On the Security and Privacy Implications of Large Language Models: In-Depth Threat Analysis

Luis Ruhlander; Emilian Popp; Maria Stylidou; Sajjad Khan; Davor Svetinovic

doi:10.1109/iThings-GreenCom-CPSCom-SmartData-Cybermatics62450.2024.00102

On the Security and Privacy Implications of Large Language Models: In-Depth Threat Analysis

Luis Ruhlander, Emilian Popp, Maria Stylidou, Sajjad Khan, Davor Svetinovic

Computer Science

Vienna University of Economics and Business

Research output: Chapter in Book/Report/Conference proceeding › Conference contribution › peer-review

1 Scopus citations

Abstract

Large Language Models (LLMs) have gained popularity since the release of ChatGPT in 2022. These systems utilize Artificial Intelligence (AI) algorithms to analyze natural language, enabling users to have sophisticated real-time conversations with them. The existing literature on LLMs is mostly focused on system design and lacks dedicated research on investigating privacy and security issues. To safeguard the interests of various stakeholders, it is crucial to understand the associated security and privacy risks of these models. Our study utilized STRIDE and LINDDUN methodologies to investigate security and privacy threats of LLMs. We presented a detailed system model of LLMs and analyzed the potential threats, vulnerabilities, security considerations, and mitigation tactics intrinsic to the design and deployment of various system components. Our comprehensive threat assessment showcases potential threats imminent to the current generation of LLMs, such as unintentional data leakage or system misuse by malicious actors. Furthermore, our study discusses the importance of proactive security measures in LLM development, deployment, and maintenance.

Original language	British English
Title of host publication	Proceedings - IEEE Congress on Cybermatics
Subtitle of host publication	2024 IEEE International Conferences on Internet of Things, iThings 2024, IEEE Green Computing and Communications, GreenCom 2024, IEEE Cyber, Physical and Social Computing, CPSCom 2024, IEEE Smart Data, SmartData 2024
Publisher	Institute of Electrical and Electronics Engineers Inc.
Pages	543-550
Number of pages	8
ISBN (Electronic)	9798350351637
DOIs	https://doi.org/10.1109/iThings-GreenCom-CPSCom-SmartData-Cybermatics62450.2024.00102
State	Published - 2024
Event	IEEE Congress on Cybermatics: 17th IEEE International Conference on Internet of Things, iThings 2024, 20th IEEE International Conference on Green Computing and Communications, GreenCom 2024, 17th IEEE International Conference on Cyber, Physical and Social Computing, CPSCom 2024, 10th IEEE International Conference on Smart Data, SmartData 2024 - Copenhagen, Denmark Duration: 19 Aug 2024 → 22 Aug 2024

Publication series

Name	Proceedings - IEEE Congress on Cybermatics: 2024 IEEE International Conferences on Internet of Things, iThings 2024, IEEE Green Computing and Communications, GreenCom 2024, IEEE Cyber, Physical and Social Computing, CPSCom 2024, IEEE Smart Data, SmartData 2024

Conference

Conference	IEEE Congress on Cybermatics: 17th IEEE International Conference on Internet of Things, iThings 2024, 20th IEEE International Conference on Green Computing and Communications, GreenCom 2024, 17th IEEE International Conference on Cyber, Physical and Social Computing, CPSCom 2024, 10th IEEE International Conference on Smart Data, SmartData 2024
Country/Territory	Denmark
City	Copenhagen
Period	19/08/24 → 22/08/24

Keywords

Cybersecurity
Large Language Models (LLMs)
LINDDUN
Privacy
STRIDE
Threat Modeling

Access to Document

10.1109/iThings-GreenCom-CPSCom-SmartData-Cybermatics62450.2024.00102

Cite this

Ruhlander, L., Popp, E., Stylidou, M., Khan, S., & Svetinovic, D. (2024). On the Security and Privacy Implications of Large Language Models: In-Depth Threat Analysis. In Proceedings - IEEE Congress on Cybermatics: 2024 IEEE International Conferences on Internet of Things, iThings 2024, IEEE Green Computing and Communications, GreenCom 2024, IEEE Cyber, Physical and Social Computing, CPSCom 2024, IEEE Smart Data, SmartData 2024 (pp. 543-550). (Proceedings - IEEE Congress on Cybermatics: 2024 IEEE International Conferences on Internet of Things, iThings 2024, IEEE Green Computing and Communications, GreenCom 2024, IEEE Cyber, Physical and Social Computing, CPSCom 2024, IEEE Smart Data, SmartData 2024). Institute of Electrical and Electronics Engineers Inc.. https://doi.org/10.1109/iThings-GreenCom-CPSCom-SmartData-Cybermatics62450.2024.00102

Ruhlander, Luis ; Popp, Emilian ; Stylidou, Maria et al. / On the Security and Privacy Implications of Large Language Models : In-Depth Threat Analysis. Proceedings - IEEE Congress on Cybermatics: 2024 IEEE International Conferences on Internet of Things, iThings 2024, IEEE Green Computing and Communications, GreenCom 2024, IEEE Cyber, Physical and Social Computing, CPSCom 2024, IEEE Smart Data, SmartData 2024. Institute of Electrical and Electronics Engineers Inc., 2024. pp. 543-550 (Proceedings - IEEE Congress on Cybermatics: 2024 IEEE International Conferences on Internet of Things, iThings 2024, IEEE Green Computing and Communications, GreenCom 2024, IEEE Cyber, Physical and Social Computing, CPSCom 2024, IEEE Smart Data, SmartData 2024).

