{"id":"https://openalex.org/W4405181291","doi":"https://doi.org/10.1145/3658644.3690325","title":"The Janus Interface: How Fine-Tuning in Large Language Models Amplifies the Privacy Risks","display_name":"The Janus Interface: How Fine-Tuning in Large Language Models Amplifies the Privacy Risks","publication_year":2024,"publication_date":"2024-12-02","ids":{"openalex":"https://openalex.org/W4405181291","doi":"https://doi.org/10.1145/3658644.3690325"},"language":"en","primary_location":{"id":"doi:10.1145/3658644.3690325","is_oa":true,"landing_page_url":"https://doi.org/10.1145/3658644.3690325","pdf_url":"https://dl.acm.org/doi/pdf/10.1145/3658644.3690325","source":null,"license":"cc-by","license_id":"https://openalex.org/licenses/cc-by","version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"Proceedings of the 2024 on ACM SIGSAC Conference on Computer and Communications Security","raw_type":"proceedings-article"},"type":"article","indexed_in":["crossref"],"open_access":{"is_oa":true,"oa_status":"gold","oa_url":"https://dl.acm.org/doi/pdf/10.1145/3658644.3690325","any_repository_has_fulltext":null},"authorships":[{"author_position":"first","author":{"id":"https://openalex.org/A5100650023","display_name":"Xiaoyi Chen","orcid":"https://orcid.org/0000-0002-6224-791X"},"institutions":[{"id":"https://openalex.org/I4210119109","display_name":"Indiana University Bloomington","ror":"https://ror.org/02k40bc56","country_code":"US","type":"education","lineage":["https://openalex.org/I4210119109","https://openalex.org/I592451"]}],"countries":["US"],"is_corresponding":true,"raw_author_name":"Xiaoyi Chen","raw_affiliation_strings":["Indiana University Bloomington, Bloomington, Indiana, USA"],"affiliations":[{"raw_affiliation_string":"Indiana University Bloomington, Bloomington, Indiana, USA","institution_ids":["https://openalex.org/I4210119109"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5019833511","display_name":"Siyuan Tang","orcid":"https://orcid.org/0000-0003-3377-6975"},"institutions":[{"id":"https://openalex.org/I4210119109","display_name":"Indiana University Bloomington","ror":"https://ror.org/02k40bc56","country_code":"US","type":"education","lineage":["https://openalex.org/I4210119109","https://openalex.org/I592451"]}],"countries":["US"],"is_corresponding":false,"raw_author_name":"Siyuan Tang","raw_affiliation_strings":["Indiana University Bloomington, Bloomington, Indiana, USA"],"affiliations":[{"raw_affiliation_string":"Indiana University Bloomington, Bloomington, Indiana, USA","institution_ids":["https://openalex.org/I4210119109"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5101093405","display_name":"Rui Zhu","orcid":"https://orcid.org/0000-0002-8059-6718"},"institutions":[{"id":"https://openalex.org/I4210119109","display_name":"Indiana University Bloomington","ror":"https://ror.org/02k40bc56","country_code":"US","type":"education","lineage":["https://openalex.org/I4210119109","https://openalex.org/I592451"]}],"countries":["US"],"is_corresponding":false,"raw_author_name":"Rui Zhu","raw_affiliation_strings":["Indiana University Bloomington, Bloomington, Indiana, USA"],"affiliations":[{"raw_affiliation_string":"Indiana University Bloomington, Bloomington, Indiana, USA","institution_ids":["https://openalex.org/I4210119109"]}]},{"author_position":"middle","author":{"id":null,"display_name":"Shijun Yan","orcid":"https://orcid.org/0009-0002-6289-1374"},"institutions":[{"id":"https://openalex.org/I4210103986","display_name":"Jingdong (China)","ror":"https://ror.org/01dkjkq64","country_code":"CN","type":"company","lineage":["https://openalex.org/I4210103986"]}],"countries":["CN"],"is_corresponding":false,"raw_author_name":"Shijun Yan","raw_affiliation_strings":["JD Cloud, Beijing, China"],"affiliations":[{"raw_affiliation_string":"JD Cloud, Beijing, China","institution_ids":["https://openalex.org/I4210103986"]}]},{"author_position":"middle","author":{"id":null,"display_name":"Lei Jin","orcid":"https://orcid.org/0009-0007-5037-8617"},"institutions":[{"id":"https://openalex.org/I4210103986","display_name":"Jingdong (China)","ror":"https://ror.org/01dkjkq64","country_code":"CN","type":"company","lineage":["https://openalex.org/I4210103986"]}],"countries":["CN"],"is_corresponding":false,"raw_author_name":"Lei Jin","raw_affiliation_strings":["JD