{"id":"https://openalex.org/W4405181470","doi":"https://doi.org/10.1145/3658644.3690279","title":"PreCurious: How Innocent Pre-Trained Language Models Turn into Privacy Traps","display_name":"PreCurious: How Innocent Pre-Trained Language Models Turn into Privacy Traps","publication_year":2024,"publication_date":"2024-12-02","ids":{"openalex":"https://openalex.org/W4405181470","doi":"https://doi.org/10.1145/3658644.3690279","pmid":"https://pubmed.ncbi.nlm.nih.gov/40401199"},"language":"en","primary_location":{"id":"doi:10.1145/3658644.3690279","is_oa":true,"landing_page_url":"https://doi.org/10.1145/3658644.3690279","pdf_url":"https://dl.acm.org/doi/pdf/10.1145/3658644.3690279","source":null,"license":"cc-by","license_id":"https://openalex.org/licenses/cc-by","version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"Proceedings of the 2024 on ACM SIGSAC Conference on Computer and Communications Security","raw_type":"proceedings-article"},"type":"article","indexed_in":["crossref","pubmed"],"open_access":{"is_oa":true,"oa_status":"gold","oa_url":"https://dl.acm.org/doi/pdf/10.1145/3658644.3690279","any_repository_has_fulltext":true},"authorships":[{"author_position":"first","author":{"id":"https://openalex.org/A5101507733","display_name":"Ruixuan Liu","orcid":"https://orcid.org/0000-0002-0823-3760"},"institutions":[{"id":"https://openalex.org/I150468666","display_name":"Emory University","ror":"https://ror.org/03czfpz43","country_code":"US","type":"education","lineage":["https://openalex.org/I150468666"]}],"countries":["US"],"is_corresponding":true,"raw_author_name":"Ruixuan Liu","raw_affiliation_strings":["Emory University, Atlanta, GA, USA"],"affiliations":[{"raw_affiliation_string":"Emory University, Atlanta, GA, USA","institution_ids":["https://openalex.org/I150468666"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5100610986","display_name":"Tianhao Wang","orcid":"https://orcid.org/0000-0002-9017-7947"},"institutions":[{"id":"https://openalex.org/I51556381","display_name":"University of Virginia","ror":"https://ror.org/0153tk833","country_code":"US","type":"education","lineage":["https://openalex.org/I51556381"]}],"countries":["US"],"is_corresponding":false,"raw_author_name":"Tianhao Wang","raw_affiliation_strings":["University of Virginia, Charlottesville, VA, USA"],"affiliations":[{"raw_affiliation_string":"University of Virginia, Charlottesville, VA, USA","institution_ids":["https://openalex.org/I51556381"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5082946615","display_name":"Yang Cao","orcid":"https://orcid.org/0000-0002-6424-8633"},"institutions":[{"id":"https://openalex.org/I114531698","display_name":"Tokyo Institute of Technology","ror":"https://ror.org/0112mx960","country_code":"JP","type":"education","lineage":["https://openalex.org/I114531698"]}],"countries":["JP"],"is_corresponding":false,"raw_author_name":"Yang Cao","raw_affiliation_strings":["Tokyo Institute of Technology, Tokyo, Japan"],"affiliations":[{"raw_affiliation_string":"Tokyo Institute of Technology, Tokyo, Japan","institution_ids":["https://openalex.org/I114531698"]}]},{"author_position":"last","author":{"id":"https://openalex.org/A5078394535","display_name":"Li Xiong","orcid":"https://orcid.org/0000-0001-7354-0428"},"institutions":[{"id":"https://openalex.org/I150468666","display_name":"Emory University","ror":"https://ror.org/03czfpz43","country_code":"US","type":"education","lineage":["https://openalex.org/I150468666"]}],"countries":["US"],"is_corresponding":false,"raw_author_name":"Li Xiong","raw_affiliation_strings":["Emory