{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2026,4,15]],"date-time":"2026-04-15T20:47:18Z","timestamp":1776286038277,"version":"3.50.1"},"reference-count":128,"publisher":"Springer Science and Business Media LLC","issue":"1","license":[{"start":{"date-parts":[[2025,12,25]],"date-time":"2025-12-25T00:00:00Z","timestamp":1766620800000},"content-version":"tdm","delay-in-days":0,"URL":"https:\/\/www.springernature.com\/gp\/researchers\/text-and-data-mining"},{"start":{"date-parts":[[2025,12,25]],"date-time":"2025-12-25T00:00:00Z","timestamp":1766620800000},"content-version":"vor","delay-in-days":0,"URL":"https:\/\/www.springernature.com\/gp\/researchers\/text-and-data-mining"}],"content-domain":{"domain":["link.springer.com"],"crossmark-restriction":false},"short-container-title":["J Supercomput"],"DOI":"10.1007\/s11227-025-08146-1","type":"journal-article","created":{"date-parts":[[2025,12,25]],"date-time":"2025-12-25T15:36:29Z","timestamp":1766676989000},"update-policy":"https:\/\/doi.org\/10.1007\/springer_crossmark_policy","source":"Crossref","is-referenced-by-count":1,"title":["A survey on privacy issues and mitigation strategies for LLMs in healthcare"],"prefix":"10.1007","volume":"82","author":[{"given":"Khalid A.","family":"Alissa","sequence":"first","affiliation":[],"role":[{"role":"author","vocabulary":"crossref"}]}],"member":"297","published-online":{"date-parts":[[2025,12,25]]},"reference":[{"key":"8146_CR1","doi-asserted-by":"crossref","unstructured":"Chen Y, Wang J, Yu C, Gao W, Qin X (2019) Fedhealth: a federated transfer learning framework for wearable healthcare. arXiv preprint arXiv:1907.09173","DOI":"10.1109\/MIS.2020.2988604"},{"key":"8146_CR2","doi-asserted-by":"publisher","first-page":"59505","DOI":"10.2196\/59505","volume":"26","author":"R AlSaad","year":"2025","unstructured":"AlSaad R, Abd-alrazaq A, Boughorbel S, Ahmed A, Renault M, Damseh R, Sheikh J (2025) Multimodal large language models in health care: applications, challenges, and future outlook. J Med Internet Res 26:59505. https:\/\/doi.org\/10.2196\/59505","journal-title":"J Med Internet Res"},{"key":"8146_CR3","doi-asserted-by":"crossref","unstructured":"Das S, Mishra S (2024) Advances in differential privacy and differentially private machine learning. arXiv preprint arXiv:2404.04706","DOI":"10.1007\/978-981-97-0407-1_7"},{"issue":"12","key":"8146_CR4","doi-asserted-by":"publisher","first-page":"2333","DOI":"10.3390\/electronics13122333","volume":"13","author":"P Thantharate","year":"2024","unstructured":"Thantharate P, Bhojwani S, Thantharate A (2024) Dpshield: optimizing differential privacy for high-utility data analysis in sensitive domains. Electronics 13(12):2333","journal-title":"Electronics"},{"key":"8146_CR5","unstructured":"Tong M et al. (2023) Inferdpt: privacy-preserving inference for black-box large language models. arXiv preprint"},{"key":"8146_CR6","doi-asserted-by":"publisher","first-page":"52865","DOI":"10.2196\/52865","volume":"25","author":"B Mesk\u00f3","year":"2023","unstructured":"Mesk\u00f3 B (2023) The impact of multimodal large language models on health care\u2019s future. J Med Internet Res 25:52865","journal-title":"J Med Internet Res"},{"key":"8146_CR7","doi-asserted-by":"crossref","unstructured":"Zeng J, Li H, Chen Y (2024) Privacyrestore: Privacy-preserving inference in large language models via privacy removal and restoration. arXiv preprint arXiv:2406.01394","DOI":"10.18653\/v1\/2025.acl-long.532"},{"issue":"20","key":"8146_CR8","doi-asserted-by":"publisher","first-page":"1853","DOI":"10.1049\/cmu2.12722","volume":"18","author":"N Tavangaran","year":"2024","unstructured":"Tavangaran N et al (2024) On differential privacy for federated learning in wireless systems with multiple base stations. IET Commun 18(20):1853\u20131867","journal-title":"IET Commun"},{"key":"8146_CR9","doi-asserted-by":"publisher","unstructured":"Kurita K, Michel P, Neubig G (2020) Weight poisoning attacks on pretrained models. In: Proc 58th Annual Meeting of the Association Computational Linguist, pp 2793\u20132806. https:\/\/doi.org\/10.18653\/v1\/2020.acl-main.249","DOI":"10.18653\/v1\/2020.acl-main.249"},{"key":"8146_CR10","doi-asserted-by":"publisher","unstructured":"Hong J, Tu Q, Chen C, Gao X, Zhang J, Yan R (2024) Cyclealign: iterative distillation from black-box llm to white-box models for better human alignment. In: Findings of the Association for Computational Linguistics: ACL 2024, Bangkok, Thailand, pp 14596\u201314609. https:\/\/doi.org\/10.18653\/v1\/2024.findings-acl.869","DOI":"10.18653\/v1\/2024.findings-acl.869"},{"key":"8146_CR11","doi-asserted-by":"publisher","first-page":"30604","DOI":"10.1109\/ACCESS.2024.3369586","volume":"12","author":"M Abdalkareem","year":"2024","unstructured":"Abdalkareem M, Min-Allah N (2024) Explainable models for predicting academic pathways for high school students in