attack arXiv Sep 8, 2025 · Sep 2025
Yuntao Du, Yuetian Chen, Hanshen Xiao et al. · Purdue University · NVIDIA Research
New membership inference attack using imitative models cuts compute to 5% of SOTA while outperforming shadow-model attacks
Membership Inference Attack vision
A Membership Inference Attack (MIA) assesses how much a target machine learning model reveals about its training data by determining whether specific query instances were part of the training set. State-of-the-art MIAs rely on training hundreds of shadow models that are independent of the target model, leading to significant computational overhead. In this paper, we introduce Imitative Membership Inference Attack (IMIA), which employs a novel imitative training technique to strategically construct a small number of target-informed imitative models that closely replicate the target model's behavior for inference. Extensive experimental results demonstrate that IMIA substantially outperforms existing MIAs in various attack settings while only requiring less than 5% of the computational cost of state-of-the-art approaches.
cnn transformer Purdue University · NVIDIA Research
survey arXiv Sep 16, 2025 · Sep 2025
Yuntao Du, Zitao Li, Ninghui Li et al. · Purdue University · Alibaba
Surveys deployment-phase privacy attack risks for LLMs beyond training data: exfiltration, attribute inference, and agentic weaponization
Sensitive Information Disclosure Excessive Agency nlp
Large Language Models (LLMs) have achieved remarkable progress in natural language understanding, reasoning, and autonomous decision-making. However, these advancements have also come with significant privacy concerns. While significant research has focused on mitigating the data privacy risks of LLMs during various stages of model training, less attention has been paid to new threats emerging from their deployment. The integration of LLMs into widely used applications and the weaponization of their autonomous abilities have created new privacy vulnerabilities. These vulnerabilities provide opportunities for both inadvertent data leakage and malicious exfiltration from LLM-powered systems. Additionally, adversaries can exploit these systems to launch sophisticated, large-scale privacy attacks, threatening not only individual privacy but also financial security and societal trust. In this paper, we systematically examine these emerging privacy risks of LLMs. We also discuss potential mitigation strategies and call for the research community to broaden its focus beyond data privacy risks, developing new defenses to address the evolving threats posed by increasingly powerful LLMs and LLM-powered systems.
llm Purdue University · Alibaba
ML Security Papers