Skip to content

taslanidis/GEIA

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

52 Commits
LLM_instruct_masking
LLM_instruct_masking
 
 
baseline
baseline
 
 
data
data
 
 
logs
logs
 
 
models
models
 
 
models_arr_feb
models_arr_feb
 
 
output
output
 
 
result_verification
result_verification
 
 
scripts
scripts
 
 
.gitignore
.gitignore
 
 
LICENSE
LICENSE
 
 
README.md
README.md
 
 
__init__.py
__init__.py
 
 
attacker.py
attacker.py
 
 
attacker_evaluation_gpt.py
attacker_evaluation_gpt.py
 
 
attacker_models.py
attacker_models.py
 
 
attacker_opt.py
attacker_opt.py
 
 
attacker_random_gpt2.py
attacker_random_gpt2.py
 
 
attacker_t5.py
attacker_t5.py
 
 
collect_metrics.ipynb
collect_metrics.ipynb
 
 
config.py
config.py
 
 
data_process.py
data_process.py
 
 
decode_beam_search.py
decode_beam_search.py
 
 
decode_beam_search_opt.py
decode_beam_search_opt.py
 
 
detect_training_leakage.py
detect_training_leakage.py
 
 
download_dataset.py
download_dataset.py
 
 
download_models.py
download_models.py
 
 
environment.yml
environment.yml
 
 
environment_detectGPT.yml
environment_detectGPT.yml
 
 
eval_classification.py
eval_classification.py
 
 
eval_generation.py
eval_generation.py
 
 
eval_ppl.py
eval_ppl.py
 
 
hypothesis_testing_extension.py
hypothesis_testing_extension.py
 
 
simcse_persona.py
simcse_persona.py
 
 
upload_files-HF.job
upload_files-HF.job
 
 
upload_files-HF.py
upload_files-HF.py
 
 

Repository files navigation

Information Leakage of Sentence Embeddings via GEIA (Gradient Embedding Inversion Attack) 🗒️Paper

Antonios Tragoudaras*   |   Theofanis Aslanidis*   |   Emmanouil Georgios Lionis*   |   Marina Orozco González*   |   Panagiotis Eustratiadis

*These authors contributed equally

SIGIR2025

Getting Started

1. Baseline Models

  1. Install environment:
sbatch scripts/jobs/install_env_locally.job
  1. Reproduce the baseline models (MLC & MSP):
bash scripts/bashscripts/launch_baseline_eval.sh

2. GEIA Attacker Implementation

  1. Use the same environment as the baseline models:

  2. Train and evaluate the attacker:

# Train the GEIA attacker
bash scripts/bashscripts/launch_geia_qnli_train_random_gpt_medium.sh

# Evaluate the attacker
bash scripts/bashscripts/launch_geia_qnli_eval_random_gpt_medium.sh

3. Training Data Leakage Extension - RQ: Do sentence embeddings leak sensitive information

from the training data?

  1. Set up LLM reasoner environment:
cd LLM_instruct_masking/
sbatch install_local_LLM_env.job
  1. Download LLM reasoner weights (e.g., GLM-4):
cd LLM_instruct_masking/
sbatch download_glm-4.job
  1. Produce the masks and alternative sentences with the LLM reasoner:
cd LLM_instruct_masking/
sbatch run_masking.job
  1. Calculate the log-probabilities of the masks and alternative sentences with the GEIA attacker:
# Step 1: Install extension environemt
sbatch scripts/jobs/install_env_extension.job
# Step 2: Calculate log-probabilities
# Calculating & stores the log-probs of the mask and alternative sentences with and without the sentence embeddinghs with differen vicitim models. This requires the GEIA gpt-2 attcker model to be trained on the Personachat dataset.
# Note: Requires GEIA GPT-2 attacker trained on Personachat dataset
sbatch scripts/jobs/detect_train_leakage.job

# Step 3: Perform statistical analysis
# Identifies the mean of the populatiuon and perfromas signifcance tests, based on the leakage log-probs stored in the `logs/` folder.
sbatch scripts/jobs/detect_dist_difference_leakage.job

4. Conversational Attack - RQ: In a conversational setting, can GEIA reconstruct

the input text that prompted an LLM, based on the LLM’s responses?

  1. Use the same environment as the baseline models:

  2. Train the sentence-encoder model:

# Step 1: Checkout to the settence_encoder folder
git checkout sentence_encoder
# Step 2: Train the sentence-encoder model
sbatch LLM_test_with_trained_sentence_embeddings.job
# Step 3: Evaluate the sentence-encoder model
sbatch LLM_test_with_trained_sentence_embeddings_eval.job
  1. Witout training:
# Step 1: Checkout to the settence_encoder folder
git checkout LLM-addition
# Step 2: Evaluate the sentence-encoder model
sbatch LLM_train.job
# Step 3: Evaluate the sentence-encoder model
sbatch LLM_eval.job

Project Structure

  • scripts/jobs/: Contains SLURM job scripts
  • scripts/bashscripts/: Contains bash execution scripts
  • LLM_instruct_masking/: Folder for masking and alternative sentences generation with LLM reasoners

About

SIGIR '25 - Information Leakage of Sentence Embeddings via GEIA (Gradient Embedding Inversion Attack)

arxiv.org/abs/2504.16609

Resources

Readme

License

MIT license
Activity

Stars

2 stars

Watchers

2 watching

Forks

0 forks
Report repository

Releases

No releases published

Packages

 
 
 

Contributors

Languages