Saudi Arabia. IEEE Access 12:30604\u201330626","journal-title":"IEEE Access"},{"key":"8146_CR12","doi-asserted-by":"publisher","first-page":"22724","DOI":"10.1109\/ACCESS.2017.2760801","volume":"5","author":"MB Qureshi","year":"2017","unstructured":"Qureshi MB, Alqahtani MA, Min-Allah N (2017) Grid resource allocation for real-time data-intensive tasks. IEEE Access 5:22724\u201322734","journal-title":"IEEE Access"},{"issue":"3","key":"8146_CR13","doi-asserted-by":"publisher","first-page":"502","DOI":"10.1007\/s11227-011-0611-7","volume":"61","author":"SU Khan","year":"2012","unstructured":"Khan SU, Min-Allah N (2012) A goal programming based energy efficient resource allocation in data centers. J Supercomput 61(3):502\u2013519","journal-title":"J Supercomput"},{"issue":"8","key":"8146_CR14","doi-asserted-by":"publisher","first-page":"155014772093275","DOI":"10.1177\/1550147720932750","volume":"16","author":"MS Qureshi","year":"2020","unstructured":"Qureshi MS, Qureshi MB, Fayaz M et al (2020) A comparative analysis of resource allocation schemes for real-time services in high-performance computing systems. Int J Distrib Sens Netw 16(8):1550147720932750. https:\/\/doi.org\/10.1177\/1550147720932750","journal-title":"Int J Distrib Sens Netw"},{"issue":"3","key":"8146_CR15","doi-asserted-by":"publisher","first-page":"1419","DOI":"10.1007\/s11227-011-0554-z","volume":"59","author":"N Min-Allah","year":"2012","unstructured":"Min-Allah N, Khan SU, Ghani N, Li J, Wang L, Bouvry P (2012) A comparative study of rate monotonic schedulability tests. J Supercomput 59(3):1419\u20131430","journal-title":"J Supercomput"},{"key":"8146_CR16","volume-title":"Deep Learning","author":"I Goodfellow","year":"2016","unstructured":"Goodfellow I, Bengio Y, Courville A (2016) Deep Learning. MIT Press, Cambridge"},{"key":"8146_CR17","doi-asserted-by":"publisher","DOI":"10.1016\/j.imu.2025.101656","volume":"56","author":"TB Zannah","year":"2025","unstructured":"Zannah TB, Tonni SI, Sheakh MA, Tahosin MS, Sarower AH, Begum M (2025) Comparative performance analysis of ensemble learning methods for fetal health classification. Inform Med Unlocked 56:101656. https:\/\/doi.org\/10.1016\/j.imu.2025.101656","journal-title":"Inform Med Unlocked"},{"key":"8146_CR18","unstructured":"Carlini C et\u00a0al. (2021) Extracting training data from large language models. In: 30th USENIX Security Symposium (USENIX Security 21), pp 2633\u20132650"},{"key":"8146_CR19","unstructured":"Kandpal N, Wallace E, Raffel C (2022) Deduplicating training data mitigates privacy risks in language models. In: Proceedings of the 39th International Conference on Machine Learning (ICML), pp 10697\u201310707"},{"key":"8146_CR20","doi-asserted-by":"crossref","unstructured":"Frikha F, Backes S, Zhang Y (2025) Privacyscalpel: Enhancing llm privacy via interpretable feature intervention with sparse autoencoders. arXiv preprint arXiv:2503.11232","DOI":"10.18653\/v1\/2025.blackboxnlp-1.13"},{"issue":"6","key":"8146_CR21","doi-asserted-by":"publisher","first-page":"1101","DOI":"10.1016\/j.compeleceng.2010.04.003","volume":"36","author":"N Min-Allah","year":"2010","unstructured":"Min-Allah N, Ali I, Xing J, Wang Y (2010) Utilization bound for periodic task set with composite deadline. Comput Elect Eng 36(6):1101\u20131109","journal-title":"Comput Elect Eng"},{"key":"8146_CR22","doi-asserted-by":"crossref","unstructured":"Du H, Liu S, Zheng L, Cao Y, Nakamura A, Chen L (2025) Privacy in fine-tuning large language models: attacks, defenses, and future directions. In: Wu, X., et\u00a0al. (eds.) Advances in Knowledge Discovery and Data Mining. PAKDD 2025. Lecture Notes in Computer Science, Vol 15873. Springer, Singapore","DOI":"10.1007\/978-981-96-8183-9_25"},{"issue":"8","key":"8146_CR23","doi-asserted-by":"publisher","first-page":"4180","DOI":"10.3390\/app15084180","volume":"15","author":"K Kalodanis","year":"2025","unstructured":"Kalodanis K, Papadopoulos S, Feretzakis G, Rizomiliotis P, Anagnostopoulos D (2025) Securellm: a unified framework for privacy-focused large language models. Appl Sci 15(8):4180","journal-title":"Appl Sci"},{"key":"8146_CR24","doi-asserted-by":"crossref","unstructured":"Chen T, Li P, Zhou K, Chen T, Wei H (2025) Unveiling privacy risks in multi-modal large language models: task-specific vulnerabilities and mitigation challenges. In: Findings of the Association for Computational Linguistics: ACL 2025, Vienna, Austria, pp 4573\u20134586","DOI":"10.18653\/v1\/2025.findings-acl.237"},{"key":"8146_CR25","unstructured":"Chi Y, Lin Y, Hong S, Pan D, Fei Y, Mei G, Liu B, Pang T, Kwok J, Zhang C, Liu B, Wu C (2024) Sela: tree-search enhanced llm agents for automated machine learning. arXiv preprint"},{"key":"8146_CR26","doi-asserted-by":"crossref","unstructured":"Fu W, Wang H, Gao C, Liu G, Li Y, Jiang T (2025) Practical membership inference attacks against fine-tuned