@inproceedings{choi-etal-2025-safeguarding,
    title = "Safeguarding Privacy of Retrieval Data against Membership Inference Attacks: Is This Query Too Close to Home?",
    author = "Choi, Yujin  and
      Park, Youngjoo  and
      Byun, Junyoung  and
      Lee, Jaewook  and
      Park, Jinseong",
    editor = "Christodoulopoulos, Christos  and
      Chakraborty, Tanmoy  and
      Rose, Carolyn  and
      Peng, Violet",
    booktitle = "Findings of the Association for Computational Linguistics: EMNLP 2025",
    month = nov,
    year = "2025",
    address = "Suzhou, China",
    publisher = "Association for Computational Linguistics",
    url = "https://preview.aclanthology.org/author-page-yu-wang-polytechnic/2025.findings-emnlp.438/",
    doi = "10.18653/v1/2025.findings-emnlp.438",
    pages = "8241--8258",
    ISBN = "979-8-89176-335-7",
    abstract = "Retrieval-augmented generation (RAG) mitigates the hallucination problem in large language models (LLMs) and has proven effective for personalized usages. However, delivering private retrieved documents directly to LLMs introduces vulnerability to membership inference attacks (MIAs), which try to determine whether the target data point exists in the private external database or not. Based on the insight that MIA queries typically exhibit high similarity to only one target document, we introduce a novel similarity-based MIA detection framework designed for the RAG system. With the proposed method, we show that a simple detect-and-hide strategy can successfully obfuscate attackers, maintain data utility, and remain system-agnostic against MIA. We experimentally prove its detection and defense against various state-of-the-art MIA methods and its adaptability to existing RAG systems."
}