Search papers, labs, and topics across Lattice.
The paper introduces SERSEM, a white-box membership inference attack (MIA) framework tailored for code language models that aims to detect data contamination. SERSEM uses static AST analysis, spellchecking, and linting to create a character-level weight mask that suppresses boilerplate code and highlights memorization signals in transformer activations and output logits. Experiments on StarCoder2 models show SERSEM achieves AUC-ROC scores of 0.7913 and 0.7867, outperforming probability-based baselines, indicating its effectiveness in identifying verbatim memorization.
Forget sequence-level probabilities – pinpointing human-centric coding anomalies is a far stronger signal for detecting verbatim memorization in code LLMs.
As Large Language Models (LLMs) for code increasingly utilize massive, often non-permissively licensed datasets, evaluating data contamination through Membership Inference Attacks (MIAs) has become critical. We propose SERSEM (Selective Entropy-Weighted Scoring for Membership Inference), a novel white-box attack framework that suppresses uninformative syntactical boilerplate to amplify specific memorization signals. SERSEM utilizes a dual-signal methodology: first, a continuous character-level weight mask is derived through static Abstract Syntax Tree (AST) analysis, spellchecking-based multilingual logic detection, and offline linting. Second, these heuristic weights are used to pool internal transformer activations and calibrate token-level Z-scores from the output logits. Evaluated on a 25,000-sample balanced dataset, SERSEM achieves a global AUC-ROC of 0.7913 on the StarCoder2-3B model and 0.7867 on the StarCoder2-7B model, consistently outperforming the implemented probability-based baselines Loss, Min-K% Prob, and PAC. Our findings demonstrate that focusing on human-centric coding anomalies provides a significantly more robust indicator of verbatim memorization than sequence-level probability averages.