Saved in:
Bibliographic Details
Main Authors: He, Jinwen, Lu, Yiyang, Lin, Zijin, Chen, Kai, Zhao, Yue
Format: Preprint
Published: 2025
Subjects:
Online Access:https://arxiv.org/abs/2506.19563
Tags: Add Tag
No Tags, Be the first to tag this record!
_version_ 1866913910276227072
author He, Jinwen
Lu, Yiyang
Lin, Zijin
Chen, Kai
Zhao, Yue
author_facet He, Jinwen
Lu, Yiyang
Lin, Zijin
Chen, Kai
Zhao, Yue
contents Large Language Models (LLMs) are widely used in sensitive domains, including healthcare, finance, and legal services, raising concerns about potential private information leaks during inference. Privacy extraction attacks, such as jailbreaking, expose vulnerabilities in LLMs by crafting inputs that force the models to output sensitive information. However, these attacks cannot verify whether the extracted private information is accurate, as no public datasets exist for cross-validation, leaving a critical gap in private information detection during inference. To address this, we propose PrivacyXray, a novel framework detecting privacy breaches by analyzing LLM inner states. Our analysis reveals that LLMs exhibit higher semantic coherence and probabilistic certainty when generating correct private outputs. Based on this, PrivacyXray detects privacy breaches using four metrics: intra-layer and inter-layer semantic similarity, token-level and sentence-level probability distributions. PrivacyXray addresses critical challenges in private information detection by overcoming the lack of open-source private datasets and eliminating reliance on external data for validation. It achieves this through the synthesis of realistic private data and a detection mechanism based on the inner states of LLMs. Experiments show that PrivacyXray achieves consistent performance, with an average accuracy of 92.69% across five LLMs. Compared to state-of-the-art methods, PrivacyXray achieves significant improvements, with an average accuracy increase of 20.06%, highlighting its stability and practical utility in real-world applications.
format Preprint
id arxiv_https___arxiv_org_abs_2506_19563
institution arXiv
publishDate 2025
record_format arxiv
spellingShingle PrivacyXray: Detecting Privacy Breaches in LLMs through Semantic Consistency and Probability Certainty
He, Jinwen
Lu, Yiyang
Lin, Zijin
Chen, Kai
Zhao, Yue
Cryptography and Security
Artificial Intelligence
Large Language Models (LLMs) are widely used in sensitive domains, including healthcare, finance, and legal services, raising concerns about potential private information leaks during inference. Privacy extraction attacks, such as jailbreaking, expose vulnerabilities in LLMs by crafting inputs that force the models to output sensitive information. However, these attacks cannot verify whether the extracted private information is accurate, as no public datasets exist for cross-validation, leaving a critical gap in private information detection during inference. To address this, we propose PrivacyXray, a novel framework detecting privacy breaches by analyzing LLM inner states. Our analysis reveals that LLMs exhibit higher semantic coherence and probabilistic certainty when generating correct private outputs. Based on this, PrivacyXray detects privacy breaches using four metrics: intra-layer and inter-layer semantic similarity, token-level and sentence-level probability distributions. PrivacyXray addresses critical challenges in private information detection by overcoming the lack of open-source private datasets and eliminating reliance on external data for validation. It achieves this through the synthesis of realistic private data and a detection mechanism based on the inner states of LLMs. Experiments show that PrivacyXray achieves consistent performance, with an average accuracy of 92.69% across five LLMs. Compared to state-of-the-art methods, PrivacyXray achieves significant improvements, with an average accuracy increase of 20.06%, highlighting its stability and practical utility in real-world applications.
title PrivacyXray: Detecting Privacy Breaches in LLMs through Semantic Consistency and Probability Certainty
topic Cryptography and Security
Artificial Intelligence
url https://arxiv.org/abs/2506.19563