Saved in:
Bibliographic Details
Main Authors: Li, Jianwei, Liu, Sheng, Lei, Qi
Format: Preprint
Published: 2023
Subjects:
Online Access:https://arxiv.org/abs/2312.05720
Tags: Add Tag
No Tags, Be the first to tag this record!
_version_ 1866916160790855680
author Li, Jianwei
Liu, Sheng
Lei, Qi
author_facet Li, Jianwei
Liu, Sheng
Lei, Qi
contents Language models trained via federated learning (FL) demonstrate impressive capabilities in handling complex tasks while protecting user privacy. Recent studies indicate that leveraging gradient information and prior knowledge can potentially reveal training samples within FL setting. However, these investigations have overlooked the potential privacy risks tied to the intrinsic architecture of the models. This paper presents a two-stage privacy attack strategy that targets the vulnerabilities in the architecture of contemporary language models, significantly enhancing attack performance by initially recovering certain feature directions as additional supervisory signals. Our comparative experiments demonstrate superior attack performance across various datasets and scenarios, highlighting the privacy leakage risk associated with the increasingly complex architectures of language models. We call for the community to recognize and address these potential privacy risks in designing large language models.
format Preprint
id arxiv_https___arxiv_org_abs_2312_05720
institution arXiv
publishDate 2023
record_format arxiv
spellingShingle Beyond Gradient and Priors in Privacy Attacks: Leveraging Pooler Layer Inputs of Language Models in Federated Learning
Li, Jianwei
Liu, Sheng
Lei, Qi
Machine Learning
Artificial Intelligence
Computation and Language
Cryptography and Security
Language models trained via federated learning (FL) demonstrate impressive capabilities in handling complex tasks while protecting user privacy. Recent studies indicate that leveraging gradient information and prior knowledge can potentially reveal training samples within FL setting. However, these investigations have overlooked the potential privacy risks tied to the intrinsic architecture of the models. This paper presents a two-stage privacy attack strategy that targets the vulnerabilities in the architecture of contemporary language models, significantly enhancing attack performance by initially recovering certain feature directions as additional supervisory signals. Our comparative experiments demonstrate superior attack performance across various datasets and scenarios, highlighting the privacy leakage risk associated with the increasingly complex architectures of language models. We call for the community to recognize and address these potential privacy risks in designing large language models.
title Beyond Gradient and Priors in Privacy Attacks: Leveraging Pooler Layer Inputs of Language Models in Federated Learning
topic Machine Learning
Artificial Intelligence
Computation and Language
Cryptography and Security
url https://arxiv.org/abs/2312.05720