Search papers, labs, and topics across Lattice.
This paper benchmarks state-of-the-art black-box Membership Inference Attacks (MIAs) against modern LLMs to assess data contamination detection. The authors also introduce a new MIA method called Familiarity Ranking. Results show that existing black-box MIAs fail to reliably detect membership, achieving an AUC-ROC near 0.5 across various LLMs.
Despite growing concerns about data contamination, current black-box methods are essentially useless for detecting if an LLM has been trained on specific copyrighted material.
Large Language Models (LLMs) utilize large amounts of data for their training, some of which may come from copyrighted sources. Membership Inference Attacks (MIA) aim to detect those documents and whether they have been included in the training corpora of the LLMs. The black-box MIAs require a significant amount of data manipulation; therefore, their comparison is often challenging. We study state-of-the-art (SOTA) MIAs under the black-box assumptions and compare them to each other using a unified set of datasets to determine if any of them can reliably detect membership under SOTA LLMs. In addition, a new method, called the Familiarity Ranking, was developed to showcase a possible approach to black-box MIAs, thereby giving LLMs more freedom in their expression to understand their reasoning better. The results indicate that none of the methods are capable of reliably detecting membership in LLMs, as shown by an AUC-ROC of approximately 0.5 for all methods across several LLMs. The higher TPR and FPR for more advanced LLMs indicate higher reasoning and generalizing capabilities, showcasing the difficulty of detecting membership in LLMs using black-box MIAs.
