Targeted Training Data Extraction—Neighborhood Comparison-Based Membership Inference Attacks in Large Language Models

A large language model refers to a deep learning model characterized by extensive parameters and pretraining on a large-scale corpus, utilized for processing natural language text and generating high-quality text output. The increasing deployment of large language models has brought significant atte...

Full description

Saved in:
Bibliographic Details
Published inApplied sciences Vol. 14; no. 16; p. 7118
Main Authors Xu, Huan, Zhang, Zhanhao, Yu, Xiaodong, Wu, Yingbo, Zha, Zhiyong, Xu, Bo, Xu, Wenfeng, Hu, Menglan, Peng, Kai
Format Journal Article
LanguageEnglish
Published Basel MDPI AG 01.08.2024
Subjects
Algorithms
artificial intelligence security
Datasets
Language
Large language models
Machine learning
membership inference attack
Methods
Neighborhoods
Privacy
privacy protection
training data extraction
China
Online AccessGet full text

Cover

More Information
Summary:A large language model refers to a deep learning model characterized by extensive parameters and pretraining on a large-scale corpus, utilized for processing natural language text and generating high-quality text output. The increasing deployment of large language models has brought significant attention to their associated privacy and security issues. Recent experiments have demonstrated that training data can be extracted from these models due to their memory effect. Initially, research on large language model training data extraction focused primarily on non-targeted methods. However, following the introduction of targeted training data extraction by Carlini et al., prefix-based extraction methods to generate suffixes have garnered considerable interest, although current extraction precision remains low. This paper focuses on the targeted extraction of training data, employing various methods to enhance the precision and speed of the extraction process. Building on the work of Yu et al., we conduct a comprehensive analysis of the impact of different suffix generation methods on the precision of suffix generation. Additionally, we examine the quality and diversity of text generated by various suffix generation strategies. The study also applies membership inference attacks based on neighborhood comparison to the extraction of training data in large language models, conducting thorough evaluations and comparisons. The effectiveness of membership inference attacks in extracting training data from large language models is assessed, and the performance of different membership inference attacks is compared. Hyperparameter tuning is performed on multiple parameters to enhance the extraction of training data. Experimental results indicate that the proposed method significantly improves extraction precision compared to previous approaches.
ISSN:2076-3417
2076-3417
DOI:10.3390/app14167118