University, Atlanta, GA, Georgia"],"affiliations":[{"raw_affiliation_string":"Emory University, Atlanta, GA, Georgia","institution_ids":["https://openalex.org/I150468666"]}]}],"institutions":[],"countries_distinct_count":2,"institutions_distinct_count":4,"corresponding_author_ids":["https://openalex.org/A5101507733"],"corresponding_institution_ids":["https://openalex.org/I150468666"],"apc_list":null,"apc_paid":null,"fwci":3.066,"has_fulltext":true,"cited_by_count":9,"citation_normalized_percentile":{"value":0.92709382,"is_in_top_1_percent":false,"is_in_top_10_percent":true},"cited_by_percentile_year":{"min":96,"max":99},"biblio":{"volume":"2024","issue":null,"first_page":"3511","last_page":"3524"},"is_retracted":false,"is_paratext":false,"is_xpac":false,"primary_topic":{"id":"https://openalex.org/T10764","display_name":"Privacy-Preserving Technologies in Data","score":0.9998000264167786,"subfield":{"id":"https://openalex.org/subfields/1702","display_name":"Artificial Intelligence"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},"topics":[{"id":"https://openalex.org/T10764","display_name":"Privacy-Preserving Technologies in Data","score":0.9998000264167786,"subfield":{"id":"https://openalex.org/subfields/1702","display_name":"Artificial Intelligence"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T11689","display_name":"Adversarial Robustness in Machine Learning","score":0.9800999760627747,"subfield":{"id":"https://openalex.org/subfields/1702","display_name":"Artificial Intelligence"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T11636","display_name":"Artificial Intelligence in Healthcare and Education","score":0.9703999757766724,"subfield":{"id":"https://openalex.org/subfields/2718","display_name":"Health Informatics"},"field":{"id":"https://openalex.org/fields/27","display_name":"Medicine"},"domain":{"id":"https://openalex.org/domains/4","display_name":"Health Sciences"}}],"keywords":[{"id":"https://openalex.org/keywords/computer-science","display_name":"Computer science","score":0.8180787563323975},{"id":"https://openalex.org/keywords/publication","display_name":"Publication","score":0.6506489515304565},{"id":"https://openalex.org/keywords/inference","display_name":"Inference","score":0.6247557401657104},{"id":"https://openalex.org/keywords/language-model","display_name":"Language model","score":0.6178587675094604},{"id":"https://openalex.org/keywords/upload","display_name":"Upload","score":0.5591955184936523},{"id":"https://openalex.org/keywords/private-information-retrieval","display_name":"Private information retrieval","score":0.4986917972564697},{"id":"https://openalex.org/keywords/fine-tuning","display_name":"Fine-tuning","score":0.4902227520942688},{"id":"https://openalex.org/keywords/intuition","display_name":"Intuition","score":0.4619617164134979},{"id":"https://openalex.org/keywords/machine-learning","display_name":"Machine learning","score":0.43885353207588196},{"id":"https://openalex.org/keywords/artificial-intelligence","display_name":"Artificial intelligence","score":0.42350226640701294},{"id":"https://openalex.org/keywords/computer-security","display_name":"Computer security","score":0.3962244391441345},{"id":"https://openalex.org/keywords/world-wide-web","display_name":"World Wide Web","score":0.1592094898223877}],"concepts":[{"id":"https://openalex.org/C41008148","wikidata":"https://www.wikidata.org/wiki/Q21198","display_name":"Computer