defense 2025

SAFENLIDB: A Privacy-Preserving Safety Alignment Framework for LLM-based Natural Language Database Interfaces

Ruiheng Liu ^1,2, XiaoBing Chen ², Jinyu Zhang ², Qiongwen Zhang ², Yu Zhang ², Bailong Yang ¹

¹ Xi’an Research Institute of High-Tech

² Harbin Institute of Technology

0 citations · 51 references · arXiv

Published on arXiv

2511.06778

Sensitive Information Disclosure

OWASP LLM Top 10 — LLM06

Prompt Injection

OWASP LLM Top 10 — LLM01

Key Finding

SafeNlidb outperforms both larger-scale LLMs and ideal-setting baselines in blocking inference-based database exfiltration attacks while maintaining high SQL generation utility.

SafeNlidb

Novel technique introduced

The rapid advancement of Large Language Models (LLMs) has driven significant progress in Natural Language Interface to Database (NLIDB). However, the widespread adoption of LLMs has raised critical privacy and security concerns. During interactions, LLMs may unintentionally expose confidential database contents or be manipulated by attackers to exfiltrate data through seemingly benign queries. While current efforts typically rely on rule-based heuristics or LLM agents to mitigate this leakage risk, these methods still struggle with complex inference-based attacks, suffer from high false positive rates, and often compromise the reliability of SQL queries. To address these challenges, we propose \textsc{SafeNlidb}, a novel privacy-security alignment framework for LLM-based NLIDB. The framework features an automated pipeline that generates hybrid chain-of-thought interaction data from scratch, seamlessly combining implicit security reasoning with SQL generation. Additionally, we introduce reasoning warm-up and alternating preference optimization to overcome the multi-preference oscillations of Direct Preference Optimization (DPO), enabling LLMs to produce security-aware SQL through fine-grained reasoning without the need for human-annotated preference data. Extensive experiments demonstrate that our method outperforms both larger-scale LLMs and ideal-setting baselines, achieving significant security improvements while preserving high utility. WARNING: This work may contain content that is offensive and harmful!

Key Contributions

Security-Aware Data Synthesis pipeline that generates hybrid chain-of-thought interaction data combining implicit security reasoning with SQL generation, without human annotation
Alternating Preference Optimization (reasoning warm-up + alternating DPO) that stabilizes multi-preference optimization to balance security analysis and SQL generation capabilities
End-to-end framework defending against both direct and stealthy inference-based attacks in LLM-based NLIDB, outperforming larger-scale LLMs while preserving SQL utility

🛡️ Threat Analysis

Details

Domains

nlp

Model Types

llmtransformer

Threat Tags

inference_timeblack_box

Applications

natural language interface to database (nlidb)database privacy protectiontext-to-sql

Read PDF arXiv DOI Code

SAFENLIDB: A Privacy-Preserving Safety Alignment Framework for LLM-based Natural Language Database Interfaces

Key Contributions

🛡️ Threat Analysis

Details

Similar Papers

NeuroFilter: Privacy Guardrails for Conversational LLM Agents

Adaptive Backtracking for Privacy Protection in Large Language Models

DUET: Distilled LLM Unlearning from an Efficiently Contextualized Teacher

Activation-Space Anchored Access Control for Multi-Class Permission Reasoning in Large Language Models

LeakSealer: A Semisupervised Defense for LLMs Against Prompt Injection and Leakage Attacks

PSM: Prompt Sensitivity Minimization via LLM-Guided Black-Box Optimization

DRAGON: Guard LLM Unlearning in Context via Negative Detection and Reasoning

Sanitize Your Responses: Mitigating Privacy Leakage in Large Language Models