Noisy Neighbors: Efficient membership inference attacks against LLMs
This provides a more efficient privacy auditing tool for LLM developers and regulators concerned about data protection under regulations like GDPR and CCPA.
The paper tackles the problem of efficiently assessing privacy risks in large language models (LLMs) by introducing a membership inference attack method that generates noisy neighbors in embedding space, which matches the effectiveness of shadow models while requiring only inference mode.
The potential of transformer-based LLMs risks being hindered by privacy concerns due to their reliance on extensive datasets, possibly including sensitive information. Regulatory measures like GDPR and CCPA call for using robust auditing tools to address potential privacy issues, with Membership Inference Attacks (MIA) being the primary method for assessing LLMs' privacy risks. Differently from traditional MIA approaches, often requiring computationally intensive training of additional models, this paper introduces an efficient methodology that generates \textit{noisy neighbors} for a target sample by adding stochastic noise in the embedding space, requiring operating the target model in inference mode only. Our findings demonstrate that this approach closely matches the effectiveness of employing shadow models, showing its usability in practical privacy auditing scenarios.