science","level":0,"score":0.8180787563323975},{"id":"https://openalex.org/C41458344","wikidata":"https://www.wikidata.org/wiki/Q732577","display_name":"Publication","level":2,"score":0.6506489515304565},{"id":"https://openalex.org/C2776214188","wikidata":"https://www.wikidata.org/wiki/Q408386","display_name":"Inference","level":2,"score":0.6247557401657104},{"id":"https://openalex.org/C137293760","wikidata":"https://www.wikidata.org/wiki/Q3621696","display_name":"Language model","level":2,"score":0.6178587675094604},{"id":"https://openalex.org/C71901391","wikidata":"https://www.wikidata.org/wiki/Q7126699","display_name":"Upload","level":2,"score":0.5591955184936523},{"id":"https://openalex.org/C99221444","wikidata":"https://www.wikidata.org/wiki/Q1532069","display_name":"Private information retrieval","level":2,"score":0.4986917972564697},{"id":"https://openalex.org/C157524613","wikidata":"https://www.wikidata.org/wiki/Q2828883","display_name":"Fine-tuning","level":2,"score":0.4902227520942688},{"id":"https://openalex.org/C132010649","wikidata":"https://www.wikidata.org/wiki/Q189222","display_name":"Intuition","level":2,"score":0.4619617164134979},{"id":"https://openalex.org/C119857082","wikidata":"https://www.wikidata.org/wiki/Q2539","display_name":"Machine learning","level":1,"score":0.43885353207588196},{"id":"https://openalex.org/C154945302","wikidata":"https://www.wikidata.org/wiki/Q11660","display_name":"Artificial intelligence","level":1,"score":0.42350226640701294},{"id":"https://openalex.org/C38652104","wikidata":"https://www.wikidata.org/wiki/Q3510521","display_name":"Computer security","level":1,"score":0.3962244391441345},{"id":"https://openalex.org/C136764020","wikidata":"https://www.wikidata.org/wiki/Q466","display_name":"World Wide Web","level":1,"score":0.1592094898223877},{"id":"https://openalex.org/C62520636","wikidata":"https://www.wikidata.org/wiki/Q944","display_name":"Quantum mechanics","level":1,"score":0.0},{"id":"https://openalex.org/C111472728","wikidata":"https://www.wikidata.org/wiki/Q9471","display_name":"Epistemology","level":1,"score":0.0},{"id":"https://openalex.org/C144133560","wikidata":"https://www.wikidata.org/wiki/Q4830453","display_name":"Business","level":0,"score":0.0},{"id":"https://openalex.org/C138885662","wikidata":"https://www.wikidata.org/wiki/Q5891","display_name":"Philosophy","level":0,"score":0.0},{"id":"https://openalex.org/C121332964","wikidata":"https://www.wikidata.org/wiki/Q413","display_name":"Physics","level":0,"score":0.0},{"id":"https://openalex.org/C112698675","wikidata":"https://www.wikidata.org/wiki/Q37038","display_name":"Advertising","level":1,"score":0.0}],"mesh":[],"locations_count":3,"locations":[{"id":"doi:10.1145/3658644.3690279","is_oa":true,"landing_page_url":"https://doi.org/10.1145/3658644.3690279","pdf_url":"https://dl.acm.org/doi/pdf/10.1145/3658644.3690279","source":null,"license":"cc-by","license_id":"https://openalex.org/licenses/cc-by","version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"Proceedings of the 2024 on ACM SIGSAC Conference on Computer and Communications Security","raw_type":"proceedings-article"},{"id":"pmid:40401199","is_oa":false,"landing_page_url":"https://pubmed.ncbi.nlm.nih.gov/40401199","pdf_url":null,"source":{"id":"https://openalex.org/S4306525036","display_name":"PubMed","issn_l":null,"issn":null,"is_oa":false,"is_in_doaj":false,"is_core":false,"host_organization":"https://openalex.org/I1299303238","host_organization_name":"National Institutes of Health","host_organization_lineage":["https://openalex.org/I1299303238"],"host_organization_lineage_names":[],"type":"repository"},"license":null,"license_id":null,"version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"Conference on Computer and Communications Security : proceedings of the ... conference