MASTER Assignment
ANTLER: a privacy-preserving framework for fine-tuning of LLMs
Type : Master M-CS
Period: October 2025 - March, 2026
Student: Koç, M. A. (Arda, Student M-CS)
Date Final project: March 20, 2026
Supervisors:
Abstract:
The use of Large Language Models (LLMs) in healthcare has enabled a wide range of applications, from analysis of patient electronic health records to conversational agents. However, the strict privacy and security regulations imposed on the healthcare industry require robust privacy-preserving methods for the training and fine-tuning of these LLMs. This thesis investigates a specific privacy-preserving strategy for federated fine-tuning of LLMs, focusing on enabling secure collaboration without the need for data sharing. Specifically, it explores the integration of DEeR, a differentially private low-rank adaptation mechanism, into the FedShield-LLM framework, which combines federated learning (FL) with low-rank adaptation (LoRA), model pruning, and fully homomorphic encryption (FHE). This integrated framework is called ANTLER. Although FedShield-LLM enables secure and efficient computation, it only provides privacy and security during the fine tuning of LLMs. We observed that the integration of DEeR with FedShield-LLM results in a large noise amplification, rendering the model unusable for fine-tuning. We further investigate the root cause of this and find out that the cause is the Noise Regulator of DEeR, which does not work in LLM settings. To resolve this, we create a corrected ANTLER integration which uses DP-SGD instead of DEeR to inject noise into the model. Our findings have shown that this approach does indeed strengthen training signal and model utility. However, we observe that the use of DP-SGD increases model training time significantly.