large language models via self-prompt calibration. In: Curran Associates Inc","DOI":"10.52202\/079017-4290"},{"key":"8146_CR27","doi-asserted-by":"publisher","DOI":"10.1007\/978-3-319-57959-7","volume-title":"The EU general data protection regulation (GDPR): a practical guide","author":"P Voigt","year":"2017","unstructured":"Voigt P, Bussche A (2017) The EU general data protection regulation (GDPR): a practical guide, 1st edn. Springer, Cham","edition":"1"},{"key":"8146_CR28","doi-asserted-by":"publisher","DOI":"10.1016\/j.neunet.2024.106411","volume":"178","author":"D Ressi","year":"2024","unstructured":"Ressi D, Romanello R, Rossi S, Piazza C (2024) Compressing neural networks via formal methods. Neural Netw 178:106411. https:\/\/doi.org\/10.1016\/j.neunet.2024.106411","journal-title":"Neural Netw"},{"key":"8146_CR29","unstructured":"Chen K et al. (2024) Imprompter: tricking llm agents into improper tool use. arXiv preprint arXiv:2410.14923"},{"key":"8146_CR30","unstructured":"Yu J et al. (2023) Assessing prompt injection risks in 200+ custom gpts. arXiv preprint arXiv:2311.11538"},{"issue":"7","key":"8146_CR31","doi-asserted-by":"publisher","first-page":"2813","DOI":"10.3390\/electronics11182813","volume":"11","author":"U Islam","year":"2022","unstructured":"Islam U et al (2022) A novel anomaly detection system on the internet of railways using extended neural networks. Electronics 11(7):2813","journal-title":"Electronics"},{"key":"8146_CR32","doi-asserted-by":"publisher","first-page":"3823","DOI":"10.1109\/TWC.2023.3311824","volume":"23","author":"P Zheng","year":"2024","unstructured":"Zheng P, Zhu Y, Hu Y, Zhang Z, Schmeink A (2024) Federated learning in heterogeneous networks with unreliable communication. Trans Wirel Commun 23:3823\u20133838","journal-title":"Trans Wirel Commun"},{"key":"8146_CR33","doi-asserted-by":"publisher","first-page":"163","DOI":"10.1007\/s44443-025-00177-1","volume":"37","author":"K Chen","year":"2025","unstructured":"Chen K et al (2025) A survey on privacy risks and protection in large language models. J King Saud Univ Comput Inf Sci 37:163. https:\/\/doi.org\/10.1007\/s44443-025-00177-1","journal-title":"J King Saud Univ Comput Inf Sci"},{"key":"8146_CR34","unstructured":"Duan M et al. (2024) Do membership inference attacks work on large language models? arXiv preprint arXiv:2402.07841"},{"key":"8146_CR35","unstructured":"Zhou Z et al. (2024) Model inversion attacks: a survey of approaches and countermeasures. arXiv preprint arXiv:2411.10023"},{"key":"8146_CR36","doi-asserted-by":"crossref","unstructured":"Yang W et al. (2025) Deep learning model inversion attacks and defenses: a comprehensive survey. arXiv preprint arXiv:2501.18934","DOI":"10.1007\/s10462-025-11248-0"},{"key":"8146_CR37","unstructured":"Fang H et al. (2024) Privacy leakage on dnns: a survey of model inversion attacks and defenses. arXiv preprint arXiv:2402.04013"},{"key":"8146_CR38","doi-asserted-by":"publisher","first-page":"140699","DOI":"10.1109\/ACCESS.2020.3013541","volume":"8","author":"M Aledhari","year":"2020","unstructured":"Aledhari M, Razzak R, Parizi RM, Saeed F (2020) Federated learning: a survey on enabling technologies, protocols, and applications. IEEE Access 8:140699\u2013140725","journal-title":"IEEE Access"},{"key":"8146_CR39","doi-asserted-by":"crossref","unstructured":"Heusinger M, Raab C, Rossi F, Schleif F-M (2022) Federated learning\u2013methods, applications and beyond. arXiv preprint arXiv:2212.11729","DOI":"10.14428\/esann\/2021.ES2021-4"},{"issue":"3","key":"8146_CR40","doi-asserted-by":"publisher","first-page":"2031","DOI":"10.1109\/COMST.2020.2986024","volume":"22","author":"WYB Lim","year":"2020","unstructured":"Lim WYB et al (2020) Federated learning in mobile edge networks: a comprehensive survey. IEEE Commun Surveys Tutor 22(3):2031\u20132063","journal-title":"IEEE Commun Surveys Tutor"},{"key":"8146_CR41","unstructured":"Ma, M., Li, T., Peng, X.: Beyond the federation: topology-aware federated learning for generalization to unseen clients. In: Proceedings of the 41st International Conference on Machine Learning, PMLR 235, pp 33794\u201333810 (2024)"},{"key":"8146_CR42","unstructured":"Si N, Zhang H, Chang H, Zhang W, Qu D, Zhang W (2023) Knowledge unlearning for llms: tasks, methods, and challenges. arXiv preprint arXiv:2311.15766"},{"key":"8146_CR43","doi-asserted-by":"crossref","unstructured":"Qu Y, Yuan X, Ding M, Ni W, Rakotoarivelo T, Smith D (2023) Learn to unlearn: a survey on machine unlearning. arXiv preprint arXiv:2305.07512","DOI":"10.1109\/MC.2023.3333319"},{"key":"8146_CR44","unstructured":"Nguyen TT et al. (2022) A survey of machine unlearning. arXiv preprint arXiv:2209.02299"},{"key":"8146_CR45","unstructured":"Vaswani A et\u00a0al. (2017) Attention is all you need. In: Advances in Neural Information Processing Systems"},{"key":"8146_CR46","unstructured":"Brown