@inproceedings{9576eb17d309448582463d068cca9763,

title = "On the Security and Privacy Implications of Large Language Models: In-Depth Threat Analysis",

abstract = "Large Language Models (LLMs) have gained popularity since the release of ChatGPT in 2022. These systems utilize Artificial Intelligence (AI) algorithms to analyze natural language, enabling users to have sophisticated real-time conversations with them. The existing literature on LLMs is mostly focused on system design and lacks dedicated research on investigating privacy and security issues. To safeguard the interests of various stakeholders, it is crucial to understand the associated security and privacy risks of these models. Our study utilized STRIDE and LINDDUN methodologies to investigate security and privacy threats of LLMs. We presented a detailed system model of LLMs and analyzed the potential threats, vulnerabilities, security considerations, and mitigation tactics intrinsic to the design and deployment of various system components. Our comprehensive threat assessment showcases potential threats imminent to the current generation of LLMs, such as unintentional data leakage or system misuse by malicious actors. Furthermore, our study discusses the importance of proactive security measures in LLM development, deployment, and maintenance.",

keywords = "Cybersecurity, Large Language Models (LLMs), LINDDUN, Privacy, STRIDE, Threat Modeling",

author = "Luis Ruhlander and Emilian Popp and Maria Stylidou and Sajjad Khan and Davor Svetinovic",

note = "Publisher Copyright: {\textcopyright} 2024 IEEE.; IEEE Congress on Cybermatics: 17th IEEE International Conference on Internet of Things, iThings 2024, 20th IEEE International Conference on Green Computing and Communications, GreenCom 2024, 17th IEEE International Conference on Cyber, Physical and Social Computing, CPSCom 2024, 10th IEEE International Conference on Smart Data, SmartData 2024 ; Conference date: 19-08-2024 Through 22-08-2024",

year = "2024",

doi = "10.1109/iThings-GreenCom-CPSCom-SmartData-Cybermatics62450.2024.00102",

language = "British English",

series = "Proceedings - IEEE Congress on Cybermatics: 2024 IEEE International Conferences on Internet of Things, iThings 2024, IEEE Green Computing and Communications, GreenCom 2024, IEEE Cyber, Physical and Social Computing, CPSCom 2024, IEEE Smart Data, SmartData 2024",

publisher = "Institute of Electrical and Electronics Engineers Inc.",

pages = "543--550",

booktitle = "Proceedings - IEEE Congress on Cybermatics",

address = "United States",

}

Ruhlander, L, Popp, E, Stylidou, M, Khan, S & Svetinovic, D 2024, On the Security and Privacy Implications of Large Language Models: In-Depth Threat Analysis. in Proceedings - IEEE Congress on Cybermatics: 2024 IEEE International Conferences on Internet of Things, iThings 2024, IEEE Green Computing and Communications, GreenCom 2024, IEEE Cyber, Physical and Social Computing, CPSCom 2024, IEEE Smart Data, SmartData 2024. Proceedings - IEEE Congress on Cybermatics: 2024 IEEE International Conferences on Internet of Things, iThings 2024, IEEE Green Computing and Communications, GreenCom 2024, IEEE Cyber, Physical and Social Computing, CPSCom 2024, IEEE Smart Data, SmartData 2024, Institute of Electrical and Electronics Engineers Inc., pp. 543-550, IEEE Congress on Cybermatics: 17th IEEE International Conference on Internet of Things, iThings 2024, 20th IEEE International Conference on Green Computing and Communications, GreenCom 2024, 17th IEEE International Conference on Cyber, Physical and Social Computing, CPSCom 2024, 10th IEEE International Conference on Smart Data, SmartData 2024, Copenhagen, Denmark, 19/08/24. https://doi.org/10.1109/iThings-GreenCom-CPSCom-SmartData-Cybermatics62450.2024.00102

On the Security and Privacy Implications of Large Language Models: In-Depth Threat Analysis. / Ruhlander, Luis; Popp, Emilian; Stylidou, Maria et al.
Proceedings - IEEE Congress on Cybermatics: 2024 IEEE International Conferences on Internet of Things, iThings 2024, IEEE Green Computing and Communications, GreenCom 2024, IEEE Cyber, Physical and Social Computing, CPSCom 2024, IEEE Smart Data, SmartData 2024. Institute of Electrical and Electronics Engineers Inc., 2024. p. 543-550 (Proceedings - IEEE Congress on Cybermatics: 2024 IEEE International Conferences on Internet of Things, iThings 2024, IEEE Green Computing and Communications, GreenCom 2024, IEEE Cyber, Physical and Social Computing, CPSCom 2024, IEEE Smart Data, SmartData 2024).

