Papers
Topics
Authors
Recent
Gemini 2.5 Flash
Gemini 2.5 Flash
88 tokens/sec
Gemini 2.5 Pro Premium
39 tokens/sec
GPT-5 Medium
25 tokens/sec
GPT-5 High Premium
22 tokens/sec
GPT-4o
88 tokens/sec
DeepSeek R1 via Azure Premium
95 tokens/sec
GPT OSS 120B via Groq Premium
457 tokens/sec
Kimi K2 via Groq Premium
252 tokens/sec
2000 character limit reached

Membership Inference Attacks and Privacy in Topic Modeling (2403.04451v2)

Published 7 Mar 2024 in cs.CR, cs.CL, and cs.LG

Abstract: Recent research shows that LLMs are susceptible to privacy attacks that infer aspects of the training data. However, it is unclear if simpler generative models, like topic models, share similar vulnerabilities. In this work, we propose an attack against topic models that can confidently identify members of the training data in Latent Dirichlet Allocation. Our results suggest that the privacy risks associated with generative modeling are not restricted to large neural models. Additionally, to mitigate these vulnerabilities, we explore differentially private (DP) topic modeling. We propose a framework for private topic modeling that incorporates DP vocabulary selection as a pre-processing step, and show that it improves privacy while having limited effects on practical utility.