on computer and communications security. ACM Conference on Computer and Communications Security","raw_type":null},{"id":"pmh:oai:pubmedcentral.nih.gov:12094715","is_oa":true,"landing_page_url":"https://www.ncbi.nlm.nih.gov/pmc/articles/12094715","pdf_url":"https://pmc.ncbi.nlm.nih.gov/articles/PMC12094715/pdf/nihms-2081474.pdf","source":{"id":"https://openalex.org/S2764455111","display_name":"PubMed Central","issn_l":null,"issn":null,"is_oa":false,"is_in_doaj":false,"is_core":false,"host_organization":"https://openalex.org/I1299303238","host_organization_name":"National Institutes of Health","host_organization_lineage":["https://openalex.org/I1299303238"],"host_organization_lineage_names":[],"type":"repository"},"license":"cc-by","license_id":"https://openalex.org/licenses/cc-by","version":"submittedVersion","is_accepted":false,"is_published":false,"raw_source_name":"Conf Comput Commun Secur","raw_type":"Text"}],"best_oa_location":{"id":"doi:10.1145/3658644.3690279","is_oa":true,"landing_page_url":"https://doi.org/10.1145/3658644.3690279","pdf_url":"https://dl.acm.org/doi/pdf/10.1145/3658644.3690279","source":null,"license":"cc-by","license_id":"https://openalex.org/licenses/cc-by","version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"Proceedings of the 2024 on ACM SIGSAC Conference on Computer and Communications Security","raw_type":"proceedings-article"},"sustainable_development_goals":[],"awards":[{"id":"https://openalex.org/G2509417398","display_name":null,"funder_award_id":"JP23K24851","funder_id":"https://openalex.org/F4320334764","funder_display_name":"Japan Society for the Promotion of Science"},{"id":"https://openalex.org/G2563307487","display_name":null,"funder_award_id":"R01ES033241","funder_id":"https://openalex.org/F4320332161","funder_display_name":"National Institutes of Health"},{"id":"https://openalex.org/G3282004645","display_name":null,"funder_award_id":"JPMJCR","funder_id":"https://openalex.org/F4320338075","funder_display_name":"Core Research for Evolutional Science and Technology"},{"id":"https://openalex.org/G4170161455","display_name":null,"funder_award_id":"PRESTO","funder_id":"https://openalex.org/F4320334764","funder_display_name":"Japan Society for the Promotion of Science"},{"id":"https://openalex.org/G4320688842","display_name":"SCC-IRG JST: Hyperlocal Risk Monitoring and Pandemic Preparedness through Privacy-Enhanced Mobility and Social Interactions Analysis","funder_award_id":"2125530","funder_id":"https://openalex.org/F4320306076","funder_display_name":"National Science Foundation"},{"id":"https://openalex.org/G4324966325","display_name":null,"funder_award_id":"R01LM013712","funder_id":"https://openalex.org/F4320332161","funder_display_name":"National Institutes of Health"},{"id":"https://openalex.org/G4929322187","display_name":"A Principled Framework for Explaining, Choosing and Negotiating Privacy Parameters of Differential Privacy","funder_award_id":"23K24851","funder_id":"https://openalex.org/F4320334764","funder_display_name":"Japan Society for the Promotion of Science"},{"id":"https://openalex.org/G5518604981","display_name":null,"funder_award_id":"PREST","funder_id":"https://openalex.org/F4320338111","funder_display_name":"Precursory Research for Embryonic Science and Technology"},{"id":"https://openalex.org/G5613623313","display_name":null,"funder_award_id":"CREST","funder_id":"https://openalex.org/F4320306076","funder_display_name":"National Science Foundation"},{"id":"https://openalex.org/G6340411212","display_name":null,"funder_award_id":"JPMJCR21M2","funder_id":"https://openalex.org/F4320338075","funder_display_name":"Core