Privacy Backdoors: Stealing Data with Corrupted Pretrained Models (Paper Explained)

Channel:
Switzerland Yannic Kilcher
Subscribers:
292,000
Published on ● Video Link: https://www.youtube.com/watch?v=WwbukAcMM4k


Duration: 0:00
18,361 views
470

#llm #privacy #finetuning

Can you tamper with a base model in such a way that it will exactly remember its fine-tuning data? This paper presents a method of doing exactly that, and implements it in modern transformers.

OUTLINE:
0:00 - Intro & Overview
10:50 -Core idea: single-use data traps
44:30 - Backdoors in transformer models
58:00 - Additional numerical tricks
1:00:35 - Experimental results & conclusion

Paper: https://arxiv.org/abs/2404.00473
Code: https://github.com/ShanglunFengatETHZ/PrivacyBackdoor

Abstract:
Practitioners commonly download pretrained machine learning models from open repositories and finetune them to fit specific applications. We show that this practice introduces a new risk of privacy backdoors. By tampering with a pretrained model's weights, an attacker can fully compromise the privacy of the finetuning data. We show how to build privacy backdoors for a variety of models, including transformers, which enable an attacker to reconstruct individual finetuning samples, with a guaranteed success! We further show that backdoored models allow for tight privacy attacks on models trained with differential privacy (DP). The common optimistic practice of training DP models with loose privacy guarantees is thus insecure if the model is not trusted. Overall, our work highlights a crucial and overlooked supply chain attack on machine learning privacy.

Authors: Shanglun Feng, Florian Tramèr

Links:
Homepage: https://ykilcher.com/
Merch:
YouTube:
Twitter: https://twitter.com/ykilcher
Discord: https://ykilcher.com/discord
LinkedIn: https://www.linkedin.com/in/ykilcher

If you want to support me, the best thing to do is to share out the content :)

If you want to support me financially (completely optional and voluntary, but a lot of people have asked for this):
SubscribeStar: https://www.subscribestar.com/yannickilcher
Patreon: https://www.patreon.com/yannickilcher
Bitcoin (BTC): bc1q49lsw3q325tr58ygf8sudx2dqfguclvngvy2cq
Ethereum (ETH): 0x7ad3513E3B8f66799f507Aa7874b1B0eBC7F85e2
Litecoin (LTC): LQW2TRyKYetVC8WjFkhpPhtpbDM4Vw7r9m
Monero (XMR): 4ACL8AGrEo5hAir8A9CeVrW8pEauWvnp1WnSDZxW7tziCDLhZAGsgzhRQABDnFy8yuM9fWJDviJPHKRjV4FWt19CJZN9D4n



Other Videos By Yannic Kilcher


2025-05-03On the Biology of a Large Language Model (Part 2)
2025-04-05On the Biology of a Large Language Model (Part 1)
2025-01-26[GRPO Explained] DeepSeekMath: Pushing the Limits of Mathematical Reasoning in Open Language Models
2024-12-26Traditional Holiday Live Stream
2024-12-24Byte Latent Transformer: Patches Scale Better Than Tokens (Paper Explained)
2024-12-10Safety Alignment Should be Made More Than Just a Few Tokens Deep (Paper Explained)
2024-11-23TokenFormer: Rethinking Transformer Scaling with Tokenized Model Parameters (Paper Explained)
2024-10-19GSM-Symbolic: Understanding the Limitations of Mathematical Reasoning in Large Language Models
2024-10-12Were RNNs All We Needed? (Paper Explained)
2024-10-05Scaling LLM Test-Time Compute Optimally can be More Effective than Scaling Model Parameters (Paper)
2024-08-04Privacy Backdoors: Stealing Data with Corrupted Pretrained Models (Paper Explained)
2024-07-08Scalable MatMul-free Language Modeling (Paper Explained)
2024-06-26Hallucination-Free? Assessing the Reliability of Leading AI Legal Research Tools (Paper Explained)
2024-06-01xLSTM: Extended Long Short-Term Memory
2024-05-21[ML News] OpenAI is in hot waters (GPT-4o, Ilya Leaving, Scarlett Johansson legal action)
2024-05-01ORPO: Monolithic Preference Optimization without Reference Model (Paper Explained)
2024-04-30[ML News] Chips, Robots, and Models
2024-04-28TransformerFAM: Feedback attention is working memory
2024-04-27[ML News] Devin exposed | NeurIPS track for high school students
2024-04-24Leave No Context Behind: Efficient Infinite Context Transformers with Infini-attention
2024-04-23[ML News] Llama 3 changes the game