Cloud, Beijing, China"],"affiliations":[{"raw_affiliation_string":"JD Cloud, Beijing, China","institution_ids":["https://openalex.org/I4210103986"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5087208213","display_name":"Zihao Wang","orcid":"https://orcid.org/0009-0009-7620-4142"},"institutions":[{"id":"https://openalex.org/I4210119109","display_name":"Indiana University Bloomington","ror":"https://ror.org/02k40bc56","country_code":"US","type":"education","lineage":["https://openalex.org/I4210119109","https://openalex.org/I592451"]}],"countries":["US"],"is_corresponding":false,"raw_author_name":"Zihao Wang","raw_affiliation_strings":["Indiana University Bloomington, Bloomington, Indiana, United States"],"affiliations":[{"raw_affiliation_string":"Indiana University Bloomington, Bloomington, Indiana, United States","institution_ids":["https://openalex.org/I4210119109"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5112480499","display_name":"Liya Su","orcid":"https://orcid.org/0009-0000-9499-2298"},"institutions":[{"id":"https://openalex.org/I4210103986","display_name":"Jingdong (China)","ror":"https://ror.org/01dkjkq64","country_code":"CN","type":"company","lineage":["https://openalex.org/I4210103986"]}],"countries":["CN"],"is_corresponding":false,"raw_author_name":"Liya Su","raw_affiliation_strings":["JD Cloud, Beijing, China"],"affiliations":[{"raw_affiliation_string":"JD Cloud, Beijing, China","institution_ids":["https://openalex.org/I4210103986"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5100746182","display_name":"Zhikun Zhang","orcid":"https://orcid.org/0000-0001-7208-3392"},"institutions":[{"id":"https://openalex.org/I76130692","display_name":"Zhejiang University","ror":"https://ror.org/00a2xv884","country_code":"CN","type":"education","lineage":["https://openalex.org/I76130692"]}],"countries":["CN"],"is_corresponding":false,"raw_author_name":"Zhikun Zhang","raw_affiliation_strings":["Zhejiang University, Hangzhou, China"],"affiliations":[{"raw_affiliation_string":"Zhejiang University, Hangzhou, China","institution_ids":["https://openalex.org/I76130692"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5066976667","display_name":"XiaoFeng Wang","orcid":"https://orcid.org/0000-0002-0607-4946"},"institutions":[{"id":"https://openalex.org/I4210119109","display_name":"Indiana University Bloomington","ror":"https://ror.org/02k40bc56","country_code":"US","type":"education","lineage":["https://openalex.org/I4210119109","https://openalex.org/I592451"]}],"countries":["US"],"is_corresponding":false,"raw_author_name":"XiaoFeng Wang","raw_affiliation_strings":["Indiana University Bloomington, Bloomington, Indiana, USA"],"affiliations":[{"raw_affiliation_string":"Indiana University Bloomington, Bloomington, Indiana, USA","institution_ids":["https://openalex.org/I4210119109"]}]},{"author_position":"last","author":{"id":"https://openalex.org/A5078007096","display_name":"Haixu Tang","orcid":"https://orcid.org/0000-0001-8963-8155"},"institutions":[{"id":"https://openalex.org/I4210119109","display_name":"Indiana University Bloomington","ror":"https://ror.org/02k40bc56","country_code":"US","type":"education","lineage":["https://openalex.org/I4210119109","https://openalex.org/I592451"]}],"countries":["US"],"is_corresponding":false,"raw_author_name":"Haixu Tang","raw_affiliation_strings":["Indiana University Bloomington, Bloomington, Indiana, USA"],"affiliations":[{"raw_affiliation_string":"Indiana University Bloomington, Bloomington, Indiana, USA","institution_ids":["https://openalex.org/I4210119109"]}]}],"institutions":[],"countries_distinct_count":2,"institutions_distinct_count":10,"corresponding_author_ids":["https://openalex.org/A5100650023"],"corresponding_institution_ids":["https://openalex.org/I4210119109"],"apc_list":null,"apc_paid":null,"fwci":6.7615,"has_fulltext":false,"cited_by_count":20,"citation_normalized_percentile":{"value":0.97317841,"is_in_top_1_percent":false,"is_in_top_10_percent":true},"cited_by_percentile_year":{"min":99,"max":100},"biblio":{"volume":null,"issue":null,"first_page":"1285","last_page":"1299"},"is_retracted":false,"is_paratext":false,"is_xpac":false,"primary_topic":{"id":"https://openalex.org/T10764","display_name":"Privacy-Preserving Technologies in Data","score":0.9997000098228455,"subfield":{"id":"https://openalex.org/subfields/1702","display_name":"Artificial