2022
DOI: 10.48550/arxiv.2203.03929
|View full text |Cite
Preprint
|
Sign up to set email alerts
|

Quantifying Privacy Risks of Masked Language Models Using Membership Inference Attacks

Abstract: The wide adoption and application of Masked language models (MLMs) on sensitive data (from legal to medical) necessitates a thorough quantitative investigation into their privacy vulnerabilities -to what extent do MLMs leak information about their training data? Prior attempts at measuring leakage of MLMs via membership inference attacks have been inconclusive, implying potential robustness of MLMs to privacy attacks. In this work, we posit that prior attempts were inconclusive because they based their attack … Show more

Help me understand this report

Search citation statements

Order By: Relevance

Paper Sections

Select...
2
2
1

Citation Types

0
7
0

Year Published

2022
2022
2024
2024

Publication Types

Select...
6
2

Relationship

1
7

Authors

Journals

citations
Cited by 8 publications
(7 citation statements)
references
References 20 publications
0
7
0
Order By: Relevance
“…Memorization in Language Models: Unintended memorization is a known challenge for language models [12,13], which makes them open to extraction attacks [14,15] and membership inference attacks [16,17], although there has been work on mitigating these vulnerabilities [11,18]. Recent work has argued that memorization is not exclusively harmful, and can be crucial for certain types of generalization (e.g., on QA tasks) [19,20,21], while also allowing the models to encode significant amounts of world or factual knowledge [22,23,24].…”
Section: Background and Related Workmentioning
confidence: 99%
“…Memorization in Language Models: Unintended memorization is a known challenge for language models [12,13], which makes them open to extraction attacks [14,15] and membership inference attacks [16,17], although there has been work on mitigating these vulnerabilities [11,18]. Recent work has argued that memorization is not exclusively harmful, and can be crucial for certain types of generalization (e.g., on QA tasks) [19,20,21], while also allowing the models to encode significant amounts of world or factual knowledge [22,23,24].…”
Section: Background and Related Workmentioning
confidence: 99%
“…Membership Inference Attacks in NLP Specifically in NLP, membership inference attacks are an important component of language model extraction attacks (Carlini et al, 2021b;Mireshghallah et al, 2022b). Further studies of interest include work by Hisamoto et al (2020), which studies membership inference attacks in machine translation, as well as work by Mireshghallah et al (2022a), which investigates Likelihood Ratio Attacks for masked language models. Specifically for language models, a large body of work also studies the related phenomenon of memorization (Kandpal et al, 2022;Carlini et al, 2022b,a;Zhang et al, 2021), which enables membership inference and data extraction attacks in the first place.…”
Section: Related Workmentioning
confidence: 99%
“…In contrast, the ability to poison a small fraction of the training set may be much more realistic (especially for very large models). Recent work [11,46,68,72] show that generic non-calibrated MI attacks (without poisoning) perform no better than chance at low false-positives (see Figure 5). With poisoning however, these non-calibrated attacks perform extremely well.…”
Section: Are Shadow Models Necessary?mentioning
confidence: 99%