Forget to Flourish: Leveraging Machine-Unlearning on Pretrained Language Models for Privacy Leakage
This work addresses privacy threats for users downloading pre-trained models from unverified sources, but it is incremental as it builds on existing attack methods.
The study tackled the privacy risks of fine-tuning pre-trained language models on private data by introducing a novel poisoning technique that uses model-unlearning as an attack tool to increase leakage of private data during fine-tuning, with experimental results showing it significantly surpasses baseline performance in membership inference and data extraction attacks.
Fine-tuning large language models on private data for downstream applications poses significant privacy risks in potentially exposing sensitive information. Several popular community platforms now offer convenient distribution of a large variety of pre-trained models, allowing anyone to publish without rigorous verification. This scenario creates a privacy threat, as pre-trained models can be intentionally crafted to compromise the privacy of fine-tuning datasets. In this study, we introduce a novel poisoning technique that uses model-unlearning as an attack tool. This approach manipulates a pre-trained language model to increase the leakage of private data during the fine-tuning process. Our method enhances both membership inference and data extraction attacks while preserving model utility. Experimental results across different models, datasets, and fine-tuning setups demonstrate that our attacks significantly surpass baseline performance. This work serves as a cautionary note for users who download pre-trained models from unverified sources, highlighting the potential risks involved.