Logo
ScienceStack
Table of Contents
Fetching ...
Sign In

On Protecting the Data Privacy of Large Language Models (LLMs): A Survey

Biwei Yan, Kun Li, Minghui Xu, Yueyan Dong, Yue Zhang, Zhaochun Ren, Xiuzhen Cheng

TL;DR

This survey tackles data privacy in large language models by categorizing privacy threats into passive leakage and active attacks, and by mapping protective techniques across pre-training, fine-tuning, and inference. It synthesizes a broad literature base, highlighting methods such as data cleaning, federated learning, differential privacy, cryptographic inference, detection, and hardware-based protections. The paper identifies limitations and practical challenges in deploying privacy-preserving LLMs, and it outlines future directions including interpretability, multimodal privacy, personalized privacy, lifecycle-wide safeguards, and confidential computing. The work provides a structured reference for developers and researchers to implement and improve privacy protections in LLM ecosystems.

Abstract

Large language models (LLMs) are complex artificial intelligence systems capable of understanding, generating and translating human language. They learn language patterns by analyzing large amounts of text data, allowing them to perform writing, conversation, summarizing and other language tasks. When LLMs process and generate large amounts of data, there is a risk of leaking sensitive information, which may threaten data privacy. This paper concentrates on elucidating the data privacy concerns associated with LLMs to foster a comprehensive understanding. Specifically, a thorough investigation is undertaken to delineate the spectrum of data privacy threats, encompassing both passive privacy leakage and active privacy attacks within LLMs. Subsequently, we conduct an assessment of the privacy protection mechanisms employed by LLMs at various stages, followed by a detailed examination of their efficacy and constraints. Finally, the discourse extends to delineate the challenges encountered and outline prospective directions for advancement in the realm of LLM privacy protection.

On Protecting the Data Privacy of Large Language Models (LLMs): A Survey

TL;DR

This survey tackles data privacy in large language models by categorizing privacy threats into passive leakage and active attacks, and by mapping protective techniques across pre-training, fine-tuning, and inference. It synthesizes a broad literature base, highlighting methods such as data cleaning, federated learning, differential privacy, cryptographic inference, detection, and hardware-based protections. The paper identifies limitations and practical challenges in deploying privacy-preserving LLMs, and it outlines future directions including interpretability, multimodal privacy, personalized privacy, lifecycle-wide safeguards, and confidential computing. The work provides a structured reference for developers and researchers to implement and improve privacy protections in LLM ecosystems.

Abstract

Large language models (LLMs) are complex artificial intelligence systems capable of understanding, generating and translating human language. They learn language patterns by analyzing large amounts of text data, allowing them to perform writing, conversation, summarizing and other language tasks. When LLMs process and generate large amounts of data, there is a risk of leaking sensitive information, which may threaten data privacy. This paper concentrates on elucidating the data privacy concerns associated with LLMs to foster a comprehensive understanding. Specifically, a thorough investigation is undertaken to delineate the spectrum of data privacy threats, encompassing both passive privacy leakage and active privacy attacks within LLMs. Subsequently, we conduct an assessment of the privacy protection mechanisms employed by LLMs at various stages, followed by a detailed examination of their efficacy and constraints. Finally, the discourse extends to delineate the challenges encountered and outline prospective directions for advancement in the realm of LLM privacy protection.
Paper Structure (59 sections, 2 equations, 4 figures, 1 table)

This paper contains 59 sections, 2 equations, 4 figures, 1 table.

Table of Contents

  1. Introduction
  2. Related Work
  3. Surveys on LLM Evaluation
  4. Surveys on LLM Security and Privacy
  5. Background on Large Language Models (LLMs)
  6. Scope, Methodology, and Overview
  7. Scope
  8. Methodology
  9. Overview
  10. Privacy Leakage (Passive)
  11. Sensitive Query
  12. Contextual Leakage
  13. Personal Preferences Leakage
  14. Privacy Attacks (Active)
  15. Backdoor Attacks (Data Poisoning Attacks) on Pre-Training
  16. ...and 44 more sections

Figures (4)

  • Figure 1: The current state of research on privacy protection for LLMs is depicted. The horizontal axis represents the time of LLM releases, while the vertical axis represents the size of model parameters. Blue dots signify LLM instances not addressed in literature pertaining to privacy protection, whereas black dots indicate those that have been examined in such literature. The green backdrop delineates the central cluster zone of LLMs with the potential to facilitate privacy protection.
  • Figure 2: The process of data propagation during both the training and inference stages of LLMs.
  • Figure 3: The distribution of research papers concerning the data privacy in LLMs. "PT" and "FT" represent abbreviations for Pre-Training and Fine-Tuning, respectively.
  • Figure 4: Privacy threats, protection, and their defensive correlations.

Theorems & Definitions (2)

  • Definition 6.1
  • Definition 7.1