{"id":"https://openalex.org/W7155505633","doi":"https://doi.org/10.48550/arxiv.2604.21197","title":"Toward Efficient Membership Inference Attacks against Federated Large Language Models: A Projection Residual Approach","display_name":"Toward Efficient Membership Inference Attacks against Federated Large Language Models: A Projection Residual Approach","publication_year":2026,"publication_date":"2026-04-23","ids":{"openalex":"https://openalex.org/W7155505633","doi":"https://doi.org/10.48550/arxiv.2604.21197"},"language":null,"primary_location":{"id":"doi:10.48550/arxiv.2604.21197","is_oa":true,"landing_page_url":"https://doi.org/10.48550/arxiv.2604.21197","pdf_url":null,"source":{"id":"https://openalex.org/S4306400194","display_name":"arXiv (Cornell University)","issn_l":null,"issn":null,"is_oa":true,"is_in_doaj":false,"is_core":false,"host_organization":"https://openalex.org/I205783295","host_organization_name":"Cornell University","host_organization_lineage":["https://openalex.org/I205783295"],"host_organization_lineage_names":[],"type":"repository"},"license":"cc-by","license_id":"https://openalex.org/licenses/cc-by","version":null,"is_accepted":false,"is_published":false,"raw_source_name":null,"raw_type":"article"},"type":"preprint","indexed_in":["datacite"],"open_access":{"is_oa":true,"oa_status":"green","oa_url":"https://doi.org/10.48550/arxiv.2604.21197","any_repository_has_fulltext":true},"authorships":[{"author_position":"first","author":{"id":"https://openalex.org/A5123985835","display_name":"Guilin Deng","orcid":null},"institutions":[],"countries":[],"is_corresponding":true,"raw_author_name":"Deng, Guilin","raw_affiliation_strings":[],"raw_orcid":null,"affiliations":[]},{"author_position":"middle","author":{"id":"https://openalex.org/A5123997939","display_name":"Silong Chen","orcid":null},"institutions":[],"countries":[],"is_corresponding":false,"raw_author_name":"Chen, Silong","raw_affiliation_strings":[],"raw_orcid":null,"affiliations":[]},{"author_position":"middle","author":{"id":"https://openalex.org/A5134473120","display_name":"Yuchuan Luo","orcid":null},"institutions":[],"countries":[],"is_corresponding":false,"raw_author_name":"Luo, Yuchuan","raw_affiliation_strings":[],"raw_orcid":null,"affiliations":[]},{"author_position":"middle","author":{"id":"https://openalex.org/A5134560086","display_name":"Yi Liu","orcid":"https://orcid.org/0009-0001-2358-4526"},"institutions":[],"countries":[],"is_corresponding":false,"raw_author_name":"Liu, Yi","raw_affiliation_strings":[],"raw_orcid":null,"affiliations":[]},{"author_position":"middle","author":{"id":"https://openalex.org/A5089448389","display_name":"Songlei Wang","orcid":"https://orcid.org/0000-0003-4063-1694"},"institutions":[],"countries":[],"is_corresponding":false,"raw_author_name":"Wang, Songlei","raw_affiliation_strings":[],"raw_orcid":null,"affiliations":[]},{"author_position":"middle","author":{"id":"https://openalex.org/A5134527181","display_name":"Zhiping Cai","orcid":null},"institutions":[],"countries":[],"is_corresponding":false,"raw_author_name":"Cai, Zhiping","raw_affiliation_strings":[],"raw_orcid":null,"affiliations":[]},{"author_position":"middle","author":{"id":"https://openalex.org/A5134496554","display_name":"Lin Liu","orcid":null},"institutions":[],"countries":[],"is_corresponding":false,"raw_author_name":"Liu, Lin","raw_affiliation_strings":[],"raw_orcid":null,"affiliations":[]},{"author_position":"middle","author":{"id":"https://openalex.org/A5134479925","display_name":"Xiaohua