Saved in:
Bibliographic Details
Main Authors: Tragoudaras, Antonios, Aslanidis, Theofanis, Lionis, Emmanouil Georgios, González, Marina Orozco, Eustratiadis, Panagiotis
Format: Preprint
Published: 2025
Subjects:
Online Access:https://arxiv.org/abs/2504.16609
Tags: Add Tag
No Tags, Be the first to tag this record!
_version_ 1866916703674302464
author Tragoudaras, Antonios
Aslanidis, Theofanis
Lionis, Emmanouil Georgios
González, Marina Orozco
Eustratiadis, Panagiotis
author_facet Tragoudaras, Antonios
Aslanidis, Theofanis
Lionis, Emmanouil Georgios
González, Marina Orozco
Eustratiadis, Panagiotis
contents Text data are often encoded as dense vectors, known as embeddings, which capture semantic, syntactic, contextual, and domain-specific information. These embeddings, widely adopted in various applications, inherently contain rich information that may be susceptible to leakage under certain attacks. The GEIA framework highlights vulnerabilities in sentence embeddings, demonstrating that they can reveal the original sentences they represent. In this study, we reproduce GEIA's findings across various neural sentence embedding models. Additionally, we contribute new analysis to examine whether these models leak sensitive information from their training datasets. We propose a simple yet effective method without any modification to the attacker's architecture proposed in GEIA. The key idea is to examine differences between log-likelihood for masked and original variants of data that sentence embedding models have been pre-trained on, calculated on the embedding space of the attacker. Our findings indicate that following our approach, an adversary party can recover meaningful sensitive information related to the pre-training knowledge of the popular models used for creating sentence embeddings, seriously undermining their security. Our code is available on: https://github.com/taslanidis/GEIA
format Preprint
id arxiv_https___arxiv_org_abs_2504_16609
institution arXiv
publishDate 2025
record_format arxiv
spellingShingle Information Leakage of Sentence Embeddings via Generative Embedding Inversion Attacks
Tragoudaras, Antonios
Aslanidis, Theofanis
Lionis, Emmanouil Georgios
González, Marina Orozco
Eustratiadis, Panagiotis
Information Retrieval
Text data are often encoded as dense vectors, known as embeddings, which capture semantic, syntactic, contextual, and domain-specific information. These embeddings, widely adopted in various applications, inherently contain rich information that may be susceptible to leakage under certain attacks. The GEIA framework highlights vulnerabilities in sentence embeddings, demonstrating that they can reveal the original sentences they represent. In this study, we reproduce GEIA's findings across various neural sentence embedding models. Additionally, we contribute new analysis to examine whether these models leak sensitive information from their training datasets. We propose a simple yet effective method without any modification to the attacker's architecture proposed in GEIA. The key idea is to examine differences between log-likelihood for masked and original variants of data that sentence embedding models have been pre-trained on, calculated on the embedding space of the attacker. Our findings indicate that following our approach, an adversary party can recover meaningful sensitive information related to the pre-training knowledge of the popular models used for creating sentence embeddings, seriously undermining their security. Our code is available on: https://github.com/taslanidis/GEIA
title Information Leakage of Sentence Embeddings via Generative Embedding Inversion Attacks
topic Information Retrieval
url https://arxiv.org/abs/2504.16609