{"id":"https://openalex.org/W7130574438","doi":"https://doi.org/10.48550/arxiv.2602.15897","title":"Mitigating Gradient Inversion Risks in Language Models via Token Obfuscation","display_name":"Mitigating Gradient Inversion Risks in Language Models via Token Obfuscation","publication_year":2026,"publication_date":"2026-02-11","ids":{"openalex":"https://openalex.org/W7130574438","doi":"https://doi.org/10.48550/arxiv.2602.15897"},"language":null,"primary_location":{"id":"pmh:doi:10.48550/arxiv.2602.15897","is_oa":true,"landing_page_url":null,"pdf_url":null,"source":{"id":"https://openalex.org/S4406922384","display_name":"Open MIND","issn_l":null,"issn":null,"is_oa":false,"is_in_doaj":false,"is_core":false,"host_organization":null,"host_organization_name":null,"host_organization_lineage":[],"host_organization_lineage_names":[],"type":"repository"},"license":"publisher-specific-oa","license_id":"https://openalex.org/licenses/publisher-specific-oa","version":"submittedVersion","is_accepted":false,"is_published":false,"raw_source_name":null,"raw_type":"Article"},"type":"preprint","indexed_in":["datacite"],"open_access":{"is_oa":true,"oa_status":"green","oa_url":null,"any_repository_has_fulltext":true},"authorships":[{"author_position":"first","author":{"id":"https://openalex.org/A5074650815","display_name":"Xinguo Feng","orcid":"https://orcid.org/0000-0003-2307-2771"},"institutions":[],"countries":[],"is_corresponding":true,"raw_author_name":"Feng, Xinguo","raw_affiliation_strings":[],"affiliations":[]},{"author_position":"middle","author":{"id":"https://openalex.org/A5021033946","display_name":"Zhongkui Ma","orcid":"https://orcid.org/0000-0002-2392-3751"},"institutions":[],"countries":[],"is_corresponding":false,"raw_author_name":"Ma, Zhongkui","raw_affiliation_strings":[],"affiliations":[]},{"author_position":"middle","author":{"id":"https://openalex.org/A5126403538","display_name":"Zihan Wang","orcid":null},"institutions":[],"countries":[],"is_corresponding":false,"raw_author_name":"Wang, Zihan","raw_affiliation_strings":[],"affiliations":[]},{"author_position":"middle","author":{"id":"https://openalex.org/A5126376850","display_name":"Alsharif Abuadbba","orcid":null},"institutions":[],"countries":[],"is_corresponding":false,"raw_author_name":"Abuadbba, Alsharif","raw_affiliation_strings":[],"affiliations":[]},{"author_position":"last","author":{"id":"https://openalex.org/A5018516368","display_name":"Sin G. Teo","orcid":"https://orcid.org/0000-0003-1090-505X"},"institutions":[],"countries":[],"is_corresponding":false,"raw_author_name":"Bai, Guangdong","raw_affiliation_strings":[],"affiliations":[]}],"institutions":[],"countries_distinct_count":0,"institutions_distinct_count":5,"corresponding_author_ids":["https://openalex.org/A5074650815"],"corresponding_institution_ids":[],"apc_list":null,"apc_paid":null,"fwci":null,"has_fulltext":false,"cited_by_count":0,"citation_normalized_percentile":null,"cited_by_percentile_year":null,"biblio":{"volume":null,"issue":null,"first_page":null,"last_page":null},"is_retracted":false,"is_paratext":false,"is_xpac":false,"primary_topic":{"id":"https://openalex.org/T11689","display_name":"Adversarial Robustness in Machine Learning","score":0.8774999976158142,"subfield":{"id":"https://openalex.org/subfields/1702","display_name":"Artificial Intelligence"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},"topics":[{"id":"https://openalex.org/T11689","display_name":"Adversarial Robustness in Machine Learning","score":0.8774999976158142,"subfield":{"id":"https://openalex.org/subfields/1702","display_name":"Artificial Intelligence"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T10764","display_name":"Privacy-Preserving Technologies in Data","score":0.03150000050663948,"subfield":{"id":"https://openalex.org/subfields/1702","display_name":"Artificial Intelligence"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T10028","display_name":"Topic Modeling","score":0.024900000542402267,"subfield":{"id":"https://openalex.org/subfields/1702","display_name":"Artificial Intelligence"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}}],"keywords":[{"id":"https://openalex.org/keywords/security-token","display_name":"Security token","score":0.7867000102996826},{"id":"https://openalex.org/keywords/language-model","display_name":"Language