Please use this identifier to cite or link to this item:
http://tdr.lib.ntu.edu.tw/jspui/handle/123456789/93476| Title: | 有限查詢存取下的文本嵌入逆推攻擊 Transferable Embedding Inversion Attack: Uncovering Privacy Risks in Text Embeddings without Model Queries |
| Authors: | 黃昱翔 Yu-Hsiang Huang |
| Advisor: | 林守德 Shou-De Lin |
| Keyword: | 生成式嵌入逆推攻擊,文本嵌入,大型語言模型,代理模型,自然語言處理,深度學習, Generative Embedding Inversion Attack,Sentence Embedding,Large language model,Surrogate Model,Natural Language Processing,Deep Learning, |
| Publication Year : | 2024 |
| Degree: | 碩士 |
| Abstract: | 本研究調查了與文本嵌入相關的隱私風險,重點關注於攻擊者無法訪問原始嵌入模型的情境。我們的方法與過去需要直接訪問模型的研究不同,我們通過開發一種轉移攻擊方法,探索了更為現實的威脅模型。此方法使用一個代理模型來模仿目標嵌入模型的行為,使攻擊者在不需要直接訪問目標嵌入模型的情況下從文本嵌入中推斷出敏感信息。我們在各種嵌入模型和一個臨床數據集上的實驗表明,我們的轉移攻擊方法顯著優於傳統方法,揭示了嵌入技術潛在的隱私漏洞,並強調了加強安全措施的必要性。 This study investigates the privacy risks associated with text embeddings, focusing on the scenario where attackers cannot access the original embedding model. Contrary to previous research requiring direct model access, we explore a more realistic threat model by developing a transfer attack method. This approach uses a surrogate model to mimic the victim model’s behavior, allowing the attacker to infer sensitive information from text embeddings without direct access. Our experiments across various embedding models and a clinical dataset demonstrate that our transfer attack significantly outperforms traditional methods, revealing the potential privacy vulnerabilities in embedding technologies and emphasizing the need for enhanced security measures. |
| URI: | http://tdr.lib.ntu.edu.tw/jspui/handle/123456789/93476 |
| DOI: | 10.6342/NTU202402606 |
| Fulltext Rights: | 同意授權(全球公開) |
| Appears in Collections: | 資訊工程學系 |
Files in This Item:
| File | Size | Format | |
|---|---|---|---|
| ntu-112-2.pdf | 1.52 MB | Adobe PDF | View/Open |
Items in DSpace are protected by copyright, with all rights reserved, unless otherwise indicated.