TB, et al. (2020) Language models are few-shot learners. arXiv preprint arXiv:2005.14165"},{"key":"8146_CR47","unstructured":"Brundage M et al. (2020) Toward trustworthy AI development. arXiv preprint arXiv:2004.07213"},{"key":"8146_CR48","unstructured":"Huang Z, Zhang R, Song S (2023) Learning to diagnose privately. In: Proceedings of 37th Conference on Neural Information Processing Systems (NeurIPS)"},{"issue":"3","key":"8146_CR49","doi-asserted-by":"publisher","first-page":"5349","DOI":"10.32604\/cmc.2023.033532","volume":"74","author":"KA Alissa","year":"2023","unstructured":"Alissa KA, Maray M, Malibari AA, Alazwari S, Alqahtani H, Nour MK, Obbaya M, Shamseldin MA, Duhayyim MA (2023) Optimal deep learning model enabled secure UAV classification for industry 4.0. Comput Mater Continua 74(3):5349\u20135367. https:\/\/doi.org\/10.32604\/cmc.2023.033532","journal-title":"Comput Mater Continua"},{"key":"8146_CR50","unstructured":"Carlini, N., Ippolito, D., Jagielski, M., Lee, K., Tramer, F., Zhang, C.: Quantifying memorization across neural language models. arXiv preprint arXiv:2202.07646 (2023)"},{"key":"8146_CR51","doi-asserted-by":"crossref","unstructured":"Dwork C et\u00a0al (2006) Calibrating noise to sensitivity in private data analysis. In: Theory of Cryptography Conference, pp 265\u2013284","DOI":"10.1007\/11681878_14"},{"key":"8146_CR52","doi-asserted-by":"publisher","unstructured":"Shokri R, Stronati M, Song C, Shmatikov V (2017) Membership inference attacks against machine learning models. In: 2017 IEEE Symposium on Security and Privacy (SP), San Jose, CA, USA, pp 3\u201318. https:\/\/doi.org\/10.1109\/SP.2017.41","DOI":"10.1109\/SP.2017.41"},{"key":"8146_CR53","doi-asserted-by":"crossref","unstructured":"Jang J et\u00a0al (2023) Knowledge unlearning for mitigating privacy risks in language models. In: Long Papers, Association for Computational Linguistics (ACL), pp 14389\u201314408","DOI":"10.18653\/v1\/2023.acl-long.805"},{"key":"8146_CR54","unstructured":"Staab R et al. (2023) Beyond memorization: violating privacy via inference with large language models. arXiv preprint arXiv:2310.07298"},{"key":"8146_CR55","doi-asserted-by":"publisher","unstructured":"Pearce S et\u00a0al. (2023) Security weaknesses of copilot-generated code in github projects. In: Proceedings of the 2023 ACM SIGSOFT International Symposium on Software Testing and Analysis, pp 1\u201312 . https:\/\/doi.org\/10.1145\/3716848","DOI":"10.1145\/3716848"},{"key":"8146_CR56","doi-asserted-by":"crossref","unstructured":"Deng G, Liu Y, Li Y, Wang K, Zhang Y, Li Z, Wang H, Zhang T, Liu Y (2023) Jailbreaker: automated jailbreaking across multiple large language model chatbots. arXiv preprint arXiv:2307.08715","DOI":"10.14722\/ndss.2024.24188"},{"issue":"24","key":"8146_CR57","first-page":"1","volume":"39","author":"M Medeiros","year":"2024","unstructured":"Medeiros M, Naveed M, Lepoint T, Kahsai T, Ravitch T, Zetzsche S, Joshi A, Tassarotti J, Albarghouthi A, Tristan J-B (2024) Verified foundations for differential privacy. ACM Trans Program Lang Syst 39(24):1\u201330","journal-title":"ACM Trans Program Lang Syst"},{"key":"8146_CR58","unstructured":"Suri M, Anand N, Bhaskar A (2025) Mitigating memorization in llms using activation steering. arXiv preprint arXiv:2503.06040"},{"key":"8146_CR59","doi-asserted-by":"publisher","DOI":"10.1016\/j.jnca.2024.103858","volume":"225","author":"D Ressi","year":"2024","unstructured":"Ressi D, Romanello R, Piazza C, Rossi S (2024) Ai-enhanced blockchain technology: a review of advancements and opportunities. J Netw Comput Appl 225:103858","journal-title":"J Netw Comput Appl"},{"key":"8146_CR60","doi-asserted-by":"publisher","unstructured":"Zhang H, Wang X, Li C, Ao X, He Q (2025) Controlling large language models through concept activation vectors. In: AAAI Conference on Artificial Intelligence. https:\/\/doi.org\/10.1609\/aaai.v39i24.34778","DOI":"10.1609\/aaai.v39i24.34778"},{"key":"8146_CR61","doi-asserted-by":"crossref","unstructured":"Tan Y, Tan C, Mi Z, Chen H (2025) Pipellm: fast and confidential large language model services with speculative pipelined encryption. In: Proceedings of the 30th ACM International Conference on Architectural Support for Programming Languages and Operating Systems (ASPLOS)","DOI":"10.1145\/3669940.3707224"},{"key":"8146_CR62","unstructured":"Mittal R (2024) Improving inference privacy for large language models using secure enclaves. Technical Report EECS-2024-225, EECS Tech Rep, Univ California, Berkeley"},{"key":"8146_CR63","doi-asserted-by":"crossref","unstructured":"Huang W, Wang Y, Chen C (2024) Privacy evaluation benchmarks for nlp models. arXiv preprint arXiv:2409.15868v3","DOI":"10.18653\/v1\/2024.findings-emnlp.147"},{"key":"8146_CR64","unstructured":"Patil V, Sung Y-L, Hase P, Peng J, Chen T, Bansal M (2025) Unlearning sensitive information in multimodal