Logo
ScienceStack
Table of Contents
Fetching ...
Sign In

Privacy in Fine-tuning Large Language Models: Attacks, Defenses, and Future Directions

Hao Du, Shang Liu, Lele Zheng, Yang Cao, Atsuyoshi Nakamura, Lei Chen

TL;DR

This paper surveys privacy risks unique to the fine-tuning of large language models, focusing on data-centered attacks (membership inference and data extraction) and outputs manipulation (backdoors). It analyzes how different fine-tuning paradigms, especially full fine-tuning versus parameter-efficient fine-tuning (PEFT), interact with privacy threats and defenses, including differential privacy, federated learning, and knowledge unlearning. The authors identify gaps in understanding PEFT-specific vulnerabilities and the limitations of current defenses, and they propose directions for more robust, utility-preserving privacy techniques in fine-tuning. Overall, the work provides a focused framework for assessing privacy during fine-tuning and guides future research toward responsible deployment of LLMs in sensitive domains.

Abstract

Fine-tuning has emerged as a critical process in leveraging Large Language Models (LLMs) for specific downstream tasks, enabling these models to achieve state-of-the-art performance across various domains. However, the fine-tuning process often involves sensitive datasets, introducing privacy risks that exploit the unique characteristics of this stage. In this paper, we provide a comprehensive survey of privacy challenges associated with fine-tuning LLMs, highlighting vulnerabilities to various privacy attacks, including membership inference, data extraction, and backdoor attacks. We further review defense mechanisms designed to mitigate privacy risks in the fine-tuning phase, such as differential privacy, federated learning, and knowledge unlearning, discussing their effectiveness and limitations in addressing privacy risks and maintaining model utility. By identifying key gaps in existing research, we highlight challenges and propose directions to advance the development of privacy-preserving methods for fine-tuning LLMs, promoting their responsible use in diverse applications.

Privacy in Fine-tuning Large Language Models: Attacks, Defenses, and Future Directions

TL;DR

This paper surveys privacy risks unique to the fine-tuning of large language models, focusing on data-centered attacks (membership inference and data extraction) and outputs manipulation (backdoors). It analyzes how different fine-tuning paradigms, especially full fine-tuning versus parameter-efficient fine-tuning (PEFT), interact with privacy threats and defenses, including differential privacy, federated learning, and knowledge unlearning. The authors identify gaps in understanding PEFT-specific vulnerabilities and the limitations of current defenses, and they propose directions for more robust, utility-preserving privacy techniques in fine-tuning. Overall, the work provides a focused framework for assessing privacy during fine-tuning and guides future research toward responsible deployment of LLMs in sensitive domains.

Abstract

Fine-tuning has emerged as a critical process in leveraging Large Language Models (LLMs) for specific downstream tasks, enabling these models to achieve state-of-the-art performance across various domains. However, the fine-tuning process often involves sensitive datasets, introducing privacy risks that exploit the unique characteristics of this stage. In this paper, we provide a comprehensive survey of privacy challenges associated with fine-tuning LLMs, highlighting vulnerabilities to various privacy attacks, including membership inference, data extraction, and backdoor attacks. We further review defense mechanisms designed to mitigate privacy risks in the fine-tuning phase, such as differential privacy, federated learning, and knowledge unlearning, discussing their effectiveness and limitations in addressing privacy risks and maintaining model utility. By identifying key gaps in existing research, we highlight challenges and propose directions to advance the development of privacy-preserving methods for fine-tuning LLMs, promoting their responsible use in diverse applications.

Paper Structure

This paper contains 26 sections, 1 figure, 2 tables.

Table of Contents

  1. Introduction
  2. Preliminaries
  3. Fine-tuning Model
  4. Parameter-Efficient Fine-Tuning Methods
  5. Privacy Attacks in Fine-tuning LLMs
  6. Membership Inference Attack
  7. Data Extraction Attack
  8. Backdoor Attack
  9. Privacy Defenses in Fine-tuning LLMs
  10. Data Anonymization
  11. Classical Anonymization.
  12. Anonymization with Differential Privacy.
  13. Fine-tuning with Differential Privacy
  14. Full Fine-tuning with DP.
  15. PEFT with Differential Privacy.
  16. ...and 11 more sections

Figures (1)

  • Figure 1: Overview of Privacy in Fine-tuning LLMs.

Theorems & Definitions (3)

  • remark thmcounterremark
  • remark thmcounterremark
  • remark thmcounterremark