Automatic Calibration for Membership Inference Attack on Large Language Models
This work addresses privacy risks for users of large language models by improving the accuracy and practicality of membership inference attacks, though it is incremental as it builds on existing methods with a novel calibration approach.
The paper tackles the problem of high false positive rates and impractical calibration requirements in membership inference attacks on large language models by introducing the Automatic Calibration Membership Inference Attack (ACMIA) framework, which uses a tunable temperature to calibrate probabilities and achieves state-of-the-art performance across multiple benchmarks.
Membership Inference Attacks (MIAs) have recently been employed to determine whether a specific text was part of the pre-training data of Large Language Models (LLMs). However, existing methods often misinfer non-members as members, leading to a high false positive rate, or depend on additional reference models for probability calibration, which limits their practicality. To overcome these challenges, we introduce a novel framework called Automatic Calibration Membership Inference Attack (ACMIA), which utilizes a tunable temperature to calibrate output probabilities effectively. This approach is inspired by our theoretical insights into maximum likelihood estimation during the pre-training of LLMs. We introduce ACMIA in three configurations designed to accommodate different levels of model access and increase the probability gap between members and non-members, improving the reliability and robustness of membership inference. Extensive experiments on various open-source LLMs demonstrate that our proposed attack is highly effective, robust, and generalizable, surpassing state-of-the-art baselines across three widely used benchmarks. Our code is available at: \href{https://github.com/Salehzz/ACMIA}{\textcolor{blue}{Github}}.