CTIGuardian: A Few-Shot Framework for Mitigating Privacy Leakage in Fine-Tuned LLMs

TL;DR

This paper introduces CTIGuardian, a few-shot privacy alignment framework that mitigates information leakage in fine-tuned LLMs, balancing privacy protection with utility, demonstrated in cyber threat intelligence tasks.

Contribution

The paper proposes a novel privacy alignment approach using few-shot supervision with LLMs to prevent sensitive data leakage in fine-tuned models, avoiding costly retraining.

Findings

CTIGuardian outperforms NER baselines in privacy-utility trade-offs.

Effective privacy mitigation demonstrated on CTI use case.

Framework is adaptable to other sensitive domains.

Abstract

Large Language Models (LLMs) are often fine-tuned to adapt their general-purpose knowledge to specific tasks and domains such as cyber threat intelligence (CTI). Fine-tuning is mostly done through proprietary datasets that may contain sensitive information. Owners expect their fine-tuned model to not inadvertently leak this information to potentially adversarial end users. Using CTI as a use case, we demonstrate that data-extraction attacks can recover sensitive information from fine-tuned models on CTI reports, underscoring the need for mitigation. Retraining the full model to eliminate this leakage is computationally expensive and impractical. We propose an alternative approach, which we call privacy alignment, inspired by safety alignment in LLMs. Just like safety alignment teaches the model to abide by safety constraints through a few examples, we enforce privacy alignment through few-shot supervision, integrating a privacy classifier and a privacy redactor, both handled by the same underlying LLM. We evaluate our system, called CTIGuardian, using GPT-4o mini and Mistral-7B Instruct models, benchmarking against Presidio, a named entity recognition (NER) baseline. Results show that CTIGuardian provides a better privacy-utility trade-off than NER based models. While we demonstrate its effectiveness on a CTI use case, the framework is generic enough to be applicable to other sensitive domains.