DMRL: Data- and Model-aware Reward Learning for Data Extraction

TL;DR

DMRL introduces a novel reward learning approach leveraging inverse reinforcement learning and dynamic optimization to improve data extraction from large language models, addressing limitations of previous methods.

Contribution

It presents a new data- and model-aware reward learning framework that enhances data extraction effectiveness from LLMs, overcoming issues like dataset duplication and prompt engineering.

Findings

DMRL outperforms baseline methods in data extraction tasks.

The approach effectively captures leakage mindsets for better model guidance.

Dynamic tuning improves extraction success across various LLMs.

Abstract

Large language models (LLMs) are inherently vulnerable to unintended privacy breaches. Consequently, systematic red-teaming research is essential for developing robust defense mechanisms. However, current data extraction methods suffer from several limitations: (1) rely on dataset duplicates (addressable via deduplication), (2) depend on prompt engineering (now countered by detection and defense), and (3) rely on random-search adversarial generation. To address these challenges, we propose DMRL, a Data- and Model-aware Reward Learning approach for data extraction. This technique leverages inverse reinforcement learning to extract sensitive data from LLMs. Our method consists of two main components: (1) constructing an introspective reasoning dataset that captures leakage mindsets to guide model behavior, and (2) training reward models with Group Relative Policy Optimization (GRPO), dynamically tuning optimization based on task difficulty at both the data and model levels. Comprehensive experiments across various LLMs demonstrate that DMRL outperforms all baseline methods in data extraction performance.