Defending Chatbots from Black-Box Persona Inference Attacks

Social chatbots, also known as chit-chat chatbots, evolve rapidly with large pretrained language models. Despite the huge progress, privacy concerns have arisen recently: training data of large language models can be extracted via model inversion attacks. The invention proposed strategies can greatly reduce persona inference accuracy from 37.6% to 0.5% while maintaining language models’ powerful generation ability.

• Proposed persona inference attacks to extract private attributes from speakers'’ hidden states of chatbots.
• Combine two losses (KL and MI loss) to protect chatbots from revealing speakers’ private personas.

• Identify the threats of revealing personal information from chatbots.
• Propose effective defenses on the attribute inference attacks of chatbots.
• Achieve privacy-protection while doing no harm to the utility of chatbots.

• Chatbots on edge devices (smart phones)
• Personal assistants
• Customer service chatbots