llms: benchmark and attack-defense evaluation. arXiv preprint arXiv:2505.01456"},{"key":"8146_CR65","doi-asserted-by":"crossref","unstructured":"Liu Z, Dou G, Jia M, Tan Z, Zeng Q, Yuan Y, Jiang M (2024) Protecting privacy in multimodal large language models with mllmu-bench. arXiv preprint arXiv:2410.22108","DOI":"10.18653\/v1\/2025.naacl-long.207"},{"key":"8146_CR66","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"1","DOI":"10.1007\/11787006_1","volume-title":"Automata, Languages and Programming","author":"C Dwork","year":"2006","unstructured":"Dwork C (2006) Differential privacy. In: Bugliesi M, Preneel B, Sassone V, Wegener I (eds) Automata, Languages and Programming, vol 4052. Lecture Notes in Computer Science. Springer, Berlin, Heidelberg, pp 1\u201312. https:\/\/doi.org\/10.1007\/11787006_1"},{"key":"8146_CR67","doi-asserted-by":"publisher","unstructured":"Van Dijk M, Gentry C, Halevi S, Vaikuntanathan V (2010) Fully homomorphic encryption over the integers. https:\/\/doi.org\/10.1007\/978-3-642-13190-5_2","DOI":"10.1007\/978-3-642-13190-5_2"},{"key":"8146_CR68","unstructured":"McMahan HB, Moore E, Ramage D, Hampson S, Ag B (2016) Communication-efficient learning of deep networks from decentralized data. In: International Conference on Artificial Intelligence and Statistics"},{"key":"8146_CR69","unstructured":"Wen THH, McMahan HB, Kairouz B (2020) Fedavgm: combining momentum with local sgd for efficient federated learning. arXiv preprint arXiv:2002.06440"},{"issue":"1","key":"8146_CR70","doi-asserted-by":"publisher","first-page":"12598","DOI":"10.1038\/s41598-020-69250-1","volume":"10","author":"MJ Sheller","year":"2020","unstructured":"Sheller MJ, Edwards B, Reina GA, Martin J, Pati S, Kotrotsou A et al (2020) Federated learning in medicine: facilitating multi-institutional collaborations without sharing patient data. Sci Rep 10(1):12598","journal-title":"Sci Rep"},{"key":"8146_CR71","doi-asserted-by":"publisher","unstructured":"Goel A, Hu Y, Gurevych I, Sanyal A (2025) Differentially private steering for large language model alignment (2025)https:\/\/doi.org\/10.48550\/arXiv.2501.18532","DOI":"10.48550\/arXiv.2501.18532"},{"issue":"2","key":"8146_CR72","doi-asserted-by":"publisher","first-page":"1","DOI":"10.1145\/3744559","volume":"27","author":"H Zhang","year":"2025","unstructured":"Zhang H, Li Q, Ma X, Wang Y (2025) Balancing privacy and utility in healthcare AI systems using hybrid differential privacy and unlearning mechanisms. ACM Trans Priv Secur 27(2):1\u201319","journal-title":"ACM Trans Priv Secur"},{"issue":"2","key":"8146_CR73","doi-asserted-by":"publisher","first-page":"1","DOI":"10.1145\/3298981","volume":"10","author":"Q Yang","year":"2019","unstructured":"Yang Q, Liu Y, Chen T, Tong Y (2019) Federated machine learning: concept and applications. ACM Trans Intell Syst Technol 10(2):1\u201319","journal-title":"ACM Trans Intell Syst Technol"},{"key":"8146_CR74","unstructured":"U.S. Department of health and human services: the health information technology for economic and clinical health (HITECH) act. https:\/\/www.hhs.gov\/hipaa\/for-professionals\/special-topics\/hitech-act-summary\/ (2023)"},{"key":"8146_CR75","doi-asserted-by":"publisher","first-page":"119","DOI":"10.1038\/s41746-020-00323-1","volume":"3","author":"S Rieke","year":"2020","unstructured":"Rieke S, Hancox J, Li W, Kaissis G, Glocker F, Scholz RF (2020) The future of federated learning in healthcare: opportunities and challenges. npj Digit Med 3:119","journal-title":"npj Digit Med"},{"key":"8146_CR76","unstructured":"Ramos D, Mamede C, Jain K, Canelas P, Gamboa C, Le\u00a0Goues C (2025) Generated data with fake privacy: hidden dangers of fine-tuning large language models on generated data. In: USENIX Security"},{"key":"8146_CR77","unstructured":"Kone?n\u00fd J, McMahan HB, Yu FX, Richt\u00e1rik P, Suresh AT, Bacon D (2017) Federated learning: strategies for improving communication efficiency. arXiv preprint arXiv:1610.05492"},{"key":"8146_CR78","doi-asserted-by":"crossref","unstructured":"Ippolito D, Tramer F, Nasr M, Zhang C, Jagielski M, Lee K, Choquette-Choo CA, Carlini N (2022) Preventing verbatim memorization in language models gives a false sense of privacy. arXiv preprint arXiv:2210.17546","DOI":"10.18653\/v1\/2023.inlg-main.3"},{"key":"8146_CR79","unstructured":"Hartmann V, Suri A, Bindschaedler V, Evans D, Tople S, West R (2023) Sok: memorization in general-purpose large language models. arXiv preprint arXiv:2310.18362"},{"key":"8146_CR80","unstructured":"Bordt S, Nori H, Rodrigues V, Nushi B, Caruana R (2024) Elephants never forget: memorization and learning of tabular data in large language models. arXiv preprint arXiv:2404.06209"},{"issue":"4","key":"8146_CR81","first-page":"2931","volume":"35","author":"Y Zhao","year":"2024","unstructured":"Zhao Y, Liu J, Chen H, Yang K et al (2024) Federated learning with