{"id":"https://openalex.org/W4409982918","doi":"https://doi.org/10.1137/1.9781611978520.41","title":"Protecting Privacy against Membership Inference Attack with LLM Fine-tuning through Flatness","display_name":"Protecting Privacy against Membership Inference Attack with LLM Fine-tuning through Flatness","publication_year":2025,"publication_date":"2025-01-01","ids":{"openalex":"https://openalex.org/W4409982918","doi":"https://doi.org/10.1137/1.9781611978520.41"},"language":"en","primary_location":{"id":"doi:10.1137/1.9781611978520.41","is_oa":false,"landing_page_url":"https://doi.org/10.1137/1.9781611978520.41","pdf_url":null,"source":{"id":"https://openalex.org/S4306463922","display_name":"Society for Industrial and Applied Mathematics eBooks","issn_l":null,"issn":null,"is_oa":false,"is_in_doaj":false,"is_core":false,"host_organization":"https://openalex.org/P4310320508","host_organization_name":"Society for Industrial and Applied Mathematics","host_organization_lineage":["https://openalex.org/P4310320508"],"host_organization_lineage_names":["Society for Industrial and Applied Mathematics"],"type":"ebook platform"},"license":null,"license_id":null,"version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"Proceedings of the 2025 SIAM International Conference on Data Mining (SDM)","raw_type":"book-chapter"},"type":"book-chapter","indexed_in":["crossref"],"open_access":{"is_oa":false,"oa_status":"closed","oa_url":null,"any_repository_has_fulltext":false},"authorships":[{"author_position":"first","author":{"id":"https://openalex.org/A5030938984","display_name":"Tiejin Chen","orcid":null},"institutions":[{"id":"https://openalex.org/I55732556","display_name":"Arizona State University","ror":"https://ror.org/03efmqc40","country_code":"US","type":"education","lineage":["https://openalex.org/I55732556"]},{"id":"https://openalex.org/I114027177","display_name":"University of North Carolina at Chapel Hill","ror":"https://ror.org/0130frc33","country_code":"US","type":"education","lineage":["https://openalex.org/I114027177"]}],"countries":["US"],"is_corresponding":true,"raw_author_name":"Tiejin Chen","raw_affiliation_strings":["Arizona State University","University of North Carolina at Chapel Hill"],"affiliations":[{"raw_affiliation_string":"Arizona State University","institution_ids":["https://openalex.org/I55732556"]},{"raw_affiliation_string":"University of North Carolina at Chapel Hill","institution_ids":["https://openalex.org/I114027177"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5094105688","display_name":"Longchao Da","orcid":null},"institutions":[{"id":"https://openalex.org/I55732556","display_name":"Arizona State University","ror":"https://ror.org/03efmqc40","country_code":"US","type":"education","lineage":["https://openalex.org/I55732556"]}],"countries":["US"],"is_corresponding":false,"raw_author_name":"Longchao Da","raw_affiliation_strings":["Arizona State University"],"affiliations":[{"raw_affiliation_string":"Arizona State University","institution_ids":["https://openalex.org/I55732556"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5026404757","display_name":"Huixue Zhou","orcid":"https://orcid.org/0000-0002-6524-5506"},"institutions":[{"id":"https://openalex.org/I130238516","display_name":"University of Minnesota","ror":"https://ror.org/017zqws13","country_code":"US","type":"education","lineage":["https://openalex.org/I130238516"]},{"id":"https://openalex.org/I4210101327","display_name":"Twin Cities Orthopedics","ror":"https://ror.org/01en4s460","country_code":"US","type":"healthcare","lineage":["https://openalex.org/I4210101327"]}],"countries":["US"],"is_corresponding":false,"raw_author_name":"Huixue Zhou","raw_affiliation_strings":["University of Minnesota Twin Cities"],"affiliations":[{"raw_affiliation_string":"University of Minnesota Twin Cities","institution_ids":["https://openalex.org/I4210101327","https://openalex.org/I130238516"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5038130221","display_name":"Pingzhi Li","orcid":null},"institutions":[{"id":"https://openalex.org/I114027177","display_name":"University of North Carolina at Chapel Hill","ror":"https://ror.org/0130frc33","country_code":"US","type":"education","lineage":["https://openalex.org/I114027177"]}],"countries":["US"],"is_corresponding":false,"raw_author_name":"Pingzhi Li","raw_affiliation_strings":["University of North Carolina at Chapel Hill"],"affiliations":[{"raw_affiliation_string":"University of North Carolina at Chapel Hill","institution_ids":["https://openalex.org/I114027177"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5013352032","display_name":"Kaixiong Zhou","orcid":"https://orcid.org/0009-0004-1389-6704"},"institutions":[{"id":"https://openalex.org/I137902535","display_name":"North Carolina State University","ror":"https://ror.org/04tj63d06","country_code":"US","type":"education","lineage":["https://openalex.org/I137902535"]}],"countries":["US"],"is_corresponding":false,"raw_author_name":"Kaixiong