Research for Evolutional Science and Technology"},{"id":"https://openalex.org/G6345853531","display_name":null,"funder_award_id":"unknown","funder_id":"https://openalex.org/F4320332161","funder_display_name":"National Institutes of Health"},{"id":"https://openalex.org/G6550636255","display_name":"\u30d5\u30e9\u30dc\u30ce\u30a4\u30c9\u3068\u305d\u306e\u914d\u7cd6\u4f53\u306e\u30da\u30fc\u30d1\u30fc\u30af\u30ed\u30de\u30c8\u30b0\u30e9\u30d5\u306b\u3088\u308b\u7814\u7a76","funder_award_id":"23029","funder_id":"https://openalex.org/F4320334764","funder_display_name":"Japan Society for the Promotion of Science"},{"id":"https://openalex.org/G6718509927","display_name":null,"funder_award_id":"CREST","funder_id":"https://openalex.org/F4320334764","funder_display_name":"Japan Society for the Promotion of Science"},{"id":"https://openalex.org/G7451337142","display_name":"Collaborative Research: SaTC: CORE: Small: Security and Privacy in Machine Unlearning","funder_award_id":"2350333","funder_id":"https://openalex.org/F4320306076","funder_display_name":"National Science Foundation"},{"id":"https://openalex.org/G7583040876","display_name":"Collaborative Research: SaTC: CORE: Medium: PREMED: Privacy-Preserving and Robust Computational Phenotyping using Multisite EHR Data","funder_award_id":"2124104","funder_id":"https://openalex.org/F4320306076","funder_display_name":"National Science Foundation"},{"id":"https://openalex.org/G848032724","display_name":null,"funder_award_id":"Science","funder_id":"https://openalex.org/F4320306076","funder_display_name":"National Science Foundation"},{"id":"https://openalex.org/G8756994789","display_name":"\u56fa\u6db2\u6df7\u76f8\u6d41\u306e\u4e71\u6d41\u7279\u6027\u3068\u305d\u306e\u8a08\u6e2c","funder_award_id":"235033","funder_id":"https://openalex.org/F4320334764","funder_display_name":"Japan Society for the Promotion of Science"},{"id":"https://openalex.org/G8986310910","display_name":null,"funder_award_id":"CNS-2125530","funder_id":"https://openalex.org/F4320306076","funder_display_name":"National Science Foundation"},{"id":"https://openalex.org/G997158302","display_name":null,"funder_award_id":"R01ES033241","funder_id":"https://openalex.org/F4320306076","funder_display_name":"National Science Foundation"}],"funders":[{"id":"https://openalex.org/F4320306076","display_name":"National Science Foundation","ror":"https://ror.org/021nxhr62"},{"id":"https://openalex.org/F4320332161","display_name":"National Institutes of Health","ror":"https://ror.org/01cwqze88"},{"id":"https://openalex.org/F4320334764","display_name":"Japan Society for the Promotion of Science","ror":"https://ror.org/00hhkn466"},{"id":"https://openalex.org/F4320338075","display_name":"Core Research for Evolutional Science and Technology","ror":"https://ror.org/00097mb19"},{"id":"https://openalex.org/F4320338111","display_name":"Precursory Research for Embryonic Science and Technology","ror":null}],"has_content":{"pdf":true,"grobid_xml":false},"content_urls":{"pdf":"https://content.openalex.org/works/W4405181470.pdf"},"referenced_works_count":20,"referenced_works":["https://openalex.org/W1603920809","https://openalex.org/W2012628772","https://openalex.org/W2343954916","https://openalex.org/W2535690855","https://openalex.org/W2911489562","https://openalex.org/W2930926105","https://openalex.org/W2963926728","https://openalex.org/W3096692244","https://openalex.org/W3103245149","https://openalex.org/W3122816307","https://openalex.org/W3189812816","https://openalex.org/W3213508244","https://openalex.org/W3214437258","https://openalex.org/W4288