Concept-Aware Privacy Mechanisms for Defending Embedding Inversion Attacks
Abstract
SPARSE is a user-centric framework that protects text embeddings from privacy leaks by selectively perturbing sensitive dimensions using differentiable masking and Mahalanobis noise calibration.
Text embeddings enable numerous NLP applications but face severe privacy risks from embedding inversion attacks, which can expose sensitive attributes or reconstruct raw text. Existing differential privacy defenses assume uniform sensitivity across embedding dimensions, leading to excessive noise and degraded utility. We propose SPARSE, a user-centric framework for concept-specific privacy protection in text embeddings. SPARSE combines (1) differentiable mask learning to identify privacy-sensitive dimensions for user-defined concepts, and (2) the Mahalanobis mechanism that applies elliptical noise calibrated by dimension sensitivity. Unlike traditional spherical noise injection, SPARSE selectively perturbs privacy-sensitive dimensions while preserving non-sensitive semantics. Evaluated across six datasets with three embedding models and attack scenarios, SPARSE consistently reduces privacy leakage while achieving superior downstream performance compared to state-of-the-art DP methods.
Community
This work proposes a concept-aware privacy mechanism (SPARSE) to defend against embedding inversion attacks, selectively perturbing concept-sensitive dimensions while preserving downstream utility.
Relevant to: embedding privacy, inversion attacks, representation learning, security & AI.
This is an automated message from the Librarian Bot. I found the following papers similar to this paper.
The following papers were recommended by the Semantic Scholar API
- Differential Privacy for Transformer Embeddings of Text with Nonparametric Variational Information Bottleneck (2026)
- DP-MGTD: Privacy-Preserving Machine-Generated Text Detection via Adaptive Differentially Private Entity Sanitization (2026)
- OSNIP: Breaking the Privacy-Utility-Efficiency Trilemma in LLM Inference via Obfuscated Semantic Null Space (2026)
- Efficient Privacy-Preserving Retrieval Augmented Generation with Distance-Preserving Encryption (2026)
- Zero2Text: Zero-Training Cross-Domain Inversion Attacks on Textual Embeddings (2026)
- CTIGuardian: A Few-Shot Framework for Mitigating Privacy Leakage in Fine-Tuned LLMs (2025)
- Local Layer-wise Differential Privacy in Federated Learning (2026)
Please give a thumbs up to this comment if you found it helpful!
If you want recommendations for any Paper on Hugging Face checkout this Space
You can directly ask Librarian Bot for paper recommendations by tagging it in a comment:
@librarian-bot
recommend
Models citing this paper 0
No model linking this paper
Datasets citing this paper 0
No dataset linking this paper
Spaces citing this paper 0
No Space linking this paper
Collections including this paper 0
No Collection including this paper