Concept-Aware Privacy Mechanisms for Defending Embedding Inversion Attacks
This addresses privacy protection for users of NLP applications by offering a more efficient defense against embedding inversion attacks, though it is incremental as it builds on differential privacy with novel calibration.
The paper tackled the problem of privacy risks in text embeddings from inversion attacks by proposing SPARSE, a framework that uses concept-specific noise injection, which reduced privacy leakage and improved downstream performance compared to existing differential privacy methods across multiple datasets and models.
Text embeddings enable numerous NLP applications but face severe privacy risks from embedding inversion attacks, which can expose sensitive attributes or reconstruct raw text. Existing differential privacy defenses assume uniform sensitivity across embedding dimensions, leading to excessive noise and degraded utility. We propose SPARSE, a user-centric framework for concept-specific privacy protection in text embeddings. SPARSE combines (1) differentiable mask learning to identify privacy-sensitive dimensions for user-defined concepts, and (2) the Mahalanobis mechanism that applies elliptical noise calibrated by dimension sensitivity. Unlike traditional spherical noise injection, SPARSE selectively perturbs privacy-sensitive dimensions while preserving non-sensitive semantics. Evaluated across six datasets with three embedding models and attack scenarios, SPARSE consistently reduces privacy leakage while achieving superior downstream performance compared to state-of-the-art DP methods.