057780","https://openalex.org/W4308022392","https://openalex.org/W4308410483","https://openalex.org/W4308643663","https://openalex.org/W4385679781","https://openalex.org/W4386075834","https://openalex.org/W4386215192"],"related_works":["https://openalex.org/W2944823289","https://openalex.org/W3037018281","https://openalex.org/W2003209439","https://openalex.org/W4321854979","https://openalex.org/W2358319515","https://openalex.org/W3023285645","https://openalex.org/W1984788461","https://openalex.org/W3037551068","https://openalex.org/W3023594376","https://openalex.org/W4392903952"],"abstract_inverted_index":{"The":[0,107],"pre-training":[1],"and":[2,9,78,100,122,132,138,236],"fine-tuning":[3,51,105,124,141,167],"paradigm":[4],"has":[5,10],"demonstrated":[6],"its":[7],"effectiveness":[8],"become":[11],"the":[12,67,72,75,84,92,104,115,119,154,219],"standard":[13],"approach":[14],"for":[15,50,178,192,216],"tailoring":[16],"language":[17],"models":[18,225],"to":[19,28,65,83,90,113,166],"various":[20,29],"tasks.":[21],"Currently,":[22],"community-based":[23],"platforms":[24],"offer":[25],"easy":[26],"access":[27,82],"pre-trained":[30,43,76,120,171,224],"models,":[31],"as":[32],"anyone":[33],"can":[34,45,143],"publish":[35],"without":[36],"strict":[37,203],"validation":[38],"processes.":[39],"However,":[40],"a":[41,47,80,126,149,162,169,185,202],"released":[42],"model":[44,77,121],"be":[46],"privacy":[48,94,146,204],"trap":[49],"datasets":[52,239],"if":[53],"it":[54],"is":[55,112],"carefully":[56],"designed.":[57],"In":[58],"this":[59,159],"work,":[60],"we":[61],"propose":[62],"PreCurious":[63,88,111,152,188,213],"framework":[64],"reveal":[66],"new":[68],"attack":[69],"surface":[70],"where":[71],"attacker":[73],"releases":[74],"gets":[79],"black-box":[81],"final":[85],"fine-tuned":[86,150],"model.":[87,172],"aims":[89],"escalate":[91],"general":[93],"risk":[95],"of":[96,118,156,222],"both":[97],"membership":[98,179],"inference":[99,180],"data":[101,194],"extraction":[102,195],"on":[103,148,168,218,231],"dataset.":[106],"key":[108],"intuition":[109],"behind":[110],"manipulate":[114],"memorization":[116],"stage":[117],"guide":[123],"with":[125,201],"seemingly":[127],"legitimate":[128],"configuration.":[129],"While":[130,173],"empirical":[131],"theoretical":[133],"evidence":[134],"suggests":[135],"that":[136],"parameter-efficient":[137],"differentially":[139,198],"private":[140,199],"techniques":[142],"defend":[144],"against":[145],"attacks":[147],"model,":[151],"demonstrates":[153,189],"possibility":[155],"breaking":[157],"up":[158],"invulnerability":[160],"in":[161],"stealthy":[163],"manner":[164],"compared":[165],"benign":[170],"DP":[174],"provides":[175],"some":[176],"mitigation":[177],"attack,":[181],"by":[182],"further":[183],"leveraging":[184],"sanitized":[186,238],"dataset,":[187],"potential":[190,220],"vulnerabilities":[191],"targeted":[193],"even":[196,240],"under":[197],"tuning":[200],"budget":[205],"e.g.":[206],"<mml:math":[207],"xmlns:mml=\"http://www.w3.org/1998/Math/MathML\"><mml:mi>\u03f5</mml:mi>":[208],"<mml:mo>=</mml:mo>":[209],"<mml:mn>0.05</mml:mn></mml:math>":[210],".":[211],"Thus,":[212],"raises":[214],"warnings":[215],"users":[217],"risks":[221],"downloading":[223],"from":[226],"unknown":[227],"sources,":[228],"relying":[229],"solely":[230],"tutorials":[232],"or":[233],"common-sense":[234],"defenses,":[235],"releasing":[237],"after":[241],"perfect":[242],"scrubbing.":[243]},"counts_by_year":[{"year":2026,"cited_by_count":1},{"year":2025,"cited_by_count":8}],"updated_date":"2026-04-10T15:06:20.359241","created_date":"2025-10-10T00:00:00"}