non-iid data in resource-constrained hospitals. IEEE Trans Neural Netw Learn Syst 35(4):2931\u20132944","journal-title":"IEEE Trans Neural Netw Learn Syst"},{"key":"8146_CR82","unstructured":"Neel S, Chang P (2023) Privacy issues in large language models: a survey. arXiv preprint arXiv:2312.06717"},{"issue":"2","key":"8146_CR83","first-page":"102","volume":"2","author":"X Wu","year":"2023","unstructured":"Wu X, Duan R, Ni J (2023) Unveiling security, privacy, and ethical concerns of chatgpt. J Inf Intell 2(2):102\u2013115","journal-title":"J Inf Intell"},{"key":"8146_CR84","doi-asserted-by":"publisher","first-page":"1","DOI":"10.1162\/coli_a_00524","volume":"50","author":"IO Gallegos","year":"2024","unstructured":"Gallegos IO, Rossi RA, Barrow J, Tanjim MM, Kim S, Dernoncourt F, Yu T, Zhang R, Ahmed NK (2024) Bias and fairness in large language models: a survey. Comput Linguist 50:1\u201379","journal-title":"Comput Linguist"},{"key":"8146_CR85","doi-asserted-by":"crossref","unstructured":"Gupta M, Akiri C, Aryal K, Parker E, Praharaj L (2023) From chatgpt to threatgpt: impact of generative AI in cybersecurity and privacy. IEEE Access","DOI":"10.1109\/ACCESS.2023.3300381"},{"key":"8146_CR86","doi-asserted-by":"crossref","unstructured":"Liu Y, Deng G, Xu Z, Li Y, Zheng Y, Zhang Y, Zhao L, Zhang T, Liu Y (2023) Jailbreaking chatgpt via prompt engineering: an empirical study. arXiv preprint arXiv:2305.13860","DOI":"10.1145\/3663530.3665021"},{"key":"8146_CR87","doi-asserted-by":"crossref","unstructured":"Yang H, Xiang K, Li H, Lu R (2023) A comprehensive overview of backdoor attacks in large language models within communication networks. arXiv preprint arXiv:2308.14367","DOI":"10.1109\/MNET.2024.3367788"},{"key":"8146_CR88","unstructured":"Shi J, Liu Y, Zhou P, Sun L (2023) Badgpt: exploring security vulnerabilities of chatgpt via backdoor attacks to instructgpt. arXiv preprint arXiv:2304.12298"},{"key":"8146_CR89","unstructured":"Wan A, Wallace E, Shen S, Kein D (2023) Poisoning language models during instruction tuning. arXiv preprint arXiv:2305.00944"},{"key":"8146_CR90","unstructured":"Xin Y, Li Z, Yu N, Backes M, Zhang Y (2022) Membership leakage in pre-trained language models"},{"key":"8146_CR91","doi-asserted-by":"crossref","unstructured":"Deng J, Wang Y, Li J, Shang C, Liu H, Rajasekaran S, Ding C (2022) Tag: gradient attack on transformer-based language models. arXiv preprint arXiv:2203.10522","DOI":"10.18653\/v1\/2021.findings-emnlp.305"},{"key":"8146_CR92","unstructured":"Lukas N, Salem A, Sim R, Tople S, Wutschitz L, Zanella-B\u00e9guelin S (2023) Analyzing leakage of pii in language models. arXiv preprint arXiv:2302.00539"},{"key":"8146_CR93","doi-asserted-by":"publisher","unstructured":"Das BC, Amini MH, Wu Y (2024) Security and privacy challenges of large language models: a survey https:\/\/doi.org\/10.48550\/arXiv.2402.00888","DOI":"10.48550\/arXiv.2402.00888"},{"key":"8146_CR94","doi-asserted-by":"crossref","unstructured":"Vassilev A, Oprea A, Fordyce A, Andersen H (2024) Adversarial machine learning: a taxonomy and terminology of attacks and mitigations. NIST Trustworthy Responsible AI NIST AI 100-2e2023","DOI":"10.6028\/NIST.AI.100-2e2023"},{"key":"8146_CR95","unstructured":"Sun, L., Huang, Y., Wang, H., Wu, S., Zhang, Q., Gao, C., Huang, Y., Lyu, W., Zhang, Y., Li, X., et al.: Trustllm: trustworthiness in large language models. arXiv preprint arXiv:2401.05561 (2024)"},{"key":"8146_CR96","unstructured":"Naveed H, Khan AU, Qiu S, Saqib M, Anwar S, Usman M, Akhtar N, Barnes N, Mian A (2023) A comprehensive overview of large language models. arXiv preprint arXiv:2307.06435"},{"key":"8146_CR97","unstructured":"Wang S, Zhu T, Liu B, Ming D, Guo X, Ye D, Zhou W   (2024) Unique security and privacy threats of large language model: a comprehensive survey. arXiv preprint arXiv:2406.07973"},{"key":"8146_CR98","doi-asserted-by":"crossref","unstructured":"Drechsler J, Bailie J (2024)    The complexities of differential privacy for survey data. arXiv preprint arXiv:2408.07006","DOI":"10.3386\/w32905"},{"key":"8146_CR99","doi-asserted-by":"crossref","unstructured":"Kazan Z, Reiter JP   (2024) Prior-itizing privacy: a bayesian approach to setting the privacy budget in differential privacy. In: Advances in Neural Information Processing Systems 37","DOI":"10.52202\/079017-2869"},{"key":"8146_CR100","unstructured":"Sheikhjaberi A  (2024) Membership inference attack on preference data for llm alignment. Amazon Sci"},{"key":"8146_CR101","doi-asserted-by":"crossref","unstructured":"Hisamoto S et\u00a0al. (2020) Membership inference attacks on sequence-to-sequence models: is my data in your machine translation system? In: Proceedings of the 2020 Conference on Empirical Methods in Natural Language Processing (EMNLP)","DOI":"10.1162\/tacl_a_00299"},{"key":"8146_CR102","unstructured":"Hu H et\u00a0al. (2024) Membership