Go to DBLP homepagePRESS: Defending Privacy in Retrieval-Augmented Generation via Embedding Space Shifting
Abstract: Retrieval-augmented generation (RAG) expands the capabilities of large language models (LLMs) in various applications by integrating relevant information retrieved from external data sources. However, the RAG systems are exposed to substantial privacy risks during the information retrieval process, leading to potential data leakage of private information. In this work, we present a Privacy-preserving Retrieval-augmented generation via Embedding Space Shifting (PRESS), systematically exploring how to protect privacy in RAG systems. Specifically, we first conduct proximal policy optimization (PPO) based training on pre-trained language models to generate target training samples. Then we employ a purposive shift fine-tuning on the text embedding model with the generated samples for guiding the RAG system to map potential privacy leaking queries to safe target in embedding space. Extensive experimental results on representative models and datasets demonstrate that our protection method achieves high defense performance with high efficiency while keeping the normal functionality of the RAG system.
External IDs:dblp:conf/icassp/HeLHJL25
Loading