Intelligence"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},"topics":[{"id":"https://openalex.org/T10764","display_name":"Privacy-Preserving Technologies in Data","score":0.9997000098228455,"subfield":{"id":"https://openalex.org/subfields/1702","display_name":"Artificial Intelligence"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T11689","display_name":"Adversarial Robustness in Machine Learning","score":0.9876999855041504,"subfield":{"id":"https://openalex.org/subfields/1702","display_name":"Artificial Intelligence"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T11636","display_name":"Artificial Intelligence in Healthcare and Education","score":0.9722999930381775,"subfield":{"id":"https://openalex.org/subfields/2718","display_name":"Health Informatics"},"field":{"id":"https://openalex.org/fields/27","display_name":"Medicine"},"domain":{"id":"https://openalex.org/domains/4","display_name":"Health Sciences"}}],"keywords":[{"id":"https://openalex.org/keywords/janus","display_name":"Janus","score":0.723221480846405},{"id":"https://openalex.org/keywords/computer-science","display_name":"Computer science","score":0.7206530570983887},{"id":"https://openalex.org/keywords/computer-security","display_name":"Computer security","score":0.634357750415802},{"id":"https://openalex.org/keywords/adversary","display_name":"Adversary","score":0.5830364227294922},{"id":"https://openalex.org/keywords/context","display_name":"Context (archaeology)","score":0.46934640407562256},{"id":"https://openalex.org/keywords/exploit","display_name":"Exploit","score":0.44928431510925293},{"id":"https://openalex.org/keywords/attack-surface","display_name":"Attack surface","score":0.4377521574497223},{"id":"https://openalex.org/keywords/internet-privacy","display_name":"Internet privacy","score":0.4334326684474945}],"concepts":[{"id":"https://openalex.org/C2779290492","wikidata":"https://www.wikidata.org/wiki/Q6155940","display_name":"Janus","level":2,"score":0.723221480846405},{"id":"https://openalex.org/C41008148","wikidata":"https://www.wikidata.org/wiki/Q21198","display_name":"Computer science","level":0,"score":0.7206530570983887},{"id":"https://openalex.org/C38652104","wikidata":"https://www.wikidata.org/wiki/Q3510521","display_name":"Computer security","level":1,"score":0.634357750415802},{"id":"https://openalex.org/C41065033","wikidata":"https://www.wikidata.org/wiki/Q2825412","display_name":"Adversary","level":2,"score":0.5830364227294922},{"id":"https://openalex.org/C2779343474","wikidata":"https://www.wikidata.org/wiki/Q3109175","display_name":"Context (archaeology)","level":2,"score":0.46934640407562256},{"id":"https://openalex.org/C165696696","wikidata":"https://www.wikidata.org/wiki/Q11287","display_name":"Exploit","level":2,"score":0.44928431510925293},{"id":"https://openalex.org/C2776576444","wikidata":"https://www.wikidata.org/wiki/Q303569","display_name":"Attack surface","level":2,"score":0.4377521574497223},{"id":"https://openalex.org/C108827166","wikidata":"https://www.wikidata.org/wiki/Q175975","display_name":"Internet privacy","level":1,"score":0.4334326684474945},{"id":"https://openalex.org/C199360897","wikidata":"https://www.wikidata.org/wiki/Q9143","display_name":"Programming language","level":1,"score":0.0},{"id":"https://openalex.org/C86803240","wikidata":"https://www.wikidata.org/wiki/Q420","display_name":"Biology","level":0,"score":0.0},{"id":"https://openalex.org/C151730666","wikidata":"https://www.wikidata.org/wiki/Q7205","display_name":"Paleontology","level":1,"score":0.0}],"mesh":[],"locations_count":1,"locations":[{"id":"doi:10.1145/3658644.3690325","is_oa":true,"landing_page_url":"https://doi.org/10.1145/3658644.3690325","pdf_url":"https://dl.acm.org/doi/pdf/10.1145/3658644.3690325","source":null,"license":"cc-by","license_id":"https://openalex.org/licenses/cc-by","version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"Proceedings of the 2024 on ACM SIGSAC Conference on Computer and Communications Security","raw_type":"proceedings-article"}],"best_oa_location":{"id":"doi:10.1145/3658644.3690325","is_oa":true,"landing_page_url":"https://doi.org/10.1145/3658644.3690325","pdf_url":"https://dl.acm.org/doi/pdf/10.1145/3658644.3690325","source":null,"license":"cc-by","license_id":"https://openalex.org/licenses/cc-by","version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"Proceedings