Transferable Embedding Inversion Attack: Uncovering Privacy Risks in Text Embeddings without Model Queries
About
This study investigates the privacy risks associated with text embeddings, focusing on the scenario where attackers cannot access the original embedding model. Contrary to previous research requiring direct model access, we explore a more realistic threat model by developing a transfer attack method. This approach uses a surrogate model to mimic the victim model's behavior, allowing the attacker to infer sensitive information from text embeddings without direct access. Our experiments across various embedding models and a clinical dataset demonstrate that our transfer attack significantly outperforms traditional methods, revealing the potential privacy vulnerabilities in embedding technologies and emphasizing the need for enhanced security measures.
Related benchmarks
| Task | Dataset | Result | Rank | |
|---|---|---|---|---|
| Text Reconstruction from Embeddings | MS Marco | BLEU-15.3 | 20 | |
| Text Reconstruction from Embeddings | Pubmed | BLEU-15.47 | 20 | |
| Embedding Inversion | QNLI (test) | ROUGE-L0.2226 | 12 | |
| Embedding Inversion | IMDB (test) | RougeL19.91 | 12 | |
| Embedding Inversion | AGNews (test) | RougeL12.71 | 12 | |
| Embedding Inversion | MIMIC-III v1.4 (test) | Age Accuracy0.9884 | 2 | |
| Text Reconstruction | QNLI out-of-domain (test) | RougeL18 | 2 | |
| Text Reconstruction | IMDB out-of-domain (test) | RougeL16.85 | 2 | |
| Text Reconstruction | AGNEWS out-of-domain (test) | RougeL0.0984 | 2 |