As If We've Met Before: LLMs Exhibit Certainty in Recognizing Seen Files

TL;DR

COPYCHECK is a novel framework that uses uncertainty signals from LLMs to accurately detect whether specific content was part of their training data, addressing limitations of previous methods.

Contribution

It introduces a new approach leveraging LLM overconfidence and uncertainty patterns for copyright detection, with strategies to improve robustness and threshold independence.

Findings

Achieves over 90% balanced accuracy on LLaMA 7b and LLaMA2 7b

Outperforms state-of-the-art by over 90% relative improvement

Generalizes well across different LLM architectures

Abstract

The remarkable language ability of Large Language Models (LLMs) stems from extensive training on vast datasets, often including copyrighted material, which raises serious concerns about unauthorized use. While Membership Inference Attacks (MIAs) offer potential solutions for detecting such violations, existing approaches face critical limitations and challenges due to LLMs' inherent overconfidence, limited access to ground truth training data, and reliance on empirically determined thresholds. We present COPYCHECK, a novel framework that leverages uncertainty signals to detect whether copyrighted content was used in LLM training sets. Our method turns LLM overconfidence from a limitation into an asset by capturing uncertainty patterns that reliably distinguish between ``seen" (training data) and ``unseen" (non-training data) content. COPYCHECK further implements a two-fold strategy: (1) strategic segmentation of files into smaller snippets to reduce dependence on large-scale training data, and (2) uncertainty-guided unsupervised clustering to eliminate the need for empirically tuned thresholds. Experiment results show that COPYCHECK achieves an average balanced accuracy of 90.1% on LLaMA 7b and 91.6% on LLaMA2 7b in detecting seen files. Compared to the SOTA baseline, COPYCHECK achieves over 90% relative improvement, reaching up to 93.8\% balanced accuracy. It further exhibits strong generalizability across architectures, maintaining high performance on GPT-J 6B. This work presents the first application of uncertainty for copyright detection in LLMs, offering practical tools for training data transparency.