SA-ADP: Sensitivity-Aware Adaptive Differential Privacy for Large Language Models

• URL: http://arxiv.org/abs/2512.01748v1
• Date: Mon, 01 Dec 2025 14:50:59 GMT
• Title: SA-ADP: Sensitivity-Aware Adaptive Differential Privacy for Large Language Models
• Authors: Stella Etuk, Ashraf Matrawy,
• Abstract summary: We propose SA-ADP, a sensitivity-aware approach that allocates noise based on the sensitivity of individual PII.<n>Our results show that SA-ADP results comparable to the baseline (No-DP) and the conventional DP-SGD.
• Score: 0.5156484100374058
• License: http://creativecommons.org/licenses/by/4.0/
• Abstract: Despite advances in the use of large language models (LLMs) in downstream tasks, their ability to memorize information has raised privacy concerns. Therefore, protecting personally identifiable information (PII) during LLM training remains a fundamental challenge. Conventional methods like Differential Privacy-Stochastic Gradient Descent (DP-SGD) provide robust privacy protection via uniform noising, protecting PII regardless of its distinct sensitivity. This comes at the expense of the model's utility, leading to a trade-off. In this paper, we propose SA-ADP, a sensitivity-aware approach that allocates noise based on the sensitivity of individual PII. We evaluated our method on four datasets (ABCD, CUSTOMERSIM, Wikitext-2, and UNSW-NB15 ). Our results show that SA-ADP achieves results comparable to the baseline (No-DP) and the conventional DP-SGD. This means that our method did not degrade the model's utility while still maintaining strong privacy protection.

Related papers

• Unintended Memorization of Sensitive Information in Fine-Tuned Language Models [24.228889351240838]
  Fine-tuning Large Language Models (LLMs) on sensitive datasets carries a substantial risk of unintended memorization and leakage of Personally Identifiable Information (PII)<n>We design controlled extraction probes to quantify unintended PII memorization and study how factors such as language, PII frequency, task type, and model size influence memorization behavior.
  arXiv  Detail & Related papers  (2026-01-24T15:08:45Z)
• FusionDP: Foundation Model-Assisted Differentially Private Learning for Partially Sensitive Features [17.945111987608865]
  In practical scenarios, privacy protection may be required for only a subset of features.<n>Traditional DP-SGD enforces privacy protection on all features in one sample, leading to excessive noise injection and significant utility degradation.<n>We propose FusionDP, a two-step framework that enhances model utility under feature-level differential privacy.
  arXiv  Detail & Related papers  (2025-11-05T19:13:10Z)
• Forget What's Sensitive, Remember What Matters: Token-Level Differential Privacy in Memory Sculpting for Continual Learning [26.034865955638864]
  We propose a privacy-enhanced continual learning framework that forgets what's sensitive and remembers what matters.<n>Our approach first introduces a token-level dynamic Differential Privacy strategy.<n>Second, we integrate a privacy-guided memory sculpting module.
  arXiv  Detail & Related papers  (2025-09-16T11:01:59Z)
• On the MIA Vulnerability Gap Between Private GANs and Diffusion Models [51.53790101362898]
  Generative Adversarial Networks (GANs) and diffusion models have emerged as leading approaches for high-quality image synthesis.<n>We present the first unified theoretical and empirical analysis of the privacy risks faced by differentially private generative models.
  arXiv  Detail & Related papers  (2025-09-03T14:18:22Z)
• Machine Learning with Privacy for Protected Attributes [56.44253915927481]
  We refine the definition of differential privacy (DP) to create a more general and flexible framework that we call feature differential privacy (FDP)<n>Our definition is simulation-based and allows for both addition/removal and replacement variants of privacy, and can handle arbitrary separation of protected and non-protected features.<n>We apply our framework to various machine learning tasks and show that it can significantly improve the utility of DP-trained models when public features are available.
  arXiv  Detail & Related papers  (2025-06-24T17:53:28Z)
• Can Differentially Private Fine-tuning LLMs Protect Against Privacy Attacks? [8.189149471520542]
  Fine-tuning large language models (LLMs) has become an essential strategy for adapting them to specialized tasks.<n>Although differential privacy (DP) offers strong theoretical guarantees against such leakage, its empirical privacy effectiveness on LLMs remains unclear.<n>This paper systematically investigates the impact of DP across fine-tuning methods and privacy budgets.
  arXiv  Detail & Related papers  (2025-04-28T05:34:53Z)
• Differentially Private 2D Human Pose Estimation [6.982542225631412]
  We present the first comprehensive framework for differentially private 2D human pose estimation (2D-HPE)<n>To effectively balance privacy performance, we adopt Projected DP-SGD, which projects the noisy gradients to a low-dimensional subspace.<n>Next, we incorporate Feature Differential Privacy(FDP) to selectively privatize only sensitive features while retaining public visual cues.
  arXiv  Detail & Related papers  (2025-04-14T12:50:37Z)
• Activity Recognition on Avatar-Anonymized Datasets with Masked Differential Privacy [64.32494202656801]
  Privacy-preserving computer vision is an important emerging problem in machine learning and artificial intelligence.<n>We present anonymization pipeline that replaces sensitive human subjects in video datasets with synthetic avatars within context.<n>We also proposeMaskDP to protect non-anonymized but privacy sensitive background information.
  arXiv  Detail & Related papers  (2024-10-22T15:22:53Z)
• Mind the Privacy Unit! User-Level Differential Privacy for Language Model Fine-Tuning [62.224804688233]
  differential privacy (DP) offers a promising solution by ensuring models are 'almost indistinguishable' with or without any particular privacy unit. We study user-level DP motivated by applications where it necessary to ensure uniform privacy protection across users.
  arXiv  Detail & Related papers  (2024-06-20T13:54:32Z)
• Privacy Constrained Fairness Estimation for Decision Trees [2.9906966931843093]
  Measuring the fairness of any AI model requires the sensitive attributes of the individuals in the dataset. We propose a novel method, dubbed Privacy-Aware Fairness Estimation of Rules (PAFER) We show that using the Laplacian mechanism, the method is able to estimate SP with low error while guaranteeing the privacy of the individuals in the dataset with high certainty.
  arXiv  Detail & Related papers  (2023-12-13T14:54:48Z)
• Just Fine-tune Twice: Selective Differential Privacy for Large Language Models [69.66654761324702]
  We propose a simple yet effective just-fine-tune-twice privacy mechanism to achieve SDP for large Transformer-based language models. Experiments show that our models achieve strong performance while staying robust to the canary insertion attack.
  arXiv  Detail & Related papers  (2022-04-15T22:36:55Z)
• Private Reinforcement Learning with PAC and Regret Guarantees [69.4202374491817]
  We design privacy preserving exploration policies for episodic reinforcement learning (RL) We first provide a meaningful privacy formulation using the notion of joint differential privacy (JDP) We then develop a private optimism-based learning algorithm that simultaneously achieves strong PAC and regret bounds, and enjoys a JDP guarantee.
  arXiv  Detail & Related papers  (2020-09-18T20:18:35Z)

This list is automatically generated from the titles and abstracts of the papers in this site.

This site does not guarantee the quality of this site (including all information) and is not responsible for any consequences.