Membership Inference Attacks on LLM-based Recommender Systems
| dc.contributor.author | He, Jiajie | |
| dc.contributor.author | Chen, Min-Chun | |
| dc.contributor.author | Chen, Xintong | |
| dc.contributor.author | Fang, Xinyang | |
| dc.contributor.author | Gu, Yuechun | |
| dc.contributor.author | Chen, Keke | |
| dc.date.accessioned | 2026-02-12T16:44:24Z | |
| dc.date.issued | 2026-01-22 | |
| dc.description | 64th Annual Meeting of the Association for Computational Linguistics (ACL 2026), San Diego, California, July 2 - 7, 2026 | |
| dc.description.abstract | Large language models (LLMs) based recommender systems (RecSys) can adapt flexibly across different domains. It uses in-context learning (ICL), i.e., prompts, including sensitive historical user-specific item interactions, to customize the recommendation functions. However, no study has examined whether such private information may be exposed by novel privacy attacks. We design several membership inference attacks (MIAs): Similarity, Memorization, Inquiry, and Poisoning attacks, aiming to reveal whether system prompts include victims’ historical interactions. We have carefully evaluated them on the latest open-source LLMs and three well-known RecSys datasets. The results confirm that the MIA threat to LLM RecSys is realistic, and that existing promptbased defense methods may be insufficient to protect against these attacks. | |
| dc.description.uri | https://arxiv.org/abs/2508.18665 | |
| dc.format.extent | 16 pages | |
| dc.genre | conference papers and proceedings | |
| dc.genre | preprints | |
| dc.identifier | doi:10.13016/m2398j-xiak | |
| dc.identifier.uri | https://doi.org/10.48550/arXiv.2508.18665 | |
| dc.identifier.uri | http://hdl.handle.net/11603/41898 | |
| dc.language.iso | en | |
| dc.relation.isAvailableAt | The University of Maryland, Baltimore County (UMBC) | |
| dc.relation.ispartof | UMBC Computer Science and Electrical Engineering Department | |
| dc.relation.ispartof | UMBC Faculty Collection | |
| dc.relation.ispartof | UMBC Student Collection | |
| dc.rights | This item is likely protected under Title 17 of the U.S. Copyright Law. Unless on a Creative Commons license, for uses protected by Copyright Law, contact the copyright holder or the author | |
| dc.subject | UMBC Cyber Defense Lab (CDL) | |
| dc.title | Membership Inference Attacks on LLM-based Recommender Systems | |
| dc.type | Text | |
| dcterms.creator | https://orcid.org/0009-0009-7956-8355 | |
| dcterms.creator | https://orcid.org/0009-0006-4945-7310 | |
| dcterms.creator | https://orcid.org/0000-0002-9996-156X | |
| dcterms.creator | https://orcid.org/0009-0002-8274-2827 |
Files
Original bundle
1 - 1 of 1