inference attacks against large vision-language models. In: Proceedings of 2024 Conference on Neural Information Processing Systems. (NeurIPS)"},{"key":"8146_CR103","unstructured":"Zhu L, Liu Z, Han S (2019)  Deep leakage from gradients. In: Proceedings of the 33rd International Conference on Neural Information Processing Systems"},{"key":"8146_CR104","unstructured":"Song L, Mittal P (2020) Systematic evaluation of privacy risks of machine learning models. In: USENIX Security Symposium"},{"key":"8146_CR105","doi-asserted-by":"publisher","unstructured":"Vu MN, Dang TK, Nguyen TA, Nguyen TD, Th\u00e0nh TN (2024)  Analysis of privacy leakage in federated large language models. In: Proceedings of USENIX Conference on Security Symposium, pp 6305\u20136322. https:\/\/doi.org\/10.48550\/arXiv.2403.04784","DOI":"10.48550\/arXiv.2403.04784"},{"key":"8146_CR106","unstructured":"Park J et al. (2024) Fedbaf: federated learning aggregation biased by a foundation model. arXiv preprint arXiv:2406.16565"},{"key":"8146_CR107","unstructured":"Zou A, Wang Z, Wallace ED et al. (2023) Universal and transferable adversarial attacks on aligned language models. arXiv preprint arXiv:2307.15043"},{"key":"8146_CR108","unstructured":"Greshake M, Beurer-Kellner LK et al. (2023) More than you\u2019ve asked for: a comprehensive analysis of novel prompt injection threats to application-integrated large language models. arXiv preprint arXiv:2302.12173"},{"key":"8146_CR109","doi-asserted-by":"publisher","first-page":"47230","DOI":"10.1109\/ACCESS.2019.2909068","volume":"7","author":"T Gu","year":"2019","unstructured":"Gu T, Liu K, Dolan-Gavitt B, Garg S (2019)    Badnets: evaluating backdooring attacks on deep neural networks. IEEE Access 7:47230\u201347244  https:\/\/doi.org\/10.1109\/ACCESS.2019.2909068","journal-title":"IEEE Access"},{"key":"8146_CR110","doi-asserted-by":"publisher","unstructured":"Jagielski M, Oprea A, Biggio B, Liu C, Nita-Rotaru C, Li B (2018) Manipulating machine learning: poisoning attacks and countermeasures for regression learning. In: 2018 IEEE Symposium on Security and Privacy (SP), San Francisco, CA, USA, pp 19\u201335. https:\/\/doi.org\/10.1109\/SP.2018.00057","DOI":"10.1109\/SP.2018.00057"},{"key":"8146_CR111","doi-asserted-by":"crossref","unstructured":"Abadi M, Chu A, Goodfellow I, McMahan HB, Mironov I, Talwar K, Zhang L  (2016) Deep learning with differential privacy. In: Proceedings of the 23rd ACM Conference on Computer and Communications Security(CCS \u201916), New York, NY, USA, pp 308\u2013318","DOI":"10.1145\/2976749.2978318"},{"key":"8146_CR112","doi-asserted-by":"publisher","unstructured":"Mireshghallah F, Uniyal A, Wang T, Evans D, Berg-Kirkpatrick T  (2022) Quantifying privacy risks of masked language models using membership inference attacks. In: Proceedings of the 2022 Conference of the North American Chapter of the Association for Computational Linguistics (NAACL), pp 4694\u20134706 . https:\/\/doi.org\/10.18653\/v1\/2022.naacl-main.346","DOI":"10.18653\/v1\/2022.naacl-main.346"},{"key":"8146_CR113","unstructured":"Bhattacharjee P, Tian F, Tandon R, Lo J, Hanson H, Rubin G, Merchant N, Gounley J (2025) Learning to diagnose privately: Dp-powered llms for radiology report classification. arXiv preprint arXiv:2506.04450"},{"key":"8146_CR114","doi-asserted-by":"crossref","unstructured":"Lester B, Al-Rfou R, Constant N (2021) The power of scale for parameter-efficient prompt tuning. In: Conference on Empirical Methods in Natural Language Processing","DOI":"10.18653\/v1\/2021.emnlp-main.243"},{"key":"8146_CR115","unstructured":"Solaiman I, Brundage M, Clark J, Askell A, Herbert-Voss A, Wu J, Radford A, Wang J  (2019) Release strategies and the social impacts of language models. arXiv preprint arXiv:1908.09203"},{"key":"8146_CR116","unstructured":"Madry A, Makelov A, Schmidt L, Tsipras D, Vladu A  (2018) Towards deep learning models resistant to adversarial attacks. In: Proceedings of  International Conference on Learning Representations"},{"key":"8146_CR117","unstructured":"Han, S., Mao, H., Dally, W.J.: Deep compression: Compressing deep neural network with pruning, trained quantization and huffman coding. arXiv:1510.00149 (2015)"},{"key":"8146_CR118","doi-asserted-by":"crossref","unstructured":"Fredrikson M, Jha S, Ristenpart T (2015)    Model inversion attacks that exploit confidence information and basic countermeasures. In: The ACM Conference on Computer and Communications Security, pp 1322\u20131333","DOI":"10.1145\/2810103.2813677"},{"key":"8146_CR119","first-page":"1245","volume":"19","author":"M Nasr","year":"2024","unstructured":"Nasr M, Salem A, Carlini N, Song S (2024) Comprehensive privacy analysis of deep learning: differential privacy, membership inference, and beyond. IEEE Trans Inf Forensics Secur 19:1245\u20131259","journal-title":"IEEE Trans Inf Forensics Secur"},{"key":"8146_CR120","unstructured":"Hu J, Yang Y, Sun L (2023)   Privacy-preserving foundation models in healthcare: a systematic review. J Biomed Inform 145"},{"key":"8146_CR121","unstructured":"Zhang W et al.  (2024) Fedavgm and dpshield: scalable privacy-preserving federated learning for medical ai. IEEE Trans Neural Netw Learn Syst"},{"issue":"2","key":"8146_CR122","doi-asserted-by":"publisher","DOI":"10.1016\/j.hcc.2025.100300","volume":"5","author":"B Yan","year":"2025","unstructured":"Yan B, Li K, Xu M, Dong Y, Zhang Y, Ren Z, Cheng X (2025) On protecting the data privacy of large language models (llms). High-Confid Comput 5(2):100300. https:\/\/doi.org\/10.1016\/j.hcc.2025.100300","journal-title":"High-Confid Comput"},{"issue":"3","key":"8146_CR123","first-page":"1334","volume":"21","author":"S Thantharate","year":"2024","unstructured":"Thantharate S, Sharma P, Mishra AR (2024) Dpshield: differential privacy with domain-aware noise calibration for federated systems. IEEE Trans Dependable Secure Comput 21(3):1334\u20131344","journal-title":"IEEE Trans Dependable Secure Comput"},{"issue":"9","key":"8146_CR124","doi-asserted-by":"publisher","first-page":"2847","DOI":"10.3390\/s25092847","volume":"25","author":"L Zheng","year":"2025","unstructured":"Zheng L, Cao Y, Yoshikawa M, Shen Y, Rashed EA, Taura K, Hanaoka S, Zhang T (2025) Sensitivity-aware differential privacy for federated medical imaging. Sensors 25(9):2847. https:\/\/doi.org\/10.3390\/s25092847","journal-title":"Sensors"},{"key":"8146_CR125","doi-asserted-by":"crossref","unstructured":"Moon S, Lee WH (2023)  Privacy-preserving federated learning in healthcare. In: 2023 International Conference on Electronics, Information, and Communication (ICEIC), pp 1\u20134","DOI":"10.1109\/ICEIC57457.2023.10049966"},{"key":"8146_CR126","doi-asserted-by":"publisher","first-page":"33256","DOI":"10.1038\/s41598-025-18507-8","volume":"15","author":"F Rafsani","year":"2025","unstructured":"Rafsani F, Sheth D, Che Y et\u00a0al. (2025) Leveraging multi-modal foundation model image encoders to enhance brain mri-based headache classification. Sci Rep 15:33256 https:\/\/doi.org\/10.1038\/s41598-025-18507-8","journal-title":"Sci Rep"},{"issue":"1","key":"8146_CR127","doi-asserted-by":"publisher","first-page":"1953","DOI":"10.1038\/s41598-022-05539-7","volume":"12","author":"M Adnan","year":"2022","unstructured":"Adnan M, Kalra S, Cresswell JC, Taylor GW, Tizhoosh HR (2022) Federated learning and differential privacy for medical image analysis. Sci Rep 12(1):1953. https:\/\/doi.org\/10.1038\/s41598-022-05539-7","journal-title":"Sci Rep"},{"key":"8146_CR128","doi-asserted-by":"publisher","first-page":"473","DOI":"10.1038\/s42256-021-00337-8","volume":"3","author":"G Kaissis","year":"2021","unstructured":"Kaissis G, Ziller A, Passerat-Palmbach J et\u00a0al. (2021)  End-to-end privacy preserving deep learning on multi-institutional medical imaging. Nat Mach Intell 3:473\u2013484  https:\/\/doi.org\/10.1038\/s42256-021-00337-8","journal-title":"Nat Mach Intell"}],"container-title":["The Journal of Supercomputing"],"original-title":[],"language":"en","link":[{"URL":"https:\/\/link.springer.com\/content\/pdf\/10.1007\/s11227-025-08146-1.pdf","content-type":"application\/pdf","content-version":"vor","intended-application":"text-mining"},{"URL":"https:\/\/link.springer.com\/article\/10.1007\/s11227-025-08146-1","content-type":"text\/html","content-version":"vor","intended-application":"text-mining"},{"URL":"https:\/\/link.springer.com\/content\/pdf\/10.1007\/s11227-025-08146-1.pdf","content-type":"application\/pdf","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2025,12,25]],"date-time":"2025-12-25T15:36:41Z","timestamp":1766677001000},"score":1,"resource":{"primary":{"URL":"https:\/\/link.springer.com\/10.1007\/s11227-025-08146-1"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2025,12,25]]},"references-count":128,"journal-issue":{"issue":"1","published-online":{"date-parts":[[2026,1]]}},"alternative-id":["8146"],"URL":"https:\/\/doi.org\/10.1007\/s11227-025-08146-1","relation":{},"ISSN":["1573-0484"],"issn-type":[{"value":"1573-0484","type":"electronic"}],"subject":[],"published":{"date-parts":[[2025,12,25]]},"assertion":[{"value":"26 September 2025","order":1,"name":"received","label":"Received","group":{"name":"ArticleHistory","label":"Article History"}},{"value":"10 December 2025","order":2,"name":"accepted","label":"Accepted","group":{"name":"ArticleHistory","label":"Article History"}},{"value":"25 December 2025","order":3,"name":"first_online","label":"First Online","group":{"name":"ArticleHistory","label":"Article History"}},{"order":1,"name":"Ethics","group":{"name":"EthicsHeading","label":"Declarations"}},{"value":"The authors declare no conflict of interest.","order":2,"name":"Ethics","group":{"name":"EthicsHeading","label":"Conflict of interest"}}],"article-number":"26"}}