Salvato in:
Dettagli Bibliografici
Autori principali: Hu, Yingqi, Zhang, Zhuo, Zhang, Jingyuan, Wang, Jinghua, Wang, Qifan, Qu, Lizhen, Xu, Zenglin
Natura: Preprint
Pubblicazione: 2025
Soggetti:
Accesso online:https://arxiv.org/abs/2506.06060
Tags: Aggiungi Tag
Nessun Tag, puoi essere il primo ad aggiungerne!!
_version_ 1866910032171368448
author Hu, Yingqi
Zhang, Zhuo
Zhang, Jingyuan
Wang, Jinghua
Wang, Qifan
Qu, Lizhen
Xu, Zenglin
author_facet Hu, Yingqi
Zhang, Zhuo
Zhang, Jingyuan
Wang, Jinghua
Wang, Qifan
Qu, Lizhen
Xu, Zenglin
contents Federated large language models (FedLLMs) enable cross-silo collaborative training among institutions while preserving data locality, making them appealing for privacy-sensitive domains such as law, finance, and healthcare. However, the memorization behavior of LLMs can lead to privacy risks that may cause cross-client data leakage. In this work, we study the threat of cross-client data extraction, where a semi-honest participant attempts to recover personally identifiable information (PII) memorized from other clients' data. We propose three simple yet effective extraction strategies that leverage contextual prefixes from the attacker's local data, including frequency-based prefix sampling and local fine-tuning to amplify memorization. To evaluate these attacks, we construct a Chinese legal-domain dataset with fine-grained PII annotations consistent with CPIS, GDPR, and CCPA standards, and assess extraction performance using two metrics: coverage and efficiency. Experimental results show that our methods can recover up to 56.6% of victim-exclusive PII, where names, addresses, and birthdays are particularly vulnerable. These findings highlight concrete privacy risks in FedLLMs and establish a benchmark and evaluation framework for future research on privacy-preserving federated learning. Code and data are available at https://github.com/SMILELab-FL/FedPII.
format Preprint
id arxiv_https___arxiv_org_abs_2506_06060
institution arXiv
publishDate 2025
record_format arxiv
spellingShingle Simple Yet Effective: Extracting Private Data Across Clients in Federated Fine-Tuning of Large Language Models
Hu, Yingqi
Zhang, Zhuo
Zhang, Jingyuan
Wang, Jinghua
Wang, Qifan
Qu, Lizhen
Xu, Zenglin
Computation and Language
Artificial Intelligence
Federated large language models (FedLLMs) enable cross-silo collaborative training among institutions while preserving data locality, making them appealing for privacy-sensitive domains such as law, finance, and healthcare. However, the memorization behavior of LLMs can lead to privacy risks that may cause cross-client data leakage. In this work, we study the threat of cross-client data extraction, where a semi-honest participant attempts to recover personally identifiable information (PII) memorized from other clients' data. We propose three simple yet effective extraction strategies that leverage contextual prefixes from the attacker's local data, including frequency-based prefix sampling and local fine-tuning to amplify memorization. To evaluate these attacks, we construct a Chinese legal-domain dataset with fine-grained PII annotations consistent with CPIS, GDPR, and CCPA standards, and assess extraction performance using two metrics: coverage and efficiency. Experimental results show that our methods can recover up to 56.6% of victim-exclusive PII, where names, addresses, and birthdays are particularly vulnerable. These findings highlight concrete privacy risks in FedLLMs and establish a benchmark and evaluation framework for future research on privacy-preserving federated learning. Code and data are available at https://github.com/SMILELab-FL/FedPII.
title Simple Yet Effective: Extracting Private Data Across Clients in Federated Fine-Tuning of Large Language Models
topic Computation and Language
Artificial Intelligence
url https://arxiv.org/abs/2506.06060