Jia","orcid":null},"institutions":[],"countries":[],"is_corresponding":false,"raw_author_name":"Jia, Xiaohua","raw_affiliation_strings":[],"raw_orcid":null,"affiliations":[]},{"author_position":"last","author":{"id":"https://openalex.org/A5134554093","display_name":"Shaojing Fu","orcid":null},"institutions":[],"countries":[],"is_corresponding":false,"raw_author_name":"Fu, Shaojing","raw_affiliation_strings":[],"raw_orcid":null,"affiliations":[]}],"institutions":[],"countries_distinct_count":0,"institutions_distinct_count":9,"corresponding_author_ids":["https://openalex.org/A5123985835"],"corresponding_institution_ids":[],"apc_list":null,"apc_paid":null,"fwci":null,"has_fulltext":false,"cited_by_count":0,"citation_normalized_percentile":null,"cited_by_percentile_year":null,"biblio":{"volume":null,"issue":null,"first_page":null,"last_page":null},"is_retracted":false,"is_paratext":false,"is_xpac":false,"primary_topic":{"id":"https://openalex.org/T10764","display_name":"Privacy-Preserving Technologies in Data","score":0.7111999988555908,"subfield":{"id":"https://openalex.org/subfields/1702","display_name":"Artificial Intelligence"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},"topics":[{"id":"https://openalex.org/T10764","display_name":"Privacy-Preserving Technologies in Data","score":0.7111999988555908,"subfield":{"id":"https://openalex.org/subfields/1702","display_name":"Artificial Intelligence"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T11689","display_name":"Adversarial Robustness in Machine Learning","score":0.06909999996423721,"subfield":{"id":"https://openalex.org/subfields/1702","display_name":"Artificial Intelligence"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T11636","display_name":"Artificial Intelligence in Healthcare and Education","score":0.01769999973475933,"subfield":{"id":"https://openalex.org/subfields/2718","display_name":"Health Informatics"},"field":{"id":"https://openalex.org/fields/27","display_name":"Medicine"},"domain":{"id":"https://openalex.org/domains/4","display_name":"Health Sciences"}}],"keywords":[{"id":"https://openalex.org/keywords/inference","display_name":"Inference","score":0.6592000126838684},{"id":"https://openalex.org/keywords/projection","display_name":"Projection (relational algebra)","score":0.6431000232696533},{"id":"https://openalex.org/keywords/vulnerability","display_name":"Vulnerability (computing)","score":0.545799970626831},{"id":"https://openalex.org/keywords/embedding","display_name":"Embedding","score":0.4902999997138977},{"id":"https://openalex.org/keywords/raw-data","display_name":"Raw data","score":0.48750001192092896},{"id":"https://openalex.org/keywords/subspace-topology","display_name":"Subspace topology","score":0.4700999855995178},{"id":"https://openalex.org/keywords/federated-learning","display_name":"Federated learning","score":0.4399000108242035},{"id":"https://openalex.org/keywords/scheme","display_name":"Scheme (mathematics)","score":0.43380001187324524},{"id":"https://openalex.org/keywords/sample","display_name":"Sample (material)","score":0.4250999987125397},{"id":"https://openalex.org/keywords/code","display_name":"Code (set theory)","score":0.4244000017642975}],"concepts":[{"id":"https://openalex.org/C41008148","wikidata":"https://www.wikidata.org/wiki/Q21198","display_name":"Computer science","level":0,"score":0.7875000238418579},{"id":"https://openalex.org/C2776214188","wikidata":"https://www.wikidata.org/wiki/Q408386","display_name":"Inference","level":2,"score":0.6592000126838684},{"id":"https://openalex.org/C57493831","wikidata":"https://www.wikidata.org/wiki/Q3134666","display_name":"Projection (relational algebra)","level":2,"score":0.6431000232696533},{"id":"https://openalex.org/C95713431","wikidata":"https://www.wikidata.org/wiki/Q631425","display_name":"Vulnerability (computing)","level":2,"score":0.545799970626831},{"id":"https://openalex.org/C38652104","wikidata":"https://www.wikidata.org/wiki/Q3510521","display_name":"Computer security","level":1,"score":0.5009999871253967},{"id":"https://openalex.org/C41608201","wikidata":"https://www.wikidata.org/wiki/Q980509","display_name":"Embedding","level":2,"score":0.4902999997138977},{"id":"https://openalex.org/C132964779","wikidata":"https://www.wikidata.org/wiki/Q2110223","display_name":"Raw data","level":2,"score":0.48750001192092896},{"id":"https://openalex.org/C124101348","wikidata":"https://www.wikidata.org/wiki/Q172491","display_name":"Data mining","level":1,"score":0.47929999232292175},{"id":"https://openalex.org/C32834561","wikidata":"https://www.wikidata.org/wiki/Q660730","display_name":"Subspace topology","level":2,"score":0.4700999855995178},{"id":"https://openalex.org/C2992525071","wikidata":"https://www.wikidata.org/wiki/Q50818671","display_name":"Federated learning","level":2,"score":0.4399000108242035},{"id":"https://openalex.org/C77618280","wikidata":"https://www.wikidata.org/wiki/Q1155772","display_name":"Scheme (mathematics)","level":2,"score":0.43380001187324524},{"id":"https://openalex.org/C198531522","wikidata":"https://www.wikidata.org/wiki/Q485146","display_name":"Sample (material)","level":2,"score":0.4250999987125397},{"id":"https://openalex.org/C2776760102","wikidata":"https://www.wikidata.org/wiki/Q5139990","display_name":"Code (set theory)","level":3,"score":0.4244000017642975},{"id":"https://openalex.org/C23130292","wikidata":"https://www.wikidata.org/wiki/Q5275358","display_name":"Differential privacy","level":2,"score":0.41609999537467957},{"id":"https://openalex.org/C155512373","wikidata":"https://www.wikidata.org/wiki/Q287450","display_name":"Residual","level":2,"score":0.40310001373291016},{"id":"https://openalex.org/C123201435","wikidata":"https://www.wikidata.org/wiki/Q456632","display_name":"Information privacy","level":2,"score":0.3614000082015991},{"id":"https://openalex.org/C117797892","wikidata":"https://www.wikidata.org/wiki/Q286363","display_name":"Shadow (psychology)","level":2,"score":0.3601999878883362},{"id":"https://openalex.org/C137822555","wikidata":"https://www.wikidata.org/wiki/Q2587068","display_name":"Information sensitivity","level":2,"score":0.35850000381469727},{"id":"https://openalex.org/C165696696","wikidata":"https://www.wikidata.org/wiki/Q11287","display_name":"Exploit","level":2,"score":0.35519999265670776},{"id":"https://openalex.org/C80444323","wikidata":"https://www.wikidata.org/wiki/Q2878974","display_name":"Theoretical computer science","level":1,"score":0.353300005197525},{"id":"https://openalex.org/C125411270","wikidata":"https://www.wikidata.org/wiki/Q18653","display_name":"Encoding (memory)","level":2,"score":0.3449000120162964},{"id":"https://openalex.org/C28719098","wikidata":"https://www.wikidata.org/wiki/Q44946","display_name":"Point (geometry)","level":2,"score":0.3431999981403351},{"id":"https://openalex.org/C67186912","wikidata":"https://www.wikidata.org/wiki/Q367664","display_name":"Data