Summary of Privacy-preserving Fine-tuning Of Large Language Models Through Flatness, by Tiejin Chen et al.
Privacy-preserving Fine-tuning of Large Language Models through Flatness
by Tiejin Chen, Longchao Da, Huixue Zhou, Pingzhi Li, Kaixiong Zhou, Tianlong Chen, Hua Wei
First submitted to arxiv on: 7 Mar 2024
Categories
- Main: Artificial Intelligence (cs.AI)
- Secondary: None
GrooveSquid.com Paper Summaries
GrooveSquid.com’s goal is to make artificial intelligence research accessible by summarizing AI papers in simpler terms. Each summary below covers the same AI paper, written at different levels of difficulty. The medium difficulty and low difficulty versions are original summaries written by GrooveSquid.com, while the high difficulty version is the paper’s original abstract. Feel free to learn from the version that suits you best!
| Summary difficulty | Written by | Summary |
|---|---|---|
| High | Paper authors | High Difficulty Summary Read the original abstract here |
| Medium | GrooveSquid.com (original content) | Medium Difficulty Summary Recent advancements in Large Language Models (LLMs) have raised concerns about their privacy implications, particularly with the emergence of models like ChatGPT. To address these issues, researchers have explored Differential Privacy (DP) techniques to mitigate privacy risks at the cost of generalization degradation. Our paper reveals that the flatness of DP-trained models’ loss landscape plays a crucial role in the trade-off between privacy and generalization. We propose a holistic framework to enforce weight flatness, which improves model generalization while preserving competitive privacy. This framework innovates from three levels: perturbation-aware min-max optimization within layers, flatness-guided sparse prefix-tuning across layers, and weight knowledge distillation between DP and non-DP weights copies. Comprehensive experiments in both black-box and white-box scenarios demonstrate the effectiveness of our proposal in enhancing generalization and maintaining DP characteristics. |
| Low | GrooveSquid.com (original content) | Low Difficulty Summary This paper is about making sure that language models are private and don’t leak personal information, while still being useful for tasks like text classification. It’s a problem because these models can learn to predict sensitive information about people just by looking at the words they use. The authors found that one way to make these models more private is to make the “loss landscape” of their training process flatter. This helps them be more accurate and generalizable, while still keeping personal info safe. They also proposed a new framework for doing this, which combines three different techniques to achieve better results. |
Keywords
» Artificial intelligence » Generalization » Knowledge distillation » Optimization » Text classification
