Large Language Models (LLMs) are gaining increasing attention due to their exceptional performance across numerous tasks. As a result, the general public utilize them as an influential tool for boosting their productivity while natural language processing researchers endeavor to employ them in solving existing or new research problems. Unfortunately, individuals can only access such powerful AIs through APIs, which ultimately leads to the transmission of raw data to the models' providers and increases the possibility of privacy data leakage. Current privacy-preserving methods for cloud-deployed language models aim to protect privacy information in the pre-training dataset or during the model training phase. However, they do not meet the specific challenges presented by the remote access approach of new large-scale language models. This paper introduces a novel task, "User Privacy Protection for Dialogue Models," which aims to safeguard sensitive user information from any possible disclosure while conversing with chatbots. We also present an evaluation scheme for this task, which covers evaluation metrics for privacy protection, data availability, and resistance to simulation attacks. Moreover, we propose the first framework for this task, namely privacy protection through text sanitization. Before sending the input to remote large models, it filters out the sensitive information, using several rounds of text sanitization based on privacy types that users define. Upon receiving responses from the larger model, our framework automatically restores privacy to ensure that the conversation goes smoothly, without intervention from the privacy filter. Experiments based on real-world datasets demonstrate the efficacy of our privacy-preserving approach against eavesdropping from potential attackers.

翻译：大型语言模型（LLMs）因其在众多任务中的卓越表现而日益受到关注。因此，普通公众将其视为提升生产力的有力工具，而自然语言处理研究者则致力于利用它们解决现有或新的研究问题。然而，用户仅能通过API访问此类强大的人工智能，这不可避免地导致原始数据传输至模型提供商，从而增加了隐私数据泄露的风险。当前针对云端部署语言模型的隐私保护方法主要致力于保护预训练数据集或模型训练阶段中的隐私信息。然而，这些方法无法应对新型大规模语言模型远程访问方式所带来的特定挑战。本文提出了一项新任务——“对话模型的用户隐私保护”，旨在保护用户在与聊天机器人对话时敏感信息不被泄露。我们还为此任务设计了评估方案，涵盖隐私保护、数据可用性及抗模拟攻击能力的评估指标。此外，我们提出了该任务的首个框架，即通过文本净化实现隐私保护。在将输入数据发送至远程大型模型之前，该框架根据用户定义的隐私类型，通过多轮文本净化过滤敏感信息。当接收到大型模型的响应后，框架自动恢复隐私内容，确保对话在无需隐私过滤器干预的情况下顺畅进行。基于真实数据集的实验表明，我们的隐私保护方法能够有效抵御潜在攻击者的窃听。