An Inversion Attack Against Obfuscated Embedding Matrix in Language Model Inference

Yu Lin; Qizhi Zhang; Quanwei Cai; Jue Hong; Wu Ye; Huiqi Liu; Bing Duan

2024 EMNLP EMNLP 2024

An Inversion Attack Against Obfuscated Embedding Matrix in Language Model Inference

Abstract

AbstractWith the rapidly-growing deployment of large language model (LLM) inference services, privacy concerns have arisen regarding to the user input data. Recent studies are exploring transforming user inputs to obfuscated embedded vectors, so that the data will not be eavesdropped by service provides. However, in this paper we show that again, without a solid and deliberate security design and analysis, such embedded vector obfuscation failed to protect users’ privacy. We demonstrate the conclusion via conducting a novel inversion attack called Element-wise Differential Nearest Neighbor (EDNN) on the glide-reflection proposed in (CITATION), and the result showed that the original user input text can be 100% recovered from the obfuscated embedded vectors. We further analyze security requirements on embedding obfuscation and present several remedies to our proposed attack.

🌉 Interdisciplinary Bridge — Artificial Intelligence and Deep Learning and Machine Learning and Security & Privacy

🧭 Keyword Pioneer — embedding obfuscation

🐝 Cross-Pollinator — Artificial Intelligence, Computer Science, Computer Vision, Data Science & Analytics, Deep Learning, Healthcare & Medicine, Interdisciplinary, Knowledge & Reasoning, Machine Learning, Mathematics & Optimization, Natural Language Processing, Reinforcement Learning, Robotics, Security & Privacy, Speech & Audio

Authors

Yu Lin , Qizhi Zhang , Quanwei Cai , Jue Hong , Wu Ye , Huiqi Liu , Bing Duan

Topics

Machine Learning > Application Areas > Knowledge Distillation Machine Learning > Application Areas > Privacy Security & Privacy > Privacy Artificial Intelligence > Core AI > Privacy Deep Learning > Models > Large Language Models Machine Learning > Learning Types > Privacy

Keywords

privacy attack language model inference privacy-preserving inference user privacy embedding obfuscation inversion attack text recovery embedding matrix

Download PDF

Related papers

EmbodiedBERT: Cognitively Informed Metaphor Detection Incorporating Sensorimotor Information 2024

Mitigating Matthew Effect: Multi-Hypergraph Boosted Multi-Interest Self-Supervised Learning for Conversational Recommendation 2024

Learning to Extract Structured Entities Using Language Models 2024

Towards Understanding Jailbreak Attacks in LLMs: A Representation Space Analysis 2024

CSSL: Contrastive Self-Supervised Learning for Dependency Parsing on Relatively Free Word Ordered and Morphologically Rich Low Resource Languages 2024