Main page Research activities Publications Talks MSc thesis projects Courses Mentoring Hobby and spare time Write me This site uses
Google Analytics
 Last updated on
28 October 2024

Publication details

F. Galli, L. Melis, T. Cucinotta. "Noisy Neighbors: Efficient membership inference attacks against LLMs," in Proceedings of the 5th Workshop on Privacy in Natural Language Processing (PrivateNLP 2024), 62nd Annual Meeting of the Association for Computational Linguistics (ACL 2024), August 15th, 2024, Bangkok, Thailand.

Abstract

The potential of transformer-based LLMs risks being hindered by privacy concerns due to their reliance on extensive datasets, possibly including sensitive information. Regulatory measures like GDPR and CCPA call for using robust auditing tools to address potential privacy issues, with Membership Inference Attacks (MIA) being the primary method for assessing LLMs’ privacy risks. Differently from traditional MIA approaches, often requiring computationally intensive training of additional models, this paper introduces an efficient methodology that generates noisy neighbors for a target sample by adding stochastic noise in the embedding space, requiring operating the target model in inference mode only. Our findings demonstrate that this approach closely matches the effectiveness of employing shadow models, showing its usability in practical privacy auditing scenarios.

Copyright by ACL.

See paper on publisher's website

Download paper

BibTeX entry: 

@inproceedings{galli-etal-2024-noisy,
    title = "Noisy Neighbors: Efficient membership inference attacks against {LLM}s",
    author = "Galli, Filippo  and
      Melis, Luca  and
      Cucinotta, Tommaso",
    editor = "Habernal, Ivan  and
      Ghanavati, Sepideh  and
      Ravichander, Abhilasha  and
      Jain, Vijayanta  and
      Thaine, Patricia  and
      Igamberdiev, Timour  and
      Mireshghallah, Niloofar  and
      Feyisetan, Oluwaseyi",
    booktitle = "Proceedings of the Fifth Workshop on Privacy in Natural Language Processing",
    month = aug,
    year = "2024",
    address = "Bangkok, Thailand",
    publisher = "Association for Computational Linguistics",
    url = "https://aclanthology.org/2024.privatenlp-1.1",
    pages = "1--6",
    abstract = "The potential of transformer-based LLMs risks being hindered by privacy concerns due to their reliance on extensive datasets, possibly including sensitive information. Regulatory measures like GDPR and CCPA call for using robust auditing tools to address potential privacy issues, with Membership Inference Attacks (MIA) being the primary method for assessing LLMs{'} privacy risks. Differently from traditional MIA approaches, often requiring computationally intensive training of additional models, this paper introduces an efficient methodology that generates noisy neighbors for a target sample by adding stochastic noise in the embedding space, requiring operating the target model in inference mode only. Our findings demonstrate that this approach closely matches the effectiveness of employing shadow models, showing its usability in practical privacy auditing scenarios.",
}
Main page Research activities Publications Talks MSc thesis projects Courses Mentoring Hobby and spare time Write me Last updated on
07 November 2024