Membership Inference Attacks With Token-Level Deduplication on Korean Language Models

Oh, Myung Gyo; Kim, Jaeuk; Park, Leo Hyun; Kwon, Taekyoung

doi:10.1109/access.2023.3239668

Cited by 6 publications

(1 citation statement)

References 59 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…In an unguided attack, the adversary does not know the sample to be extracted from the model. The adversary simply attempts to extract any training point, contained anywhere in the training corpus [10,12,13,40].…”

Section: Data Extraction Attacksmentioning

confidence: 99%

Traces of Memorisation in Large Language Models for Code

Al-Kaswan,

Izadi,

van Deursen

2024

Proceedings of the IEEE/ACM 46th International Conference on Software Engineering

View full text Add to dashboard Cite

Large language models have gained significant popularity because of their ability to generate human-like text and potential applications in various fields, such as Software Engineering. Large language models for code are commonly trained on large unsanitised corpora of source code scraped from the internet. The content of these datasets is memorised and can be extracted by attackers with data extraction attacks. In this work, we explore memorisation in large language models for code and compare the rate of memorisation with large language models trained on natural language. We adopt an existing benchmark for natural language and construct a benchmark for code by identifying samples that are vulnerable to attack. We run both benchmarks against a variety of models, and perform a data extraction attack. We find that large language models for code are vulnerable to data extraction attacks, like their natural language counterparts. From the training data that was identified to be potentially extractable we were able to extract 47% from a CodeGen-Mono-16B code completion model. We also observe that models memorise more, as their parameter count grows, and that their pre-training data are also vulnerable to attack. We also find that data carriers are memorised at a higher rate than regular code or documentation and that different model architectures memorise different samples. Data leakage has severe outcomes, so we urge the research community to further investigate the extent of this phenomenon using a wider range of models and extraction techniques in order to build safeguards to mitigate this issue. CCS CONCEPTS• Security and privacy; • Software and its engineering; • Computing methodologies → Machine learning;

show abstract

Section: Data Extraction Attacksmentioning

confidence: 99%