Research output: Chapter in Book/Report/Conference proceeding › Conference contribution › peer-review

TY - GEN

T1 - On the Security and Privacy Implications of Large Language Models

T2 - IEEE Congress on Cybermatics: 17th IEEE International Conference on Internet of Things, iThings 2024, 20th IEEE International Conference on Green Computing and Communications, GreenCom 2024, 17th IEEE International Conference on Cyber, Physical and Social Computing, CPSCom 2024, 10th IEEE International Conference on Smart Data, SmartData 2024

AU - Ruhlander, Luis

AU - Popp, Emilian

AU - Stylidou, Maria

AU - Khan, Sajjad

AU - Svetinovic, Davor

PY - 2024

Y1 - 2024

N2 - Large Language Models (LLMs) have gained popularity since the release of ChatGPT in 2022. These systems utilize Artificial Intelligence (AI) algorithms to analyze natural language, enabling users to have sophisticated real-time conversations with them. The existing literature on LLMs is mostly focused on system design and lacks dedicated research on investigating privacy and security issues. To safeguard the interests of various stakeholders, it is crucial to understand the associated security and privacy risks of these models. Our study utilized STRIDE and LINDDUN methodologies to investigate security and privacy threats of LLMs. We presented a detailed system model of LLMs and analyzed the potential threats, vulnerabilities, security considerations, and mitigation tactics intrinsic to the design and deployment of various system components. Our comprehensive threat assessment showcases potential threats imminent to the current generation of LLMs, such as unintentional data leakage or system misuse by malicious actors. Furthermore, our study discusses the importance of proactive security measures in LLM development, deployment, and maintenance.

AB - Large Language Models (LLMs) have gained popularity since the release of ChatGPT in 2022. These systems utilize Artificial Intelligence (AI) algorithms to analyze natural language, enabling users to have sophisticated real-time conversations with them. The existing literature on LLMs is mostly focused on system design and lacks dedicated research on investigating privacy and security issues. To safeguard the interests of various stakeholders, it is crucial to understand the associated security and privacy risks of these models. Our study utilized STRIDE and LINDDUN methodologies to investigate security and privacy threats of LLMs. We presented a detailed system model of LLMs and analyzed the potential threats, vulnerabilities, security considerations, and mitigation tactics intrinsic to the design and deployment of various system components. Our comprehensive threat assessment showcases potential threats imminent to the current generation of LLMs, such as unintentional data leakage or system misuse by malicious actors. Furthermore, our study discusses the importance of proactive security measures in LLM development, deployment, and maintenance.

KW - Cybersecurity

KW - Large Language Models (LLMs)

KW - LINDDUN

KW - Privacy

KW - STRIDE

KW - Threat Modeling

UR - http://www.scopus.com/inward/record.url?scp=85210557459&partnerID=8YFLogxK

U2 - 10.1109/iThings-GreenCom-CPSCom-SmartData-Cybermatics62450.2024.00102

DO - 10.1109/iThings-GreenCom-CPSCom-SmartData-Cybermatics62450.2024.00102

M3 - Conference contribution

AN - SCOPUS:85210557459

T3 - Proceedings - IEEE Congress on Cybermatics: 2024 IEEE International Conferences on Internet of Things, iThings 2024, IEEE Green Computing and Communications, GreenCom 2024, IEEE Cyber, Physical and Social Computing, CPSCom 2024, IEEE Smart Data, SmartData 2024

SP - 543

EP - 550

BT - Proceedings - IEEE Congress on Cybermatics

PB - Institute of Electrical and Electronics Engineers Inc.

Y2 - 19 August 2024 through 22 August 2024

ER -

Ruhlander L, Popp E, Stylidou M, Khan S, Svetinovic D. On the Security and Privacy Implications of Large Language Models: In-Depth Threat Analysis. In Proceedings - IEEE Congress on Cybermatics: 2024 IEEE International Conferences on Internet of Things, iThings 2024, IEEE Green Computing and Communications, GreenCom 2024, IEEE Cyber, Physical and Social Computing, CPSCom 2024, IEEE Smart Data, SmartData 2024. Institute of Electrical and Electronics Engineers Inc. 2024. p. 543-550. (Proceedings - IEEE Congress on Cybermatics: 2024 IEEE International Conferences on Internet of Things, iThings 2024, IEEE Green Computing and Communications, GreenCom 2024, IEEE Cyber, Physical and Social Computing, CPSCom 2024, IEEE Smart Data, SmartData 2024). doi: 10.1109/iThings-GreenCom-CPSCom-SmartData-Cybermatics62450.2024.00102

On the Security and Privacy Implications of Large Language Models: In-Depth Threat Analysis

Abstract

Publication series

Conference

Keywords

Access to Document

Other files and links

Fingerprint

Cite this