9 matches found
Trojan Hippo: Weaponizing Agent Memory for Data Exfiltration
Memory systems enable otherwise-stateless LLM agents to persist user information across sessions, but also introduce a new attack surface. We characterize the Trojan Hippo attack, a class of persistent memory attacks that operates in a more realistic threat model than prior memory poisoning work:...
Learning-Based Privacy-Preserving Graph Publishing against Sensitive Link Inference Attacks
Publishing graph data is widely desired to enable a variety of structural analyses and downstream tasks. However, it also potentially poses severe privacy leakage, as attackers may leverage the released graph data to launch attacks and precisely infer private information such as the existence of...
UniAud: a Unified Auditing Framework for High Auditing Power and Utility with One Training Run
Differentially private DP optimization has been widely adopted as a standard approach to provide rigorous privacy guarantees for training datasets. DP auditing verifies whether a model trained with DP optimization satisfies its claimed privacy level by estimating empirical privacy lower bounds...
CSVAR: Enhancing Visual Privacy in Federated Learning Via Adaptive Shuffling against Overfitting
Although federated learning preserves training data within local privacy domains, the aggregated model parameters may still reveal private characteristics. This vulnerability stems from clients' limited training data, which predisposes models to overfitting. Such overfitting enables models to...
DynaNoise: Dynamic Probabilistic Noise Injection for Defending against Membership Inference Attacks
Membership Inference Attacks MIAs pose a significant risk to the privacy of training datasets by exploiting subtle differences in model outputs to determine whether a particular data sample was used during training. These attacks can compromise sensitive information, especially in domains such as...
Privacy and Confidentiality Requirements Engineering for Process Data
The application and development of process mining techniques face significant challenges due to the lack of publicly available real-life event logs. One reason for companies to abstain from sharing their data are privacy and confidentiality concerns. Privacy concerns refer to personal data as...
Can Differentially Private Fine-Tuning LLMs Protect against Privacy Attacks?
Fine-tuning large language models LLMs has become an essential strategy for adapting them to specialized tasks; however, this process introduces significant privacy challenges, as sensitive training data may be inadvertently memorized and exposed. Although differential privacy DP offers strong...
Reveal-Or-Obscure: a Differentially Private Sampling Algorithm for Discrete Distributions
We introduce a differentially private DP algorithm called reveal-or-obscure ROO to generate a single representative sample from a dataset of $n$ observations drawn i.i.d. from an unknown discrete distribution $P$. Unlike methods that add explicit noise to the estimated empirical distribution, ROO...
Do You Really Need Public Data? Surrogate Public Data for Differential Privacy on Tabular Data
Differentially private DP machine learning often relies on the availability of public data for tasks like privacy-utility trade-off estimation, hyperparameter tuning, and pretraining. While public data assumptions may be reasonable in text and image domains, they are less likely to hold for tabul...