Definition Search Book Streamline Icon: https://streamlinehq.com
References (34)
  1. Controlling the false discovery rate: a practical and powerful approach to multiple testing. Journal of the Royal Statistical Society: Series B (Methodological), 57(1):289–300, 1995.
  2. Latent dirichlet allocation. Journal of machine Learning research, 3(Jan):993–1022, 2003.
  3. Applications of Topic Models, volume 11. Now Publishers Incorporated, 2017.
  4. Membership inference attacks from first principles. CoRR, abs/2112.03570, 2021.
  5. Quantifying memorization across neural language models, 2023.
  6. Extracting training data from large language models. In 30th USENIX Security Symposium (USENIX Security 21), pages 2633–2650. USENIX Association, August 2021.
  7. Incorporating item frequency for differentially private set union. Proceedings of the AAAI Conference on Artificial Intelligence, 36(9):9504–9511, Jun. 2022.
  8. Reading tea leaves: How humans interpret topic models. In Y. Bengio, D. Schuurmans, J. Lafferty, C. Williams, and A. Culotta, editors, Advances in Neural Information Processing Systems, volume 22. Curran Associates, Inc., 2009.
  9. An end-to-end differentially private latent Dirichlet allocation using a spectral algorithm. In Hal Daumé III and Aarti Singh, editors, Proceedings of the 37th International Conference on Machine Learning, volume 119 of Proceedings of Machine Learning Research, pages 2421–2431. PMLR, 13–18 Jul 2020.
  10. Our data, ourselves: Privacy via distributed noise generation. In Serge Vaudenay, editor, Advances in Cryptology - EUROCRYPT 2006, pages 486–503, Berlin, Heidelberg, 2006. Springer Berlin Heidelberg.
  11. Calibrating noise to sensitivity in private data analysis. In Lecture notes in computer science, Lecture Notes in Computer Science, pages 265–284, Berlin, Heidelberg, 2006. Springer Berlin Heidelberg.
  12. What neural networks memorize and why: Discovering the long tail via influence estimation. In Proceedings of the 34th International Conference on Neural Information Processing Systems, NIPS’20, Red Hook, NY, USA, 2020. Curran Associates Inc.
  13. Differentially private set union. In Hal Daumé III and Aarti Singh, editors, Proceedings of the 37th International Conference on Machine Learning, volume 119 of Proceedings of Machine Learning Research, pages 3627–3636. PMLR, 13–18 Jul 2020.
  14. Finding scientific topics. Proceedings of the National Academy of Sciences, 101(suppl_1):5228–5235, 2004.
  15. Online learning for latent dirichlet allocation. In J. Lafferty, C. Williams, J. Shawe-Taylor, R. Zemel, and A. Culotta, editors, Advances in Neural Information Processing Systems, volume 23. Curran Associates, Inc., 2010.
  16. Resolving individuals contributing trace amounts of DNA to highly complex mixtures using high-density SNP genotyping microarrays. PLoS Genet, 4(8):e1000167, 08 2008.
  17. Is automated topic model evaluation broken? the incoherence of coherence. In M. Ranzato, A. Beygelzimer, Y. Dauphin, P.S. Liang, and J. Wortman Vaughan, editors, Advances in Neural Information Processing Systems, volume 34, pages 2018–2033. Curran Associates, Inc., 2021.
  18. Improving parameter estimation and defensive ability of latent dirichlet allocation model training under rényi differential privacy. Journal of Computer Science and Technology, 37(6):1382–1397, 2022.
  19. Improving privacy guarantee and efficiency of Latent Dirichlet Allocation model training under differential privacy. In Findings of the Association for Computational Linguistics: EMNLP 2021, pages 143–152, Punta Cana, Dominican Republic, November 2021. Association for Computational Linguistics.
  20. Optimizing semantic coherence in topic models. In Proceedings of the Conference on Empirical Methods in Natural Language Processing, EMNLP ’11, page 262–272, USA, 2011. Association for Computational Linguistics.
  21. Latent dirichlet allocation for medical records topic modeling: Systematic literature review. In 2021 Sixth International Conference on Informatics and Computing (ICIC), pages 1–7, 2021.
  22. Private topic modeling, 2018.
  23. Quantifying the effects of text duplication on semantic models. In Proceedings of the 2017 conference on empirical methods in natural language processing, pages 2737–2747, 2017.
  24. Analysis of variance test for normality (complete samples). Biometrika, 52(3-4):591–611, 1965.
  25. Membership inference attacks against machine learning models. In 2017 IEEE Symposium on Security and Privacy (SP), pages 3–18, 2017.
  26. LDAvis: A method for visualizing and interpreting topics. In Proceedings of the Workshop on Interactive Language Learning, Visualization, and Interfaces, pages 63–70, Baltimore, Maryland, USA, June 2014. Association for Computational Linguistics.
  27. Information leakage in embedding models. In Proceedings of the 2020 ACM SIGSAC Conference on Computer and Communications Security, CCS ’20, page 377–390, New York, NY, USA, 2020. Association for Computing Machinery.
  28. Differentially private feature selection via stability arguments, and the robustness of the lasso. In Shai Shalev-Shwartz and Ingo Steinwart, editors, Proceedings of the 26th Annual Conference on Learning Theory, volume 30 of Proceedings of Machine Learning Research, pages 819–850, Princeton, NJ, USA, 12–14 Jun 2013. PMLR.
  29. Interoperable pipelines for social cyber-security: Assessing twitter information operations during nato trident juncture 2018. Comput. Math. Organ. Theory, 26(4):465–483, dec 2020.
  30. SciPy 1.0: Fundamental Algorithms for Scientific Computing in Python. Nature Methods, 17:261–272, 2020.
  31. A model-agnostic approach to differentially private topic mining. In Proceedings of the 28th ACM SIGKDD Conference on Knowledge Discovery and Data Mining, pages 1835–1845, 2022.
  32. Topic-guided variational auto-encoder for text generation. In Proceedings of the 2019 Conference of the North American Chapter of the Association for Computational Linguistics: Human Language Technologies, Volume 1 (Long and Short Papers), pages 166–177, Minneapolis, Minnesota, June 2019. Association for Computational Linguistics.
  33. Latent dirichlet allocation model training with differential privacy. IEEE transactions on information forensics and security, 16:1290–1305, 2021.
  34. Privacy-preserving topic model for tagging recommender systems. Knowledge and information systems, 46(1):33–58, 2016.

Summary

We haven't generated a summary for this paper yet.

Ai Sparkles Streamline Icon: https://streamlinehq.com Summarize Now
Dice Question Streamline Icon: https://streamlinehq.com

Follow-up Questions

We haven't generated follow-up questions for this paper yet.

Ai Sparkles Streamline Icon: https://streamlinehq.com Generate Now