of the 2024 on ACM SIGSAC Conference on Computer and Communications Security","raw_type":"proceedings-article"},"sustainable_development_goals":[],"awards":[{"id":"https://openalex.org/G5937091990","display_name":null,"funder_award_id":"W91NF-20-C-0034","funder_id":"https://openalex.org/F4320323817","funder_display_name":"Universitas Brawijaya"},{"id":"https://openalex.org/G751562996","display_name":null,"funder_award_id":"CNS-2207231","funder_id":"https://openalex.org/F4320323817","funder_display_name":"Universitas Brawijaya"}],"funders":[{"id":"https://openalex.org/F4320323817","display_name":"Universitas Brawijaya","ror":"https://ror.org/01wk3d929"}],"has_content":{"grobid_xml":false,"pdf":true},"content_urls":{"pdf":"https://content.openalex.org/works/W4405181291.pdf"},"referenced_works_count":14,"referenced_works":["https://openalex.org/W2473418344","https://openalex.org/W2743151379","https://openalex.org/W3108280718","https://openalex.org/W3185341429","https://openalex.org/W4212774754","https://openalex.org/W4223908421","https://openalex.org/W4231844697","https://openalex.org/W4232172926","https://openalex.org/W4307079201","https://openalex.org/W4379537569","https://openalex.org/W4385571225","https://openalex.org/W4385714464","https://openalex.org/W4387113775","https://openalex.org/W4389617257"],"related_works":["https://openalex.org/W3127131576","https://openalex.org/W4401226765","https://openalex.org/W993170344","https://openalex.org/W2573831620","https://openalex.org/W2478244259","https://openalex.org/W2902040535","https://openalex.org/W2187854411","https://openalex.org/W41015297","https://openalex.org/W2588995807","https://openalex.org/W2883540030"],"abstract_inverted_index":{"The":[0],"rapid":[1],"advancements":[2],"of":[3,16,43,70,129],"large":[4],"language":[5,119,134],"models":[6,135],"(LLMs)":[7],"have":[8,28],"raised":[9],"public":[10],"concerns":[11],"about":[12],"the":[13,40,54,64,68,85,93,100,127,151,161,166],"privacy":[14,37,101,152,168],"leakage":[15,102],"personally":[17],"identifiable":[18],"information":[19],"(PII)":[20],"within":[21],"their":[22],"extensive":[23],"training":[24,41],"datasets.":[25],"Recent":[26],"studies":[27],"demonstrated":[29],"that":[30,148,182],"an":[31,200,205],"adversary":[32,201],"could":[33],"extract":[34],"highly":[35],"sensitive":[36],"data":[38,42,95],"from":[39,53,92],"LLMs":[44,105],"with":[45,160],"carefully":[46],"designed":[47],"prompts.":[48],"However,":[49],"these":[50,123],"attacks":[51,170,173],"suffer":[52],"model's":[55],"tendency":[56],"to":[57,88,195,202],"hallucinate":[58],"and":[59,106,136,142,163,174,189],"catastrophic":[60],"forgetting":[61],"(CF)":[62],"in":[63,96,104,158],"pre-training":[65,94],"stage,":[66],"rendering":[67],"veracity":[69],"divulged":[71],"PIIs":[72,91,110],"negligible.":[73],"In":[74],"our":[75,179,196],"research,":[76],"we":[77,125],"propose":[78],"a":[79,208],"novel":[80],"attack,":[81,198],"Janus,":[82],"which":[83],"exploits":[84],"fine-tuning":[86,184],"interface":[87],"recover":[89],"forgotten":[90,109],"LLMs.":[97],"We":[98],"formalize":[99],"problem":[103],"explain":[107],"why":[108],"can":[111],"be":[112],"recovered":[113],"through":[114],"empirical":[115],"analysis":[116,180],"on":[117,131],"open-source":[118,133],"models.":[120],"Based":[121],"upon":[122],"insights,":[124],"evaluate":[126],"performance":[128],"Janus":[130,149,197],"both":[132],"two":[137],"latest":[138],"LLMs,":[139],"i.e.,":[140],"GPT-3.5-Turbo":[141],"LLaMA-2-7b.":[143],"Our":[144],"experiment":[145],"results":[146],"show":[147],"amplifies":[150],"risks":[153],"by":[154,187],"over":[155],"10":[156],"times":[157],"comparison":[159],"baseline":[162],"significantly":[164],"outperforms":[165],"state-of-the-art":[167],"extraction":[169],"including":[171],"prefix":[172],"in-context":[175],"learning":[176],"(ICL).":[177],"Furthermore,":[178],"validates":[181],"existing":[183],"APIs":[185],"provided":[186],"OpenAI":[188],"Azure":[190],"AI":[191],"Studio":[192],"are":[193],"susceptible":[194],"allowing":[199],"conduct":[203],"such":[204],"attack":[206],"at":[207],"low":[209],"cost.":[210]},"counts_by_year":[{"year":2026,"cited_by_count":7},{"year":2025,"cited_by_count":13}],"updated_date":"2026-04-14T08:04:32.555800","created_date":"2025-10-10T00:00:00"}