{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2026,4,6]],"date-time":"2026-04-06T05:24:01Z","timestamp":1775453041770,"version":"3.50.1"},"reference-count":69,"publisher":"Institute of Electrical and Electronics Engineers (IEEE)","license":[{"start":{"date-parts":[[2025,1,1]],"date-time":"2025-01-01T00:00:00Z","timestamp":1735689600000},"content-version":"vor","delay-in-days":0,"URL":"https:\/\/ieeexplore.ieee.org\/Xplorehelp\/downloads\/license-information\/IEEE.html"},{"start":{"date-parts":[[2025,1,1]],"date-time":"2025-01-01T00:00:00Z","timestamp":1735689600000},"content-version":"stm-asf","delay-in-days":0,"URL":"https:\/\/doi.org\/10.15223\/policy-029"},{"start":{"date-parts":[[2025,1,1]],"date-time":"2025-01-01T00:00:00Z","timestamp":1735689600000},"content-version":"stm-asf","delay-in-days":0,"URL":"https:\/\/doi.org\/10.15223\/policy-037"}],"content-domain":{"domain":[],"crossmark-restriction":false},"short-container-title":["IEEE Trans.Inform.Forensic Secur."],"published-print":{"date-parts":[[2025]]},"DOI":"10.1109\/tifs.2025.3581103","type":"journal-article","created":{"date-parts":[[2025,6,18]],"date-time":"2025-06-18T13:37:04Z","timestamp":1750253824000},"page":"7211-7226","source":"Crossref","is-referenced-by-count":21,"title":["Hardening LLM Fine-Tuning: From Differentially Private Data Selection to Trustworthy Model Quantization"],"prefix":"10.1109","volume":"20","author":[{"ORCID":"https:\/\/orcid.org\/0009-0000-5469-0762","authenticated-orcid":false,"given":"Zehang","family":"Deng","sequence":"first","affiliation":[{"name":"School of Science, Computing and Engineering Technologies, Swinburne University of Technology, Melbourne, VIC, Australia"}]},{"ORCID":"https:\/\/orcid.org\/0000-0001-5404-8550","authenticated-orcid":false,"given":"Ruoxi","family":"Sun","sequence":"additional","affiliation":[{"name":"Cybersecurity and Quantum Systems Group, CSIRO’s Data61, Eveleigh, NSW, Australia"}]},{"ORCID":"https:\/\/orcid.org\/0000-0002-9172-4252","authenticated-orcid":false,"given":"Minhui","family":"Xue","sequence":"additional","affiliation":[{"name":"Cybersecurity and Quantum Systems Group, CSIRO’s Data61, Eveleigh, NSW, Australia"}]},{"ORCID":"https:\/\/orcid.org\/0000-0002-6305-1740","authenticated-orcid":false,"given":"Wanlun","family":"Ma","sequence":"additional","affiliation":[{"name":"School of Science, Computing and Engineering Technologies, Swinburne University of Technology, Melbourne, VIC, Australia"}]},{"ORCID":"https:\/\/orcid.org\/0000-0003-0655-666X","authenticated-orcid":false,"given":"Sheng","family":"Wen","sequence":"additional","affiliation":[{"name":"School of Science, Computing and Engineering Technologies, Swinburne University of Technology, Melbourne, VIC, Australia"}]},{"ORCID":"https:\/\/orcid.org\/0000-0002-3289-6599","authenticated-orcid":false,"given":"Surya","family":"Nepal","sequence":"additional","affiliation":[{"name":"Cybersecurity and Quantum Systems Group, CSIRO’s Data61, Eveleigh, NSW, Australia"}]},{"ORCID":"https:\/\/orcid.org\/0000-0001-5252-0831","authenticated-orcid":false,"given":"Yang","family":"Xiang","sequence":"additional","affiliation":[{"name":"School of Science, Computing and Engineering Technologies, Swinburne University of Technology, Melbourne, VIC, Australia"}]}],"member":"263","reference":[{"key":"ref1","doi-asserted-by":"publisher","DOI":"10.1109\/MC.2020.3006177"},{"key":"ref2","doi-asserted-by":"publisher","DOI":"10.1109\/MNET.2024.3384013"},{"key":"ref3","article-title":"PLLM-CS: Pre-trained large language model (LLM) for cyber threat detection in satellite networks","author":"Hassanin","year":"2024","journal-title":"arXiv:2405.05469"},{"key":"ref4","doi-asserted-by":"publisher","DOI":"10.1109\/JAS.2025.125498"},{"key":"ref5","doi-asserted-by":"publisher","DOI":"10.1145\/3716628"},{"key":"ref6","doi-asserted-by":"publisher","DOI":"10.1109\/JAS.2024.124983"},{"key":"ref7","doi-asserted-by":"publisher","DOI":"10.1109\/JAS.2024.124971"},{"key":"ref8","doi-asserted-by":"publisher","DOI":"10.1109\/TDSC.2024.3367737"},{"key":"ref9","first-page":"2633","article-title":"Extracting training data from large language models","volume-title":"Proc. USENIX