model","score":0.49950000643730164},{"id":"https://openalex.org/keywords/obfuscation","display_name":"Obfuscation","score":0.47589999437332153},{"id":"https://openalex.org/keywords/inference","display_name":"Inference","score":0.4690999984741211},{"id":"https://openalex.org/keywords/gradient-descent","display_name":"Gradient descent","score":0.4584999978542328},{"id":"https://openalex.org/keywords/embedding","display_name":"Embedding","score":0.38530001044273376},{"id":"https://openalex.org/keywords/semantics","display_name":"Semantics (computer science)","score":0.3797999918460846}],"concepts":[{"id":"https://openalex.org/C41008148","wikidata":"https://www.wikidata.org/wiki/Q21198","display_name":"Computer science","level":0,"score":0.8052999973297119},{"id":"https://openalex.org/C48145219","wikidata":"https://www.wikidata.org/wiki/Q1335365","display_name":"Security token","level":2,"score":0.7867000102996826},{"id":"https://openalex.org/C137293760","wikidata":"https://www.wikidata.org/wiki/Q3621696","display_name":"Language model","level":2,"score":0.49950000643730164},{"id":"https://openalex.org/C154945302","wikidata":"https://www.wikidata.org/wiki/Q11660","display_name":"Artificial intelligence","level":1,"score":0.48919999599456787},{"id":"https://openalex.org/C40305131","wikidata":"https://www.wikidata.org/wiki/Q2616305","display_name":"Obfuscation","level":2,"score":0.47589999437332153},{"id":"https://openalex.org/C2776214188","wikidata":"https://www.wikidata.org/wiki/Q408386","display_name":"Inference","level":2,"score":0.4690999984741211},{"id":"https://openalex.org/C153258448","wikidata":"https://www.wikidata.org/wiki/Q1199743","display_name":"Gradient descent","level":3,"score":0.4584999978542328},{"id":"https://openalex.org/C41608201","wikidata":"https://www.wikidata.org/wiki/Q980509","display_name":"Embedding","level":2,"score":0.38530001044273376},{"id":"https://openalex.org/C184337299","wikidata":"https://www.wikidata.org/wiki/Q1437428","display_name":"Semantics (computer science)","level":2,"score":0.3797999918460846},{"id":"https://openalex.org/C2780186347","wikidata":"https://www.wikidata.org/wiki/Q11414","display_name":"Subnetwork","level":2,"score":0.3725999891757965},{"id":"https://openalex.org/C124101348","wikidata":"https://www.wikidata.org/wiki/Q172491","display_name":"Data mining","level":1,"score":0.314300000667572},{"id":"https://openalex.org/C103278499","wikidata":"https://www.wikidata.org/wiki/Q254465","display_name":"Similarity (geometry)","level":3,"score":0.2752000093460083},{"id":"https://openalex.org/C119857082","wikidata":"https://www.wikidata.org/wiki/Q2539","display_name":"Machine learning","level":1,"score":0.2721000015735626},{"id":"https://openalex.org/C1893757","wikidata":"https://www.wikidata.org/wiki/Q3653001","display_name":"Inversion (geology)","level":3,"score":0.26989999413490295},{"id":"https://openalex.org/C130318100","wikidata":"https://www.wikidata.org/wiki/Q2268914","display_name":"Semantic similarity","level":2,"score":0.2687999904155731},{"id":"https://openalex.org/C205606062","wikidata":"https://www.wikidata.org/wiki/Q5249645","display_name":"Decoupling (probability)","level":2,"score":0.266400009393692},{"id":"https://openalex.org/C80444323","wikidata":"https://www.wikidata.org/wiki/Q2878974","display_name":"Theoretical computer science","level":1,"score":0.26510000228881836},{"id":"https://openalex.org/C67186912","wikidata":"https://www.wikidata.org/wiki/Q367664","display_name":"Data modeling","level":2,"score":0.25589999556541443},{"id":"https://openalex.org/C2778755073","wikidata":"https://www.wikidata.org/wiki/Q10858537","display_name":"Scale (ratio)","level":2,"score":0.25189998745918274}],"mesh":[],"locations_count":2,"locations":[{"id":"pmh:doi:10.48550/arxiv.2602.15897","is_oa":true,"landing_page_url":null,"pdf_url":null,"source":{"id":"https://openalex.org/S4406922384","display_name":"Open MIND","issn_l":null,"issn":null,"is_oa":false,"is_in_doaj":false,"is_core":false,"host_organization":null,"host_organization_name":null,"host_organization_lineage":[],"host_organization_lineage_names":[],"type":"repository"},"license":"publisher-specific-oa","license_id":"https://openalex.org/licenses/publisher-specific-oa","version":"submittedVersion","is_accepted":false,"is_published":false,"raw_source_name":null,"raw_type":"Article"},{"id":"doi:10.48550/arxiv.2602.15897","is_oa":true,"landing_page_url":"https://doi.org/10.48550/arxiv.2602.15897","pdf_url":null,"source":{"id":"https://openalex.org/S4306400194","display_name":"arXiv (Cornell University)","issn_l":null,"issn":null,"is_oa":true,"is_in_doaj":false,"is_core":false,"host_organization":"https://openalex.org/I205783295","host_organization_name":"Cornell University","host_organization_lineage":["https://openalex.org/I205783295"],"host_organization_lineage_names":[],"type":"repository"},"license":null,"license_id":null,"version":null,"is_accepted":false,"is_published":null,"raw_source_name":null,"raw_type":"article"}],"best_oa_location":{"id":"pmh:doi:10.48550/arxiv.2602.15897","is_oa":true,"landing_page_url":null,"pdf_url":null,"source":{"id":"https://openalex.org/S4406922384","display_name":"Open MIND","issn_l":null,"issn":null,"is_oa":false,"is_in_doaj":false,"is_core":false,"host_organization":null,"host_organization_name":null,"host_organization_lineage":[],"host_organization_lineage_names":[],"type":"repository"},"license":"publisher-specific-oa","license_id":"https://openalex.org/licenses/publisher-specific-oa","version":"submittedVersion","is_accepted":false,"is_published":false,"raw_source_name":null,"raw_type":"Article"},"sustainable_development_goals":[],"awards":[],"funders":[],"has_content":{"grobid_xml":false,"pdf":false},"content_urls":null,"referenced_works_count":0,"referenced_works":[],"related_works":[],"abstract_inverted_index":{"Training":[0],"and":[1,74,108,161,180,218,236,245,252,258],"fine-tuning":[2],"large-scale":[3],"language":[4],"models":[5],"largely":[6],"benefit":[7],"from":[8,31,52],"collaborative":[9],"learning,":[10],"but":[11],"the":[12,66,102,120,124,138,142,151,156,159,202,221],"approach":[13],"has":[14],"been":[15],"proven":[16],"vulnerable":[17],"to":[18,26,47,55,65,119,189,193,216,240],"gradient":[19,38,45,53,162],"inversion":[20],"attacks":[21],"(GIAs),":[22],"which":[23,145,169,184],"allow":[24],"adversaries":[25],"reconstruct":[27],"private":[28],"training":[29,197],"data":[30],"shared":[32],"gradients.":[33],"Existing":[34],"defenses":[35],"mainly":[36],"employ":[37],"perturbation":[39],"techniques,":[40],"e.g.,":[41],"noise":[42],"injection":[43],"or":[44],"pruning,":[46],"disrupt":[48],"GIAs'":[49],"direct":[50],"mapping":[51],"space":[54,153],"token":[56,75,109,125,152],"space.":[57],"However,":[58],"these":[59],"methods":[60],"often":[61],"fall":[62],"short":[63],"due":[64,118],"retention":[67],"of":[68,123,141,224],"semantics":[69],"similarity":[70],"across":[71,105,210],"gradient,":[72,106],"embedding,":[73,107],"spaces.":[76,110,163],"In":[77],"this":[78],"work,":[79],"we":[80],"propose":[81],"a":[82,93,147,166,176,181],"novel":[83],"defense":[84],"mechanism":[85,96],"named":[86],"GHOST":[87,111,164,225],"(gradient":[88],"shield":[89],"with":[90,201],"obfuscated":[91],"tokens),":[92],"token-level":[94],"obfuscation":[95],"that":[97,134],"neutralizes":[98],"GIAs":[99,257],"by":[100,198,206],"decoupling":[101],"inherent":[103],"connections":[104],"is":[112],"built":[113],"upon":[114],"an":[115],"important":[116],"insight:":[117],"large":[121],"scale":[122],"space,":[126],"there":[127],"exist":[128],"semantically":[129,171],"distinct":[130,172],"yet":[131],"embedding-proximate":[132],"tokens":[133,174,188],"can":[135],"serve":[136],"as":[137,231],"shadow":[139,187],"substitutes":[140],"original":[143,207],"tokens,":[144],"enables":[146],"semantic":[148],"disconnection":[149],"in":[150,158,226,233,242,247,249],"while":[154],"preserving":[155,199,237],"connection":[157],"embedding":[160],"comprises":[165],"searching":[167,178],"step,":[168,183],"identifies":[170],"candidate":[173],"using":[175],"multi-criteria":[177],"process,":[179],"selection":[182],"selects":[185],"optimal":[186],"ensure":[190],"minimal":[191],"disruption":[192],"features":[194],"critical":[195],"for":[196],"alignment":[200],"internal":[203],"outputs":[204],"produced":[205],"tokens.":[208],"Evaluation":[209],"diverse":[211],"model":[212],"architectures":[213],"(from":[214],"BERT":[215],"Llama)":[217],"datasets":[219],"demonstrates":[220],"remarkable":[222],"effectiveness":[223],"protecting":[227],"privacy":[228],"(as":[229],"low":[230],"1%":[232],"recovery":[234],"rate)":[235],"utility":[238],"(up":[239],"0.92":[241],"classification":[243,251],"F1":[244],"5.45":[246],"perplexity),":[248],"both":[250],"generation":[253],"tasks":[254],"against":[255],"state-of-the-art":[256],"adaptive":[259],"attack":[260],"scenarios.":[261]},"counts_by_year":[],"updated_date":"2026-04-04T16:13:02.066488","created_date":"2026-02-20T00:00:00"}