, generating a verification notice of effectiveness of the removal of the first subset representative of the first entity from the trained machine learning model.
  17. 17 . The computer system of claim 16 , wherein the operations further comprise: applying another forgetting mechanism to the revised machine learning model to remove a second subset of data elements and to remove a second mark associated with the second subset so that a further revised machine learning model is formed without removing others of the subsets and their respective marks, the first mark being representative of a first entity; inputting a further test data element marked with the second mark into the further revised machine learning model, wherein the second mark is supplemental to main content of the further test data element, and wherein in response to the inputting of the further test data element marked with the second mark the further revised machine learning model produces an output for the classification task for the further test data element marked with the second mark; and in response to a second portion of the classification for the further test data element being for a class corresponding to the second mark, presenting a warning of ineffectiveness of the removal of the second mark from the revised machine learning model.
  18. 18 . The computer system of claim 16 , wherein the marks comprise a respective watermark.
  19. 19 . The computer system of claim 16 , wherein the operations further comprise performing supervised training of the machine learning model with respect to the classification task.
  20. 20 . The computer system of claim 16 , wherein the operations further comprise inputting additional unmarked data elements into the machine learning model to form the trained machine learning model.

Description

BACKGROUND The present invention relates generally to the field of ‘right to be forgotten’ requests and more particularly to computerized evaluation of fulfilling such right-to-be-forgotten requests in artificial intelligence. SUMMARY According to one exemplary embodiment, a method for testing a data removal is provided. Data elements are marked with a respective mark per represented entity. The marked data elements, with labels indicating the respective marks, are input into a machine learning model to form a trained machine learning model. The trained machine learning model is configured to perform a dual task that includes a main task and a secondary task. The secondary task includes a classification based on the labels. A forgetting mechanism is applied to the trained machine learning model to remove a data element including a test mark of the marked data elements and so that a revised machine learning model is formed. A test data element marked with the test mark is input into the revised machine learning model. The classification of the secondary task of an output of the revised machine learning model is determined for the input test data element. A computer system and computer program product corresponding to the above method are also disclosed herein. BRIEF DESCRIPTION OF THE DRAWINGS These and other objects, features, and advantages of the present invention will become apparent from the following detailed description of illustrative embodiments thereof, which is to be read in connection with the accompanying drawings. The various features of the drawings are not to scale as the illustrations are for clarity in facilitating one skilled in the art in understanding the invention in conjunction with the detailed description. In the drawings: FIG. 1 illustrates a networked computer environment according to at least one embodiment; FIG. 2 is an operational flowchart illustrating a process for data removal testing according to at least one embodiment; FIG. 3 shows an example of a system pipeline for data removal testing according to at least one embodiment; FIG. 4 is an operational flowchart illustrating a process for data removal testing according to at least one other embodiment; FIG. 5 shows a system pipeline for data removal testing according to the at least one other embodiment; FIG. 6 is a block diagram of internal and external components of computers and servers depicted in FIG. 1 according to at least one embodiment; FIG. 7 is a block diagram of an illustrative cloud computing environment including the computer system depicted in FIG. 1, in accordance with an embodiment of the present disclosure; and FIG. 8 is a block diagram of functional layers of the illustrative cloud computing environment of FIG. 7, in accordance with an embodiment of the present disclosure. DETAILED DESCRIPTION Detailed embodiments of the claimed structures and methods are disclosed herein; however, it can be understood that the disclosed embodiments are merely illustrative of the claimed structures and methods that may be embodied in various forms. This invention may be embodied in many different forms and should not be construed as limited to the exemplary embodiments set forth herein. Rather, these exemplary embodiments are provided so that this disclosure will be thorough and complete and will fully convey the scope of this invention to those skilled in the art. In the description, details of well-known features and techniques may be omitted to avoid unnecessarily obscuring the presented embodiments. The following described exemplary embodiments provide a system, method, and computer program product for data removal testing as it relates to machine learning models. The present embodiments have the capacity to improve the technical field of removing data from trained machine learning models, for example when a request for forgetting is directed to the machine learning model. A right to be forgotten is established in many jurisdictions. Trained machine learning models may contain personal data. Therefore, owners of artificial intelligence and machine learning models that have used some consumer data to train their models will need to correct their model in response to receiving a request to be forgotten. The present disclosure may help evaluate the effectiveness of forgetting mechanisms that may be applied to trained machine learning models to help the models forget certain data. This forgetting may also be referred to as data removal. The present disclosure may help model owners to rate the effectiveness of various forgetting mechanisms so that they can better choose which forgetting mechanism to permanently implement for their system and model. The present disclosure may also help a model owner prove to a consumer that they have sufficiently responded to a request that the consumer makes requesting to be forgotten. The present disclosure may be applied with white box knowledge of the machine learning model and is not dep