modeling","level":2,"score":0.3301999866962433},{"id":"https://openalex.org/C2779965156","wikidata":"https://www.wikidata.org/wiki/Q5227350","display_name":"Data sharing","level":3,"score":0.3249000012874603},{"id":"https://openalex.org/C2776945810","wikidata":"https://www.wikidata.org/wiki/Q17006654","display_name":"Data anonymization","level":3,"score":0.31459999084472656},{"id":"https://openalex.org/C154945302","wikidata":"https://www.wikidata.org/wiki/Q11660","display_name":"Artificial intelligence","level":1,"score":0.30970001220703125},{"id":"https://openalex.org/C93226319","wikidata":"https://www.wikidata.org/wiki/Q193137","display_name":"Differential (mechanical device)","level":2,"score":0.3075999915599823},{"id":"https://openalex.org/C113174947","wikidata":"https://www.wikidata.org/wiki/Q2859736","display_name":"Tree (set theory)","level":2,"score":0.3043999969959259},{"id":"https://openalex.org/C2777402240","wikidata":"https://www.wikidata.org/wiki/Q6783436","display_name":"Masking (illustration)","level":2,"score":0.30410000681877136},{"id":"https://openalex.org/C108801101","wikidata":"https://www.wikidata.org/wiki/Q15032","display_name":"Steganography","level":3,"score":0.30390000343322754},{"id":"https://openalex.org/C2778355321","wikidata":"https://www.wikidata.org/wiki/Q17079427","display_name":"Identity (music)","level":2,"score":0.2989000082015991},{"id":"https://openalex.org/C178489894","wikidata":"https://www.wikidata.org/wiki/Q8789","display_name":"Cryptography","level":2,"score":0.2856000065803528},{"id":"https://openalex.org/C23123220","wikidata":"https://www.wikidata.org/wiki/Q816826","display_name":"Information retrieval","level":1,"score":0.28130000829696655},{"id":"https://openalex.org/C5655090","wikidata":"https://www.wikidata.org/wiki/Q192588","display_name":"Relational database","level":2,"score":0.27300000190734863},{"id":"https://openalex.org/C119857082","wikidata":"https://www.wikidata.org/wiki/Q2539","display_name":"Machine learning","level":1,"score":0.26930001378059387},{"id":"https://openalex.org/C71745522","wikidata":"https://www.wikidata.org/wiki/Q2476929","display_name":"Confidentiality","level":2,"score":0.2667999863624573},{"id":"https://openalex.org/C41458344","wikidata":"https://www.wikidata.org/wiki/Q732577","display_name":"Publication","level":2,"score":0.2623000144958496},{"id":"https://openalex.org/C45235069","wikidata":"https://www.wikidata.org/wiki/Q278425","display_name":"Table (database)","level":2,"score":0.257099986076355},{"id":"https://openalex.org/C2522767166","wikidata":"https://www.wikidata.org/wiki/Q2374463","display_name":"Data science","level":1,"score":0.25600001215934753},{"id":"https://openalex.org/C10511746","wikidata":"https://www.wikidata.org/wiki/Q899388","display_name":"Data security","level":3,"score":0.25209999084472656}],"mesh":[],"locations_count":1,"locations":[{"id":"doi:10.48550/arxiv.2604.21197","is_oa":true,"landing_page_url":"https://doi.org/10.48550/arxiv.2604.21197","pdf_url":null,"source":{"id":"https://openalex.org/S4306400194","display_name":"arXiv (Cornell University)","issn_l":null,"issn":null,"is_oa":true,"is_in_doaj":false,"is_core":false,"host_organization":"https://openalex.org/I205783295","host_organization_name":"Cornell University","host_organization_lineage":["https://openalex.org/I205783295"],"host_organization_lineage_names":[],"type":"repository"},"license":"cc-by","license_id":"https://openalex.org/licenses/cc-by","version":null,"is_accepted":false,"is_published":null,"raw_source_name":null,"raw_type":"article"}],"best_oa_location":{"id":"doi:10.48550/arxiv.2604.21197","is_oa":true,"landing_page_url":"https://doi.org/10.48550/arxiv.2604.21197","pdf_url":null,"source":{"id":"https://openalex.org/S4306400194","display_name":"arXiv (Cornell University)","issn_l":null,"issn":null,"is_oa":true,"is_in_doaj":false,"is_core":false,"host_organization":"https://openalex.org/I205783295","host_organization_name":"Cornell University","host_organization_lineage":["https://openalex.org/I205783295"],"host_organization_lineage_names":[],"type":"repository"},"license":"cc-by","license_id":"https://openalex.org/licenses/cc-by","version":null,"is_accepted":false,"is_published":false,"raw_source_name":null,"raw_type":"article"},"sustainable_development_goals":[{"display_name":"Peace, Justice and strong institutions","score":0.4922409653663635,"id":"https://metadata.un.org/sdg/16"}],"awards":[],"funders":[],"has_content":{"pdf":false,"grobid_xml":false},"content_urls":null,"referenced_works_count":0,"referenced_works":[],"related_works":[],"abstract_inverted_index":{"Federated":[0],"Large":[1],"Language":[2],"Models":[3],"(FedLLMs)":[4],"enable":[5],"multiple":[6],"parties":[7],"to":[8,90,132],"collaboratively":[9],"fine-tune":[10],"LLMs":[11,119],"without":[12],"sharing":[13],"raw":[14],"data,":[15],"addressing":[16],"challenges":[17],"of":[18,158],"limited":[19],"resources":[20],"and":[21,49,81,97,111,117,134,153,164],"privacy":[22,141,149],"concerns.":[23],"Despite":[24],"data":[25,165],"localization,":[26],"shared":[27],"gradients":[28,96],"can":[29],"still":[30],"expose":[31],"sensitive":[32],"information":[33],"through":[34],"membership":[35],"inference":[36],"attacks":[37],"(MIAs).":[38],"However,":[39],"FedLLMs'":[40],"unique":[41],"properties,":[42],"i.e.":[43],"massive":[44],"parameter":[45],"scales,":[46],"rapid":[47],"convergence,":[48],"sparse,":[50],"non-orthogonal":[51],"gradients,":[52],"render":[53],"existing":[54],"MIAs":[55],"ineffective.":[56],"To":[57],"address":[58],"this":[59],"gap,":[60],"we":[61],"propose":[62],"ProjRes,":[63],"the":[64,87,92],"first":[65],"projection":[66,84],"residuals-based":[67],"passive":[68],"MIA":[69],"tailored":[70],"for":[71,155],"FedLLMs.":[72],"ProjRes":[73,122],"leverages":[74],"hidden":[75],"embedding":[76],"vectors":[77],"as":[78],"sample":[79],"representations":[80],"analyzes":[82],"their":[83,159],"residuals":[85],"on":[86,114],"gradient":[88],"subspace":[89],"uncover":[91],"intrinsic":[93],"link":[94],"between":[95],"inputs.":[98],"It":[99],"requires":[100],"no":[101],"shadow":[102],"models,":[103],"auxiliary":[104],"classifiers,":[105],"or":[106],"historical":[107],"updates,":[108],"ensuring":[109],"efficiency":[110],"robustness.":[112],"Experiments":[113],"four":[115,118],"benchmarks":[116],"show":[120],"that":[121],"achieves":[123],"near":[124],"100%":[125],"accuracy,":[126],"outperforming":[127],"prior":[128],"methods":[129],"by":[130],"up":[131],"75.75%,":[133],"remains":[135],"effective":[136],"even":[137],"under":[138],"strong":[139],"differential":[140],"defenses.":[142],"Our":[143,162],"findings":[144],"reveal":[145],"a":[146,156],"previously":[147],"overlooked":[148],"vulnerability":[150],"in":[151],"FedLLMs":[152],"call":[154],"re-examination":[157],"security":[160],"assumptions.":[161],"code":[163],"are":[166],"available":[167],"at":[168],"$\\href{https://anonymous.4open.science/r/Passive-MIA-5268}{link}$.":[169]},"counts_by_year":[],"updated_date":"2026-04-25T06:06:54.107920","created_date":"2026-04-25T00:00:00"}