Privacy preserving large language models: ChatGPT case study based vision and framework

被引：0

作者：

Ullah, Imdad ^{[1
]}

Hassan, Najm ^{[2
]}

Gill, Sukhpal Singh ^{[3
]}

Suleiman, Basem ^{[1
]}

Ahanger, Tariq Ahamed ^{[4
]}

Shah, Zawar ^{[5
]}

Qadir, Junaid ^{[6
]}

Kanhere, Salil S. ^{[7
]}

机构：

[1] School of Computer Science Faculty of Engineering, The University of Sydney, Sydney, NSW

[2] Higher Colleges of Technology, Abu Dhabi

[3] School of Electronic Engineering and Computer Science, Queen Mary University of London, London

[4] Management Information Systems Department, College of Business Administration, Prince Sattam bin Abdulaziz University, Al-Kharj

[5] Department of Information Technology, Sydney International School of Technology and Commerce, Sydney, NSW

[6] Department of Computer Science and Engineering, College of Engineering, Qatar University, Doha

[7] School of Computer Science and Engineering, The University of New South Wales (UNSW), Sydney

来源：

IET Blockchain | 2024年 / 4卷 / S1期

关键词：

artificial intelligence; blockchain applications and digital technology; blockchain platforms; blockchain standards; data protection; information security; models and analysis; security of data;

D O I：

10.1049/blc2.12091

中图分类号：

学科分类号：

摘要：

The generative Artificial Intelligence (AI) tools based on Large Language Models (LLMs) use billions of parameters to extensively analyse large datasets and extract critical information such as context, specific details, identifying information, use this information in the training process, and generate responses for the requested queries. The extracted data also contain sensitive information, seriously threatening user privacy and reluctance to use such tools. This article proposes the conceptual model called PrivChatGPT, a privacy-preserving model for LLMs consisting of two main components, that is, preserving user privacy during the data curation/pre-processing and preserving private context and the private training process for large-scale data. To demonstrate the applicability of PrivChatGPT, it is shown how a private mechanism could be integrated into the existing model for training LLMs to protect user privacy; specifically, differential privacy and private training using Reinforcement Learning (RL) were employed. The privacy level probabilities are associated with the document contents, including the private contextual information, and with metadata, which is used to evaluate the disclosure probability loss for an individual's private information. The privacy loss is measured and the measure of uncertainty or randomness is evaluated using entropy once differential privacy is applied. It recursively evaluates the level of privacy guarantees and the uncertainty of public databases and resources during each update when new information is added for training purposes. To critically evaluate the use of differential privacy for private LLMs, other mechanisms were hypothetically compared such as Blockchain, private information retrieval, randomisation, obfuscation, anonymisation, and the use of Tor for various performance measures such as the model performance and accuracy, computational complexity, privacy vs. utility, training latency, vulnerability to attacks, and resource consumption. It is concluded that differential privacy, randomisation, and obfuscation can impact the training models' utility and performance; conversely, using Tor, Blockchain, and Private Information Retrieval (PIR) may introduce additional computational complexity and high training latency. It is believed that the proposed model could be used as a benchmark for privacy-preserving LLMs for generative AI tools. © 2024 The Author(s). IET Blockchain published by John Wiley & Sons Ltd on behalf of The Institution of Engineering and Technology.

引用

页码：706 / 724

页数：18

共 115 条

[1] Chang T.A., Bergen B.K., Language model behavior: A comprehensive survey, (2023)
[2] Dev S., Sheng E., Zhao J., Amstutz A., Sun J., Hou Y., Sanseverino M., Kim J., Nishi A., Peng N., Et al., On measures of biases and harms in NLP, (2021)
[3] Ganguli D., Lovitt L., Kernion J., Askell A., Bai Y., Kadavath S., Mann B., Perez E., Schiefer N., Ndousse K., Et al., Red teaming language models to reduce harms: Methods, scaling behaviors, and lessons learned, (2022)
[4] Hassan S., Huenerfauth M., Alm C.O., Unpacking the interdependent systems of discrimination: Ableist bias in NLP systems through an intersectional lens, (2021)
[5] Ousidhoum N., Zhao X., Fang T., Song Y., Yeung D.-Y., Probing toxic content in large pre-trained language models, Proceedings of the 59th Annual Meeting of the Association for Computational Linguistics and the 11th International Joint Conference on Natural Language Processing (Volume 1: Long Papers), pp. 4262-4274, (2021)
[6] Nozza D., Bianchi F., Lauscher A., Hovy D., Et al., Measuring harmful sentence completion in language models for LGBTQIA+ individuals, Proceedings of the Second Workshop on Language Technology for Equality, Diversity and Inclusion, Association for Computational Linguistics, (2022)
[7] Gehman S., Gururangan S., Sap M., Choi Y., Smith N.A., RealToxicityPrompts: Evaluating neural toxic degeneration in language models, (2020)
[8] Vaswani A., Shazeer N., Parmar N., Uszkoreit J., Jones L., Gomez A.N., Kaiser L., Polosukhin I., Attention is all you need, Advances in Neural Information Processing Systems, 30, (2017)
[9] Brown T., Mann B., Ryder N., Subbiah M., Kaplan J.D., Dhariwal P., Neelakantan A., Shyam P., Sastry G., Askell A., Et al., Language models are few-shot learners, Advances in Neural Information Processing Systems, 33, pp. 1877-1901, (2020)
[10] Chowdhery A., Narang S., Devlin J., Bosma M., Mishra G., Roberts A., Barham P., Chung H.W., Sutton C., Gehrmann S., Et al., Palm: Scaling language modeling with pathways, (2022)

← 1 2 3 4 5 6 7 8 9 10 →