On the Effectiveness of Membership Inference in Targeted Data Extraction from Large Language Models

TL;DR

This paper systematically benchmarks the effectiveness of Membership Inference Attacks in extracting training data from Large Language Models, highlighting their practical utility in real-world privacy risk scenarios.

Contribution

It integrates multiple MIA techniques into data extraction pipelines and compares their performance against conventional benchmarks.

Findings

MIA techniques can effectively verify data inclusion in LLM training sets.

Integrated MIA approaches outperform traditional benchmarks in real-world extraction scenarios.

The study reveals significant privacy risks posed by current MIA methods.

Abstract

Large Language Models (LLMs) are prone to memorizing training data, which poses serious privacy risks. Two of the most prominent concerns are training data extraction and Membership Inference Attacks (MIAs). Prior research has shown that these threats are interconnected: adversaries can extract training data from an LLM by querying the model to generate a large volume of text and subsequently applying MIAs to verify whether a particular data point was included in the training set. In this study, we integrate multiple MIA techniques into the data extraction pipeline to systematically benchmark their effectiveness. We then compare their performance in this integrated setting against results from conventional MIA benchmarks, allowing us to evaluate their practical utility in real-world extraction scenarios.