Privacy Backdoors: Stealing Data with Corrupted Pretrained Models (Paper Explained)
#llm #privacy #finetuning
Can you tamper with a base model in such a way that it will exactly remember its fine-tuning data? This paper presents a method of doing exactly that, and implements it in modern transformers.
OUTLINE:
0:00 - Intro & Overview
10:50 -Core idea: single-use data traps
44:30 - Backdoors in transformer models
58:00 - Additional numerical tricks
1:00:35 - Experimental results & conclusion
Paper: https://arxiv.org/abs/2404.00473
Code: https://github.com/ShanglunFengatETHZ...
Abstract:
Practitioners commonly download pretrained machine learning models from open repositories and finetune them to fit specific applications. We show that this practice introduces a new risk of privacy backdoors. By tampering with a pretrained model's weights, an attacker can fully compromise the privacy of the finetuning data. We show how to build privacy backdoors for a variety of models, including transformers, which enable an attacker to reconstruct individual finetuning samples, with a guaranteed success! We further show that backdoored models allow for tight privacy attacks on models trained with differential privacy (DP). The common optimistic practice of training DP models with loose privacy guarantees is thus insecure if the model is not trusted. Overall, our work highlights a crucial and overlooked supply chain attack on machine learning privacy.
Authors: Shanglun Feng, Florian Tramèr
Links:
Homepage: https://ykilcher.com
Merch: https://ykilcher.com/merch
YouTube: / yannickilcher
Twitter: / ykilcher
Discord: https://ykilcher.com/discord
LinkedIn: / ykilcher
If you want to support me, the best thing to do is to share out the content :)
If you want to support me financially (completely optional and voluntary, but a lot of people have asked for this):
SubscribeStar: https://www.subscribestar.com/yannick...
Patreon: / yannickilcher
Bitcoin (BTC): bc1q49lsw3q325tr58ygf8sudx2dqfguclvngvy2cq
Ethereum (ETH): 0x7ad3513E3B8f66799f507Aa7874b1B0eBC7F85e2
Litecoin (LTC): LQW2TRyKYetVC8WjFkhpPhtpbDM4Vw7r9m
Monero (XMR): 4ACL8AGrEo5hAir8A9CeVrW8pEauWvnp1WnSDZxW7tziCDLhZAGsgzhRQABDnFy8yuM9fWJDviJPHKRjV4FWt19CJZN9D4n
Смотрите видео Privacy Backdoors: Stealing Data with Corrupted Pretrained Models (Paper Explained) онлайн без регистрации, длительностью часов минут секунд в хорошем качестве. Это видео добавил пользователь Yannic Kilcher 04 Август 2024, не забудьте поделиться им ссылкой с друзьями и знакомыми, на нашем сайте его посмотрели 16,424 раз и оно понравилось 422 людям.