Evaluating Privacy Risks of Deep Learning Based General-Purpose Language Models

doi:10.7544/issn1000-1239.2021.20200908

Abstract

Abstract: Recently, a variety of Transformer-based GPLMs (general-purpose language models), including Google’s BERT (bidirectional encoder representation from transformers), are proposed in NLP (natural language processing). GPLMs help achieve state-of-the-art performance on a wide range of NLP tasks, and are applied in industrial applications. Despite their generality and promising performance, a recent research work first shows that an attacker, who has access to the textual embeddings produced by GPLMs, can infer whether the original text contains a specific keyword with high accuracy. However, the previous work has the following limitations. First, they only consider the occurrence of one sensitive word as the sensitive information to steal, which is still far from a threatening privacy violation. Besides, their attack requires several rather strict security assumptions on the attacker’s capability, e.g., the attacker knows which GPLM produces the victim’s textual embeddings. Moreover, they only consider the GPLMs designed for English texts. To address the aforementioned limitations and serve as a complement to their work, this paper proposes a more comprehensive privacy theft chain which is designed to explore whether there are even more privacy risks in general-purpose language models. Via experiments on 13 commercial GPLMs, we empirically show that an attacker can step by step infer the GPLM type behind the textual embedding with near 100％ accuracy, then infer the textual length with over 70％ on average and finally probe sensitive words that possibly occur in the original text, which brings useful information for the attacker to finally reconstruct the sensitive semantics. Besides, this paper also evaluates the privacy risks of three typical general-purpose language models in Chinese. The results confirm that privacy risks also exist in Chinese general-purpose language models, which calls for mitigation studies in the future.

Key words: deep learning privacy, general-purpose language model (GPLMs), natural language processing, deep learning, artificial intelligence, information security

CLC Number:

TP309

Pan Xudong, Zhang Mi, Yan Yifan, Lu Yifan, Yang Min. Evaluating Privacy Risks of Deep Learning Based General-Purpose Language Models[J]. Journal of Computer Research and Development, 2021, 58(5): 1092-1105.

	Articles by Authors
	Pan Xudong
	Zhang Mi
	Yan Yifan
	Lu Yifan
	Yang Min

[1]	Cai Derun, Li Hongyan. A Metric Learning Based Unsupervised Domain Adaptation Method with Its Application on Mortality Prediction [J]. Journal of Computer Research and Development, 2022, 59(3): 674-682.
[2]	Shen Zhengchen, Zhang Qianli, Zhang Chaofan, Tang Xiangyu, Wang Jilong. Location Privacy Attack Based on Deep Learning [J]. Journal of Computer Research and Development, 2022, 59(2): 390-402.
[3]	Mo Huiling, Zheng Haifeng, Gao Min, Feng Xinxin. Multi-Source Heterogeneous Data Fusion Based on Federated Learning [J]. Journal of Computer Research and Development, 2022, 59(2): 478-487.
[4]	Liu Tieyuan, Chen Wei, Chang Liang, Gu Tianlong. Research Advances in the Knowledge Tracing Based on Deep Learning [J]. Journal of Computer Research and Development, 2022, 59(1): 81-104.
[5]	Pan Xuan, Xu Sihan, Cai Xiangrui, Wen Yanlong, Yuan Xiaojie. Survey on Deep Learning Based Natural Language Interface to Database [J]. Journal of Computer Research and Development, 2021, 58(9): 1925-1950.
[6]	Chen Chujie, Lü Jianming, Shen Huawei. Fine-Grained Interview Evaluation Method Based on Keyword Attention [J]. Journal of Computer Research and Development, 2021, 58(9): 2013-2024.
[7]	Ding Zongyuan, Sun Quansen, Wang Tao, Wang Hongyuan. Deep Interactive Image Segmentation Based on Fusion Multi-Scale Annotation Information [J]. Journal of Computer Research and Development, 2021, 58(8): 1705-1717.
[8]	Zheng Haibin, Chen Jinyin, Zhang Yan, Zhang Xuhong, Ge Chunpeng, Liu Zhe, Ouyang Yike, Ji Shouling. Survey of Adversarial Attack, Defense and Robustness Analysis for Natural Language Processing [J]. Journal of Computer Research and Development, 2021, 58(8): 1727-1750.
[9]	Chen Bofeng, Li Jingdong, Lu Xingjian, Sha Chaofeng, Wang Xiaoling, Zhang Ji. Survey of Deep Learning Based Graph Anomaly Detection Methods [J]. Journal of Computer Research and Development, 2021, 58(7): 1436-1455.
[10]	Sun Penghao, Lan Julong, Shen Juan, Hu Yuxiang. Pinning Control-Based Routing Policy Generation Using Deep Reinforcement Learning [J]. Journal of Computer Research and Development, 2021, 58(7): 1563-1572.
[11]	Li Han, Yan Mingyu, Lü Zhengyang, Li Wenming, Ye Xiaochun, Fan Dongrui, Tang Zhimin. Survey on Graph Neural Network Acceleration Architectures [J]. Journal of Computer Research and Development, 2021, 58(6): 1204-1229.
[12]	Wang Huijiao, Cong Peng, Jiang Hua, Wei Yongzhuang. Security Analysis of SIMON32/64 Based on Deep Learning [J]. Journal of Computer Research and Development, 2021, 58(5): 1056-1064.
[13]	Li Minghui, Jiang Peipei, Wang Qian, Shen Chao, Li Qi. Adversarial Attacks and Defenses for Deep Learning Models [J]. Journal of Computer Research and Development, 2021, 58(5): 909-926.
[14]	Wang Jialai, Zhang Chao, Qi Xuyan, Rong Yi. A Survey of Intelligent Malware Detection on Windows Platform [J]. Journal of Computer Research and Development, 2021, 58(5): 977-994.
[15]	Zhou Chunyi, Chen Dawei, Wang Shang, Fu Anmin, Gao Yansong. Research and Challenge of Distributed Deep Learning Privacy and Security Attack [J]. Journal of Computer Research and Development, 2021, 58(5): 927-943.

Evaluating Privacy Risks of Deep Learning Based General-Purpose Language Models

RichHTML

PDF

Knowledge

Abstract

Cite this article

share this article

References

Related Articles 15

Recommended Articles

Metrics

Comments