Challenge: Recent work shows that Large Language Models can unintentionally leak sensitive information . a new method to identify with high confidence if a given text is in training data is proposed .
Approach: They propose a method to detect if a given text is in a pre-trained language model . they show that MoPe is more effective than existing loss-based attacks .
Outcome: The proposed method is more effective than loss-based attacks and perturbation-based methods.

Similar Papers

Quantifying Privacy Risks of Masked Language Models Using Membership Inference Attacks (2022.emnlp-main)

Copied to clipboard

Challenge: Prior attempts at measuring leakage of MLMs via membership inference attacks have been inconclusive, implying potential robustness of Mlms to privacy attacks.
Approach: They propose a stronger membership inference attack based on likelihood ratio hypothesis testing that involves an additional MLM to more accurately quantify the privacy risks of memorization in MLMs.
Outcome: The proposed attack improves the AUC of prior membership inference attacks from 0.66 to an alarmingly high 0.90 level on models trained on medical notes.
Investigating How Pre-training Data Leakage Affects Models’ Reproduction and Detection Capabilities (2025.emnlp-main)

Copied to clipboard

Challenge: Existing studies do not examine how leaked instances in training datasets influence LLMs’ output and detection capabilities.
Approach: They conduct an experimental survey to examine the relationship between data leakage in training datasets and its effects on the generation and detection by Large Language Models (LLMs).
Outcome: The results show that enhancing leakage detection through few-shot learning can help mitigate the impact of the leakage rate in the training data on detection performance.
User Inference Attacks on Large Language Models (2024.emnlp-main)

Copied to clipboard

Challenge: a large amount of data written by humans is used to train and fine-tune large language models.
Approach: They propose to infer if a user's data was used to train an LLM by using example-level differential privacy.
Outcome: The proposed attacks are easy to employ and only require black-box access to an LLM and a few samples from the user.
Knowledge Unlearning for Mitigating Privacy Risks in Language Models (2023.acl-long)

Copied to clipboard

Challenge: Recent work shows that an adversary can extract training data from Pretrained Language Models including Personally Identifiable Information (PII) such as names, phone numbers, and email addresses.
Approach: They propose to use knowledge unlearning to reduce privacy risks for LMs by performing gradient ascent on target token sequences instead of trying to unlearn all the data at once.
Outcome: The proposed method can give a stronger empirical privacy guarantee in scenarios where the data vulnerable to extraction attacks are known a priori while being much more efficient and robust.
DPDLLM: A Black-box Framework for Detecting Pre-training Data from Large Language Models (2024.findings-acl)

Copied to clipboard

Challenge: Existing methods to detect pretraining data from large language models are unrealistic to them.
Approach: They propose to detect pre-training data from LLM in a black-box way by using GPT-2 as reference model and feed it with sequence probabilities to detect whether it was used to train it.
Outcome: The proposed framework outperforms existing methods on the benchmark datasets and shows that it is effective on different popular LLMs.
Powerful Training-Free Membership Inference Against Fine-Tuned Autoregressive Language Models (2026.acl-long)

Copied to clipboard

Challenge: Existing methods for auditing fine-tuned language models have limited detection rates . membership inference attacks aim to determine if a specific record was in a model's training set .
Approach: They propose a membership inference attack that exploits memorization at error positions . EZ-MIA achieves 3.8 higher detection than previous state-of-the-art .
Outcome: The proposed attack achieves 3.8 higher detection than previous state-of-the-art models . EZ-MIA achieves 8 higher detectability than prior work, requiring no model training .
Adaptive Backtracking for Privacy Protection in Large Language Models (2026.findings-acl)

Copied to clipboard

Challenge: Existing privacy protection methods are prone to privacy leakage, but they are not effective in ensuring the privacy of users.
Approach: They propose to capture latent leakage tendency of large language models during generation process and to construct a new benchmark for personal information.
Outcome: The proposed method improves privacy by up to 14% over strong baselines against adversarial attacks, avoiding the degradation of response utility.
Context-Aware Membership Inference Attacks against Pre-trained Large Language Models (2025.emnlp-main)

Copied to clipboard

Challenge: Prior Membership Inference Attacks on pre-trained Large Language Models fail at LLMs due to ignoring the generative nature of LLM data.
Approach: They propose a method that adapts MIA statistical tests to the perplexity dynamics of subsequences within a data point.
Outcome: The proposed method significantly outperforms prior approaches, revealing context-dependent memorization patterns in pre-trained LLMs.
Unintended Memorization of Sensitive Information in Fine-Tuned Language Models (2026.eacl-long)

Copied to clipboard

Challenge: Large Language Models (LLMs) on sensitive datasets carry a substantial risk of unintended memorization and leakage of Personally Identifiable Information (PII) prior studies have analyzed memorizing dynamics in LLMs during pre-training and fine-tuning.
Approach: They investigate the vulnerability of PII that appears only in model inputs, not in training targets.
Outcome: The proposed methods show that post-training methods provide more consistent privacy-utility trade-offs .
Selective Differential Privacy for Language Modeling (2022.naacl-main)

Copied to clipboard

Challenge: Existing methods to protect sensitive data from leaking are over-pessimistic and undifferentiated.
Approach: They propose a new privacy notion, selective differential privacy, to provide rigorous privacy guarantees on the sensitive portion of the data to improve model utility.
Outcome: The proposed privacy-preserving mechanism achieves better utility while remaining safe under various privacy attacks compared to baselines.

What is GenGO?

GenGO is an NLP powered publication search system. It currenctly indexes 30k+ papers from ACL Anthology, and implements multi-aspect summarization, semantic search, and more!

Information

About
Limitations