SoK: Reducing the Vulnerability of Fine-tuned Language Models to Membership Inference Attacks
This addresses privacy concerns for users and organizations deploying fine-tuned language models on sensitive data, but it is incremental as it reviews and synthesizes existing research rather than introducing new methods.
The paper tackles the problem of privacy risks in fine-tuned language models by systematically reviewing their vulnerability to membership inference attacks, finding that methods like differential privacy with low-rank adaptors significantly reduce privacy risk.
Natural language processing models have experienced a significant upsurge in recent years, with numerous applications being built upon them. Many of these applications require fine-tuning generic base models on customized, proprietary datasets. This fine-tuning data is especially likely to contain personal or sensitive information about individuals, resulting in increased privacy risk. Membership inference attacks are the most commonly employed attack to assess the privacy leakage of a machine learning model. However, limited research is available on the factors that affect the vulnerability of language models to this kind of attack, or on the applicability of different defense strategies in the language domain. We provide the first systematic review of the vulnerability of fine-tuned large language models to membership inference attacks, the various factors that come into play, and the effectiveness of different defense strategies. We find that some training methods provide significantly reduced privacy risk, with the combination of differential privacy and low-rank adaptors achieving the best privacy protection against these attacks.