@inproceedings{dai-etal-2025-stealing,
title = "Stealing Training Data from Large Language Models in Decentralized Training through Activation Inversion Attack",
author = "Dai, Chenxi and
Lu, Lin and
Zhou, Pan",
editor = "Che, Wanxiang and
Nabende, Joyce and
Shutova, Ekaterina and
Pilehvar, Mohammad Taher",
booktitle = "Proceedings of the 63rd Annual Meeting of the Association for Computational Linguistics (Volume 1: Long Papers)",
month = jul,
year = "2025",
address = "Vienna, Austria",
publisher = "Association for Computational Linguistics",
url = "https://preview.aclanthology.org/ingestion-acl-25/2025.acl-long.707/",
pages = "14539--14551",
ISBN = "979-8-89176-251-0",
abstract = "Decentralized training has become a resource-efficient framework to democratize the training of large language models (LLMs). However, the privacy risks associated with this framework, particularly due to the potential inclusion of sensitive data in training datasets, remain unexplored. This paper identifies a novel and realistic attack surface: the privacy leakage from training data in decentralized training, and proposes $\textit{activation inversion attack}$ (AIA) for the first time. AIA first constructs a shadow dataset comprising text labels and corresponding activations using public datasets. Leveraging this dataset, an attack model can be trained to reconstruct the training data from activations in victim decentralized training. We conduct extensive experiments on various LLMs and publicly available datasets to demonstrate the susceptibility of decentralized training to AIA. These findings highlight the urgent need to enhance security measures in decentralized training to mitigate privacy risks in training LLMs."
}
Markdown (Informal)
[Stealing Training Data from Large Language Models in Decentralized Training through Activation Inversion Attack](https://preview.aclanthology.org/ingestion-acl-25/2025.acl-long.707/) (Dai et al., ACL 2025)
ACL