Saved in:
| Main Authors: | , , , , |
|---|---|
| Format: | Preprint |
| Published: |
2025
|
| Subjects: | |
| Online Access: | https://arxiv.org/abs/2505.22061 |
| Tags: |
Add Tag
No Tags, Be the first to tag this record!
|
| _version_ | 1866908670189633536 |
|---|---|
| author | Choi, Yujin Park, Youngjoo Byun, Junyoung Lee, Jaewook Park, Jinseong |
| author_facet | Choi, Yujin Park, Youngjoo Byun, Junyoung Lee, Jaewook Park, Jinseong |
| contents | Retrieval-augmented generation (RAG) mitigates the hallucination problem in large language models (LLMs) and has proven effective for personalized usages. However, delivering private retrieved documents directly to LLMs introduces vulnerability to membership inference attacks (MIAs), which try to determine whether the target data point exists in the private external database or not. Based on the insight that MIA queries typically exhibit high similarity to only one target document, we introduce a novel similarity-based MIA detection framework designed for the RAG system. With the proposed method, we show that a simple detect-and-hide strategy can successfully obfuscate attackers, maintain data utility, and remain system-agnostic against MIA. We experimentally prove its detection and defense against various state-of-the-art MIA methods and its adaptability to existing RAG systems. |
| format | Preprint |
| id |
arxiv_https___arxiv_org_abs_2505_22061 |
| institution | arXiv |
| publishDate | 2025 |
| record_format | arxiv |
| spellingShingle | Safeguarding Privacy of Retrieval Data against Membership Inference Attacks: Is This Query Too Close to Home? Choi, Yujin Park, Youngjoo Byun, Junyoung Lee, Jaewook Park, Jinseong Computation and Language Retrieval-augmented generation (RAG) mitigates the hallucination problem in large language models (LLMs) and has proven effective for personalized usages. However, delivering private retrieved documents directly to LLMs introduces vulnerability to membership inference attacks (MIAs), which try to determine whether the target data point exists in the private external database or not. Based on the insight that MIA queries typically exhibit high similarity to only one target document, we introduce a novel similarity-based MIA detection framework designed for the RAG system. With the proposed method, we show that a simple detect-and-hide strategy can successfully obfuscate attackers, maintain data utility, and remain system-agnostic against MIA. We experimentally prove its detection and defense against various state-of-the-art MIA methods and its adaptability to existing RAG systems. |
| title | Safeguarding Privacy of Retrieval Data against Membership Inference Attacks: Is This Query Too Close to Home? |
| topic | Computation and Language |
| url | https://arxiv.org/abs/2505.22061 |