Saved in:
Bibliographic Details
Main Author: Mivule, Kato
Format: Preprint
Published: 2026
Subjects:
Online Access:https://arxiv.org/abs/2604.23795
Tags: Add Tag
No Tags, Be the first to tag this record!
_version_ 1866914508013830144
author Mivule, Kato
author_facet Mivule, Kato
contents This paper extends the Classification Error Gauge (x-CEG) framework, originally developed for measuring the privacy-utility trade-off in tabular datasets, to privacy auditing of Large Language Models (LLMs). We propose LLM-CEG, a systematic framework that employs membership inference attack (MIA) success rates as an empirical privacy gauge and model perplexity as a utility gauge, iteratively adjusting differential privacy parameters until both thresholds are jointly satisfied. A proof-of-concept prototype fine-tunes DistilGPT-2 on a synthetic clinical PII dataset under four privacy regimes using DP-SGD. Results indicate that DP-SGD reduces MIA attacker advantage by 71.5% while simultaneously improving out-of-distribution utility by 47-50% relative to the overfitted baseline, suggesting that differential privacy may act as implicit regularization under narrow fine-tuning conditions. We further extend the SIED engineering framework to the LLM context as LLM-SIED, providing an auditable, regulator-aligned process for privacy-compliant LLM deployment.
format Preprint
id arxiv_https___arxiv_org_abs_2604_23795
institution arXiv
publishDate 2026
record_format arxiv
spellingShingle LLM-CEG: Extending the Classification Error Gauge Framework for Privacy Auditing of Large Language Models
Mivule, Kato
Cryptography and Security
This paper extends the Classification Error Gauge (x-CEG) framework, originally developed for measuring the privacy-utility trade-off in tabular datasets, to privacy auditing of Large Language Models (LLMs). We propose LLM-CEG, a systematic framework that employs membership inference attack (MIA) success rates as an empirical privacy gauge and model perplexity as a utility gauge, iteratively adjusting differential privacy parameters until both thresholds are jointly satisfied. A proof-of-concept prototype fine-tunes DistilGPT-2 on a synthetic clinical PII dataset under four privacy regimes using DP-SGD. Results indicate that DP-SGD reduces MIA attacker advantage by 71.5% while simultaneously improving out-of-distribution utility by 47-50% relative to the overfitted baseline, suggesting that differential privacy may act as implicit regularization under narrow fine-tuning conditions. We further extend the SIED engineering framework to the LLM context as LLM-SIED, providing an auditable, regulator-aligned process for privacy-compliant LLM deployment.
title LLM-CEG: Extending the Classification Error Gauge Framework for Privacy Auditing of Large Language Models
topic Cryptography and Security
url https://arxiv.org/abs/2604.23795