Memorization in NLP Fine-tuning Methods

Fatemehsadat Mireshghallah; Archit Uniyal; Tianhao Wang; David Evans; Taylor Berg-Kirkpatrick

Memorization in NLP Fine-tuning Methods

Fatemehsadat Mireshghallah, Archit Uniyal, Tianhao Wang, David Evans, Taylor Berg-Kirkpatrick

26 May 2022 (modified: 22 Oct 2023)ICML 2022 Pre-training WorkshopReaders: Everyone

Keywords: Fine-tuning, Memorization, Privacy

TL;DR: This paper studies the memorization and privacy leakage of different fine-tuning methods.

Abstract: Large language models are shown to present privacy risks through memorization of training data, and several recent works have studied such risks for the pre-training phase. Little attention, however, has been given to the fine-tuning phase and it is not well understood how different fine-tuning methods (such as fine-tuning the full model, the model head, and adapter) compare in terms of memorization risk. This presents increasing concern as the ``pre-train and fine-tune'' paradigm proliferates. In this paper, we empirically study memorization of fine-tuning methods using membership inference and extraction attacks, and show that their susceptibility to attacks is very different. We observe that fine-tuning the head of the model has the highest susceptibility to attacks, whereas fine-tuning smaller adapters appears to be less vulnerable to known extraction attacks.

Community Implementations: [![CatalyzeX](/images/catalyzex_icon.svg) 1 code implementation](https://www.catalyzex.com/paper/arxiv:2205.12506/code)

0 Replies

Loading