Targeted Attack on GPT-Neo for the SATML Language Model Data Extraction Challenge [PRESENTATION]

Research output: Contribution to conferenceOther

34 Downloads (Pure)

Abstract

Previous work has shown that Large Language Models are susceptible to so-called data extraction attacks. This allows an attacker to extract a sample that was contained in the training data, which has massive privacy implications. The construction of data extraction attacks is challenging, current attacks are quite inefficient, and there exists a significant gap in the extraction capabilities of untargeted attacks and memorization. Thus, targeted attacks are proposed, which identify if a given sample from the training data, is extractable from a model. In this work, we apply a targeted data extraction attack to the SATML2023 Language Model Training Data Extraction Challenge. We apply a two-step approach. In the first step, we maximise the recall of the model and are able to extract the suffix for 69% of the samples. In the second step, we use a classifier-based Membership Inference Attack on the generations. Our AutoSklearn classifier achieves a precision of 0.841. The full approach reaches a score of 0.405 recall at a 10% false positive rate, which is an improvement of 34% over the baseline of 0.301.
Original languageEnglish
Number of pages5
Publication statusPublished - 2023
Event1st IEEE Conference on Secure and Trustworthy Machine Learning - Raleigh, United States
Duration: 8 Feb 202310 Feb 2023
Conference number: 1
https://satml.org/

Conference

Conference1st IEEE Conference on Secure and Trustworthy Machine Learning
Abbreviated titleSATML 2023
Country/TerritoryUnited States
CityRaleigh
Period8/02/2310/02/23
Internet address

Fingerprint

Dive into the research topics of 'Targeted Attack on GPT-Neo for the SATML Language Model Data Extraction Challenge [PRESENTATION]'. Together they form a unique fingerprint.

Cite this