Zhou","raw_affiliation_strings":["North Carolina State University"],"affiliations":[{"raw_affiliation_string":"North Carolina State University","institution_ids":["https://openalex.org/I137902535"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5103073431","display_name":"Tianlong Chen","orcid":"https://orcid.org/0000-0001-7774-8197"},"institutions":[{"id":"https://openalex.org/I114027177","display_name":"University of North Carolina at Chapel Hill","ror":"https://ror.org/0130frc33","country_code":"US","type":"education","lineage":["https://openalex.org/I114027177"]},{"id":"https://openalex.org/I55732556","display_name":"Arizona State University","ror":"https://ror.org/03efmqc40","country_code":"US","type":"education","lineage":["https://openalex.org/I55732556"]}],"countries":["US"],"is_corresponding":false,"raw_author_name":"Tianlong Chen","raw_affiliation_strings":["Arizona State University","University of North Carolina at Chapel Hill"],"affiliations":[{"raw_affiliation_string":"Arizona State University","institution_ids":["https://openalex.org/I55732556"]},{"raw_affiliation_string":"University of North Carolina at Chapel Hill","institution_ids":["https://openalex.org/I114027177"]}]},{"author_position":"last","author":{"id":"https://openalex.org/A5100777771","display_name":"Wei Hua","orcid":"https://orcid.org/0000-0003-2868-1920"},"institutions":[{"id":"https://openalex.org/I55732556","display_name":"Arizona State University","ror":"https://ror.org/03efmqc40","country_code":"US","type":"education","lineage":["https://openalex.org/I55732556"]}],"countries":["US"],"is_corresponding":false,"raw_author_name":"Hua Wei","raw_affiliation_strings":["Arizona State University"],"affiliations":[{"raw_affiliation_string":"Arizona State University","institution_ids":["https://openalex.org/I55732556"]}]}],"institutions":[],"countries_distinct_count":1,"institutions_distinct_count":7,"corresponding_author_ids":["https://openalex.org/A5030938984"],"corresponding_institution_ids":["https://openalex.org/I114027177","https://openalex.org/I55732556"],"apc_list":null,"apc_paid":null,"fwci":4.9041,"has_fulltext":false,"cited_by_count":1,"citation_normalized_percentile":{"value":0.92777219,"is_in_top_1_percent":false,"is_in_top_10_percent":true},"cited_by_percentile_year":{"min":91,"max":95},"biblio":{"volume":null,"issue":null,"first_page":"386","last_page":"397"},"is_retracted":false,"is_paratext":false,"is_xpac":false,"primary_topic":{"id":"https://openalex.org/T10764","display_name":"Privacy-Preserving Technologies in Data","score":0.9947999715805054,"subfield":{"id":"https://openalex.org/subfields/1702","display_name":"Artificial Intelligence"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},"topics":[{"id":"https://openalex.org/T10764","display_name":"Privacy-Preserving Technologies in Data","score":0.9947999715805054,"subfield":{"id":"https://openalex.org/subfields/1702","display_name":"Artificial Intelligence"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T11614","display_name":"Cloud Data Security Solutions","score":0.9593999981880188,"subfield":{"id":"https://openalex.org/subfields/1710","display_name":"Information Systems"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T10237","display_name":"Cryptography and Data Security","score":0.9545999765396118,"subfield":{"id":"https://openalex.org/subfields/1702","display_name":"Artificial Intelligence"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}}],"keywords":[{"id":"https://openalex.org/keywords/flatness","display_name":"Flatness (cosmology)","score":0.8767318725585938},{"id":"https://openalex.org/keywords/inference","display_name":"Inference","score":0.5459543466567993},{"id":"https://openalex.org/keywords/computer-security","display_name":"Computer security","score":0.5047105550765991},{"id":"https://openalex.org/keywords/computer-science","display_name":"Computer science","score":0.46904808282852173},{"id":"https://openalex.org/keywords/internet-privacy","display_name":"Internet privacy","score":0.4249061942100525},{"id":"https://openalex.org/keywords/artificial-intelligence","display_name":"Artificial intelligence","score":0.16251367330551147},{"id":"https://openalex.org/keywords/physics","display_name":"Physics","score":0.13952207565307617},{"id":"https://openalex.org/keywords/quantum-mechanics","display_name":"Quantum mechanics","score":0.0530245304107666}],"concepts":[{"id":"https://openalex.org/C2778530986","wikidata":"https://www.wikidata.org/wiki/Q5457948","display_name":"Flatness (cosmology)","level":3,"score":0.8767318725585938},{"id":"https://openalex.org/C2776214188","wikidata":"https://www.wikidata.org/wiki/Q408386","display_name":"Inference","level":2,"score":0.5459543466567993},{"id":"https://openalex.org/C38652104","wikidata":"https://www.wikidata.org/wiki/Q3510521","display_name":"Computer