Evaluating Privacy Risks of Deep Learning Based General-Purpose Language Models

doi:10.7544/issn1000-1239.2021.20200908

Abstract

Abstract: Recently, a variety of Transformer-based GPLMs (general-purpose language models), including Google’s BERT (bidirectional encoder representation from transformers), are proposed in NLP (natural language processing). GPLMs help achieve state-of-the-art performance on a wide range of NLP tasks, and are applied in industrial applications. Despite their generality and promising performance, a recent research work first shows that an attacker, who has access to the textual embeddings produced by GPLMs, can infer whether the original text contains a specific keyword with high accuracy. However, the previous work has the following limitations. First, they only consider the occurrence of one sensitive word as the sensitive information to steal, which is still far from a threatening privacy violation. Besides, their attack requires several rather strict security assumptions on the attacker’s capability, e.g., the attacker knows which GPLM produces the victim’s textual embeddings. Moreover, they only consider the GPLMs designed for English texts. To address the aforementioned limitations and serve as a complement to their work, this paper proposes a more comprehensive privacy theft chain which is designed to explore whether there are even more privacy risks in general-purpose language models. Via experiments on 13 commercial GPLMs, we empirically show that an attacker can step by step infer the GPLM type behind the textual embedding with near 100％ accuracy, then infer the textual length with over 70％ on average and finally probe sensitive words that possibly occur in the original text, which brings useful information for the attacker to finally reconstruct the sensitive semantics. Besides, this paper also evaluates the privacy risks of three typical general-purpose language models in Chinese. The results confirm that privacy risks also exist in Chinese general-purpose language models, which calls for mitigation studies in the future.

Key words: deep learning privacy, general-purpose language model (GPLMs), natural language processing, deep learning, artificial intelligence, information security

CLC Number:

TP309

Pan Xudong, Zhang Mi, Yan Yifan, Lu Yifan, Yang Min. Evaluating Privacy Risks of Deep Learning Based General-Purpose Language Models[J]. Journal of Computer Research and Development, 2021, 58(5): 1092-1105.

	Articles by Authors
	Pan Xudong
	Zhang Mi
	Yan Yifan
	Lu Yifan
	Yang Min

[1]	Li Han, Yan Mingyu, Lü Zhengyang, Li Wenming, Ye Xiaochun, Fan Dongrui, Tang Zhimin. Survey on Graph Neural Network Acceleration Architectures [J]. Journal of Computer Research and Development, 2021, 58(6): 1204-1229.
[2]	Wang Huijiao, Cong Peng, Jiang Hua, Wei Yongzhuang. Security Analysis of SIMON32/64 Based on Deep Learning [J]. Journal of Computer Research and Development, 2021, 58(5): 1056-1064.
[3]	Li Minghui, Jiang Peipei, Wang Qian, Shen Chao, Li Qi. Adversarial Attacks and Defenses for Deep Learning Models [J]. Journal of Computer Research and Development, 2021, 58(5): 909-926.
[4]	Wang Jialai, Zhang Chao, Qi Xuyan, Rong Yi. A Survey of Intelligent Malware Detection on Windows Platform [J]. Journal of Computer Research and Development, 2021, 58(5): 977-994.
[5]	Zhou Chunyi, Chen Dawei, Wang Shang, Fu Anmin, Gao Yansong. Research and Challenge of Distributed Deep Learning Privacy and Security Attack [J]. Journal of Computer Research and Development, 2021, 58(5): 927-943.
[6]	Wang Ye, Chen Junwu, Xia Xin, Jiang Bo. Intelligent Requirements Elicitation and Modeling: A Literature Review [J]. Journal of Computer Research and Development, 2021, 58(4): 683-705.
[7]	Wu Zongyou, Bai Kunlong, Yang Linrui, Wang Yiqi, Tian Yingjie. Review on Text Mining of Electronic Medical Record [J]. Journal of Computer Research and Development, 2021, 58(3): 513-527.
[8]	Liao Haibin, Xu Bin. Robust Face Expression Recognition Based on Gender and Age Factor Analysis [J]. Journal of Computer Research and Development, 2021, 58(3): 528-538.
[9]	Fu Zhangjie, Li Enlu, Cheng Xu, Huang Yongfeng, Hu Yuting. Recent Advances in Image Steganography Based on Deep Learning [J]. Journal of Computer Research and Development, 2021, 58(3): 548-568.
[10]	Zhou Peng, Wu Yanjun, Zhao Chen. A Programming Paradigm Combining Programmer and Neural Network to Promote Automated Program Generation [J]. Journal of Computer Research and Development, 2021, 58(3): 638-650.
[11]	Gu Tianlong, Feng Xuan, Li Long, Bao Xuguang, Li Yunhui. Ethical Behavior Discrimination Based on Social News Dataset [J]. Journal of Computer Research and Development, 2021, 58(2): 253-263.
[12]	Chen Jinyin, Chen Yipeng, Chen Yiming, Zheng Haibin, Ji Shouling, Shi Jie, Cheng Yao. Fairness Research on Deep Learning [J]. Journal of Computer Research and Development, 2021, 58(2): 264-280.
[13]	Li Jinpeng, Zhang Chuang, Chen Xiaojun, Hu Yue, Liao Pengcheng. Survey on Automatic Text Summarization [J]. Journal of Computer Research and Development, 2021, 58(1): 1-21.
[14]	Meng Ziyao, Gu Xue, Liang Yanchun, Xu Dong, Wu Chunguo. Deep Neural Architecture Search: A Survey [J]. Journal of Computer Research and Development, 2021, 58(1): 22-33.
[15]	Zhu Hongrui, Yuan Guojun, Yao Chengji, Tan Guangming, Wang Zhan, Hu Zhongzhe, Zhang Xiaoyang, An Xuejun. Survey on Network of Distributed Deep Learning Training [J]. Journal of Computer Research and Development, 2021, 58(1): 98-115.

Evaluating Privacy Risks of Deep Learning Based General-Purpose Language Models

RichHTML

PDF

Knowledge

Abstract

Cite this article

share this article

References

Related Articles 15

Recommended Articles

Metrics

Comments