Loading...
Machine unlearning aims to selectively remove data-dependent influence from trained machine learning models to meet privacy, safety, and regulatory requirements. As contemporary learning systems evolve toward foundation models, distributed and federated training, and large-scale generative architectures, unlearning has expanded beyond naive retraining-based deletion to encompass approximate, certified, and representation-level interventions. This survey provides a comprehensive synthesis of machine unlearning through a four-dimensional taxonomy, Intent, Mechanism, Guarantee, and Context (IMGC), that explicitly displays what is forgotten, how forgetting is operationalized, what level of assurance is provided, and where unlearning is applied within the system stack. We systematically review exact and approximate unlearning techniques, including retraining-based methods, influence-function approaches, parameter manipulation, and certified and differentially private unlearning, and examine their instantiations in large language models, federated learning, graph neural networks (GNNs), and generative models. Across these settings, we highlight how architectural, statistical, and deployment constraints fundamentally shape achievable unlearning guarantees. Beyond algorithmic methods, the survey analyzes evaluation protocols, verification and auditing practices, security and privacy threats, and deployment considerations, clarifying key trade-offs, limitations, and open challenges in designing reliable, auditable, and policy-aligned unlearning systems.
Foundation models and LLMs complicate the simple story of “delete the row, retrain the table.” Retraining from scratch is often infeasible; machine unlearning instead seeks procedures that remove influence of designated data or concepts while preserving acceptable behavior on the rest. In product settings, providers may ship a model plus an unlearning interface—so users can request forgetting—then re-release an updated checkpoint. That pipeline raises distinct research problems at submission, execution, and release.
Figure 1: End-to-end view from model release and public unlearning UI through the unlearning process to a re-released model, with problem clusters for submission and interface design, the unlearning algorithm itself, and verification or metrics at release.
The survey discusses what should be unlearned—concepts, documents, entities, or behaviors—and how to represent requests without admitting poisoned or adversarial evidence. Sequential or repeated unlearning interacts with stability and capacity limits; interfaces must balance usability with safety.
Method sections typically contrast data-centric approaches (filtering, influence-based updates), parameter-centric edits (fine-tuning, gradient steps, sparse updates), and hybrid or architecture-aware strategies suited to large transformers. Core tensions include how complete removal can be in practice, how to choose a retaining set that preserves utility, and how approximate methods relate to formal guarantees.
After unlearning, stakeholders ask whether the model actually forgot—which metrics (membership inference–style probes, behavioral tests, knowledge checks) are appropriate, and whether effectiveness holds under adaptive or distribution-shift evaluation. The survey connects these questions to robustness of claimed unlearning and responsible release practices.
Full text and updates are available on SSRN (DOI 10.2139/ssrn.5968054).