security","level":1,"score":0.5047105550765991},{"id":"https://openalex.org/C41008148","wikidata":"https://www.wikidata.org/wiki/Q21198","display_name":"Computer science","level":0,"score":0.46904808282852173},{"id":"https://openalex.org/C108827166","wikidata":"https://www.wikidata.org/wiki/Q175975","display_name":"Internet privacy","level":1,"score":0.4249061942100525},{"id":"https://openalex.org/C154945302","wikidata":"https://www.wikidata.org/wiki/Q11660","display_name":"Artificial intelligence","level":1,"score":0.16251367330551147},{"id":"https://openalex.org/C121332964","wikidata":"https://www.wikidata.org/wiki/Q413","display_name":"Physics","level":0,"score":0.13952207565307617},{"id":"https://openalex.org/C62520636","wikidata":"https://www.wikidata.org/wiki/Q944","display_name":"Quantum mechanics","level":1,"score":0.0530245304107666},{"id":"https://openalex.org/C26405456","wikidata":"https://www.wikidata.org/wiki/Q338","display_name":"Cosmology","level":2,"score":0.0}],"mesh":[],"locations_count":1,"locations":[{"id":"doi:10.1137/1.9781611978520.41","is_oa":false,"landing_page_url":"https://doi.org/10.1137/1.9781611978520.41","pdf_url":null,"source":{"id":"https://openalex.org/S4306463922","display_name":"Society for Industrial and Applied Mathematics eBooks","issn_l":null,"issn":null,"is_oa":false,"is_in_doaj":false,"is_core":false,"host_organization":"https://openalex.org/P4310320508","host_organization_name":"Society for Industrial and Applied Mathematics","host_organization_lineage":["https://openalex.org/P4310320508"],"host_organization_lineage_names":["Society for Industrial and Applied Mathematics"],"type":"ebook platform"},"license":null,"license_id":null,"version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"Proceedings of the 2025 SIAM International Conference on Data Mining (SDM)","raw_type":"book-chapter"}],"best_oa_location":null,"sustainable_development_goals":[{"score":0.6200000047683716,"id":"https://metadata.un.org/sdg/16","display_name":"Peace, Justice and strong institutions"}],"awards":[],"funders":[],"has_content":{"pdf":false,"grobid_xml":false},"content_urls":null,"referenced_works_count":0,"referenced_works":[],"related_works":["https://openalex.org/W4391375266","https://openalex.org/W2899084033","https://openalex.org/W2748952813","https://openalex.org/W2789295429","https://openalex.org/W2066314436","https://openalex.org/W2733767282","https://openalex.org/W2510927817","https://openalex.org/W2540573954","https://openalex.org/W2743501974","https://openalex.org/W2588834286"],"abstract_inverted_index":{"The":[0,159],"privacy":[1,39,68,90,133],"concerns":[2],"associated":[3],"with":[4,15,88],"the":[5,16,42,51,64,151],"use":[6],"of":[7,18,44,53,141,153],"Large":[8],"Language":[9],"Models":[10],"(LLMs)":[11],"have":[12],"grown":[13],"dramatically":[14],"development":[17],"pioneer":[19],"LLMs":[20],"such":[21],"as":[22],"ChatGPT.":[23],"Differential":[24],"Privacy":[25],"(DP)":[26],"techniques":[27],"that":[28,50,122],"utilize":[29],"DP-SGD":[30,54],"are":[31,147],"explored":[32],"in":[33,63,156],"existing":[34],"work":[35],"to":[36,78,149],"mitigate":[37],"their":[38,67],"risks":[40],"at":[41,164],"cost":[43],"generalization":[45,87],"degradation.":[46],"Our":[47],"paper":[48],"reveals":[49],"flatness":[52],"trained":[55],"models\u2019":[56],"loss":[57],"landscape":[58],"plays":[59],"an":[60],"essential":[61],"role":[62],"trade-off":[65],"between":[66,113],"and":[69,109,144],"generalization.":[70,158],"We":[71,119],"further":[72],"propose":[73],"a":[74,102],"holistic":[75],"framework":[76,124],"Privacy-Flat":[77,125],"enforce":[79],"appropriate":[80],"weight":[81,110],"flatness,":[82],"which":[83],"substantially":[84],"improves":[85],"model":[86],"promising":[89],"protection.":[91],"It":[92],"innovates":[93],"from":[94,134],"three":[95],"coarse-to-grained":[96],"levels:":[97],"Perturbation-aware":[98],"min-max":[99],"optimization":[100],"within":[101],"layer,":[103],"flatness-guided":[104],"sparse":[105],"prefix-tuning":[106],"across":[107],"layers,":[108],"knowledge":[111],"distillation":[112],"private":[114,128],"&":[115],"non-private":[116],"weights":[117],"copies.":[118],"empirically":[120],"demonstrate":[121,150],"our":[123,154],"outperforms":[126],"vanilla":[127],"training":[129],"baseline":[130],"while":[131],"protecting":[132],"membership":[135],"inference":[136],"attacks":[137],"(MIA).":[138],"Comprehensive":[139],"experiments":[140],"both":[142],"black-box":[143],"white-box":[145],"scenarios":[146],"conducted":[148],"effectiveness":[152],"proposal":[155],"enhancing":[157],"code":[160],"link":[161],"is":[162],"provided":[163],"https://github.com/tiejin98/Privacy_":[165],"Flatness.":[166]},"counts_by_year":[{"year":2025,"cited_by_count":1}],"updated_date":"2025-11-06T03:46:38.306776","created_date":"2025-10-10T00:00:00"}