Secur.","author":"Carlini"},{"key":"ref10","first-page":"1","article-title":"Quantifying memorization across neural language models","volume-title":"Proc. ICLR","author":"Carlini"},{"key":"ref11","doi-asserted-by":"publisher","DOI":"10.1016\/j.hcc.2024.100211"},{"key":"ref12","first-page":"5233","article-title":"SoK: All you need to know about on-device ML model extraction\u2014The gap between research and practice","volume-title":"Proc. USENIX Secur.","author":"Nayan"},{"key":"ref13","first-page":"1","article-title":"Identifying emerging cyber security threats and challenges for 2030","volume-title":"Proc. Eur. Union Agency Cybersecurity (ENISA)","volume":"64","author":"Mattioli"},{"key":"ref14","doi-asserted-by":"publisher","DOI":"10.1109\/tifs.2019.2932228"},{"key":"ref15","article-title":"Decoding compressed trust: Scrutinizing the trustworthiness of efficient LLMs under compression","author":"Hong","year":"2024","journal-title":"arXiv:2403.15447"},{"key":"ref16","doi-asserted-by":"publisher","DOI":"10.1038\/s41746-020-00323-1"},{"key":"ref17","doi-asserted-by":"publisher","DOI":"10.1609\/aaai.v36i8.20825"},{"key":"ref18","first-page":"34201","article-title":"Data selection for language models via importance resampling","volume-title":"Proc. NeurIPS","author":"Xie"},{"key":"ref19","article-title":"IDLG: Improved deep leakage from gradients","author":"Zhao","year":"2020","journal-title":"arXiv:2001.02610"},{"key":"ref20","doi-asserted-by":"publisher","DOI":"10.18653\/v1\/2021.findings-emnlp.305"},{"key":"ref21","first-page":"7641","article-title":"LAMP: Extracting text from gradients with language model priors","volume-title":"Proc. NeurIPS","author":"Dimitrov"},{"key":"ref22","doi-asserted-by":"publisher","DOI":"10.18653\/v1\/2023.emnlp-main.765"},{"key":"ref23","doi-asserted-by":"publisher","DOI":"10.1109\/SP.2017.41"},{"key":"ref24","doi-asserted-by":"publisher","DOI":"10.29012\/jpc.880"},{"key":"ref25","first-page":"1","article-title":"Large language models can be strong differentially private learners","volume-title":"Proc. ICLR","author":"Li"},{"key":"ref26","doi-asserted-by":"publisher","DOI":"10.18653\/v1\/2023.acl-long.74"},{"key":"ref27","first-page":"54531","article-title":"Differentially private synthetic data via foundation model APIS 2: Text","volume-title":"Proc. ICML","author":"Xie"},{"key":"ref28","first-page":"10323","article-title":"SparseGPT: Massive language models can be accurately pruned in one-shot","volume-title":"Proc. ICML","author":"Frantar"},{"key":"ref29","first-page":"1","article-title":"A simple and effective pruning approach for large language models","volume-title":"Proc. ICLR","author":"Sun"},{"key":"ref30","first-page":"1","article-title":"GPTQ: Accurate post-training quantization for generative pre-trained transformers","volume-title":"Proc. ICLR","author":"Frantar"},{"key":"ref31","first-page":"87","article-title":"AWQ: Activation-aware weight quantization for LLM compression and acceleration","volume-title":"Proc. MLSys","author":"Lin"},{"key":"ref32","doi-asserted-by":"publisher","DOI":"10.14722\/spacesec.2024.23008"},{"key":"ref33","doi-asserted-by":"publisher","DOI":"10.1007\/978-3-030-77772-2_14"},{"key":"ref34","doi-asserted-by":"publisher","DOI":"10.1038\/s41598-021-01638-z"},{"key":"ref35","doi-asserted-by":"publisher","DOI":"10.1080\/15481603.2022.2143872"},{"key":"ref36","article-title":"LLMSat: A large language model-based goal-oriented agent for autonomous space exploration","author":"Maranto","year":"2024","journal-title":"arXiv:2405.01392"},{"key":"ref37","first-page":"31232","article-title":"DecodingTrust: A comprehensive assessment of trustworthiness in GPT models","volume-title":"Proc. NeurIPS","author":"Wang"},{"key":"ref38","first-page":"20336","article-title":"LoSparse: Structured compression of large language models based on low-rank and sparse approximation","volume-title":"Proc. ICML","author":"Li"},{"key":"ref39","first-page":"1","article-title":"Minillm: Knowledge distillation of large language models","volume-title":"Proc. ICLR","author":"Gu"},{"key":"ref40","article-title":"LLM.int8(): 8-bit matrix multiplication for transformers at scale","author":"Dettmers","year":"2022","journal-title":"arXiv:2208.07339"},{"key":"ref41","first-page":"1","article-title":"OmniQuant: Omnidirectionally calibrated quantization for large language models","volume-title":"Proc. ICLR","author":"Shao"},{"key":"ref42","first-page":"1","article-title":"QLLM: Accurate and efficient low-bitwidth quantization for large language models","volume-title":"Proc. ICLR","author":"Liu"},{"key":"ref43","volume-title":"Nvidia Jetson AGX Orin Series","author":"Karumbunathan","year":"2022"},{"key":"ref44","doi-asserted-by":"publisher","DOI":"10.1109\/MM.2021.3061394"},{"key":"ref45","doi-asserted-by":"publisher","DOI":"10.1145\/2976749.2978318"},{"key":"ref46","first-page":"74","article-title":"Rouge: A package for automatic evaluation of summaries","volume-title":"Proc. Text Summarization Branches Out","author":"Lin"},{"key":"ref47","doi-asserted-by":"publisher","DOI":"10.1186\/s12864-019-6413-7"},{"key":"ref48","doi-asserted-by":"publisher","DOI":"10.18653\/v1\/2020.emnlp-demos.6"},{"key":"ref49","doi-asserted-by":"publisher","DOI":"10.1162\/tacl_a_00290"},{"key":"ref50","doi-asserted-by":"publisher","DOI":"10.1007\/978-0-387-73003-5_196"},{"key":"ref51","first-page":"1","article-title":"On the importance of difficulty calibration in membership inference attacks","volume-title":"Proc. ICLR","author":"Watson"},{"key":"ref52","article-title":"The faiss library","author":"Douze","year":"2024","journal-title":"arXiv:2401.08281"},{"key":"ref53","article-title":"The pile: An 800GB dataset of diverse text for language modeling","author":"Gao","year":"2021","journal-title":"arXiv:2101.00027"},{"key":"ref54","article-title":"Measuring massive multitask language understanding","author":"Hendrycks","year":"2020","journal-title":"arXiv:2009.03300"},{"key":"ref55","doi-asserted-by":"publisher","DOI":"10.18653\/v1\/D19-1410"},{"key":"ref56","article-title":"MT5: A massively multilingual pre-trained text-to-text transformer","author":"Xue","year":"2020","journal-title":"arXiv:2010.11934"},{"key":"ref57","doi-asserted-by":"publisher","DOI":"10.1038\/s41746-024-01029-4"},{"key":"ref58","first-page":"1","article-title":"Is model collapse inevitable? Breaking the curse of recursion by accumulating real and synthetic data","volume-title":"Proc. COLM","author":"Gerstgrasser"},{"key":"ref59","first-page":"1","article-title":"Token merging: Your ViT but faster","volume-title":"Proc. ICLR","author":"Bolya"},{"key":"ref60","doi-asserted-by":"publisher","DOI":"10.1561\/0400000042"},{"key":"ref61","doi-asserted-by":"publisher","DOI":"10.18653\/v1\/D13-1170"},{"key":"ref62","article-title":"Bridging language and items for retrieval and recommendation","author":"Hou","year":"2024","journal-title":"arXiv:2403.03952"},{"key":"ref63","first-page":"1","article-title":"Character-level convolutional networks for text classification","volume-title":"Proc. NeurIPS","author":"Zhang"},{"key":"ref64","doi-asserted-by":"publisher","DOI":"10.18653\/v1\/2021.findings-acl.449"},{"key":"ref65","doi-asserted-by":"publisher","DOI":"10.18653\/v1\/D19-5409"},{"key":"ref66","doi-asserted-by":"publisher","DOI":"10.18653\/v1\/2020.coling-main.581"},{"key":"ref67","article-title":"Llama2: Open foundation and fine-tuned chat models","author":"Touvron","year":"2023","journal-title":"arXiv:2307.09288"},{"issue":"8","key":"ref68","article-title":"Language models are unsupervised multitask learners","author":"Radford","year":"2019"},{"key":"ref69","doi-asserted-by":"publisher","DOI":"10.1016\/j.procs.2020.11.007"}],"container-title":["IEEE Transactions on Information Forensics and Security"],"original-title":[],"link":[{"URL":"http:\/\/xplorestaging.ieee.org\/ielx8\/10206\/10810755\/11040052.pdf?arnumber=11040052","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2025,7,21]],"date-time":"2025-07-21T18:04:09Z","timestamp":1753121049000},"score":1,"resource":{"primary":{"URL":"https:\/\/ieeexplore.ieee.org\/document\/11040052\/"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2025]]},"references-count":69,"URL":"https:\/\/doi.org\/10.1109\/tifs.2025.3581103","relation":{},"ISSN":["1556-6013","1556-6021"],"issn-type":[{"value":"1556-6013","type":"print"},{"value":"1556-6021","type":"electronic"}],"subject":[],"published":{"date-parts":[[2025]]}}}