Logo
ScienceStack
Table of Contents
Fetching ...
Sign In

A Statistical Hypothesis Testing Framework for Data Misappropriation Detection in Large Language Models

Yinpeng Cai, Lexin Li, Linjun Zhang

TL;DR

This work formalizes data misappropriation detection in large language models as a hypothesis-testing problem augmented by watermarking. It develops a general minimax framework that links token outputs to secret-watermark keys, accommodating complete and partial inheritance, and derives optimal test statistics and rejection thresholds for two representative watermark schemes (Gumbel-max and red-green-list). The authors establish asymptotic optimality guarantees and demonstrate strong empirical performance through extensive simulations and a real-LM study, highlighting robustness to model differences and limited watermark data. A key practical takeaway is the impossibility of reliable detection without watermarking, underscoring the method's relevance for copyright and privacy protection in generative AI systems.

Abstract

Large Language Models (LLMs) are rapidly gaining enormous popularity in recent years. However, the training of LLMs has raised significant privacy and legal concerns, particularly regarding the distillation and inclusion of copyrighted materials in their training data without proper attribution or licensing, an issue that falls under the broader concern of data misappropriation. In this article, we focus on a specific problem of data misappropriation detection, namely, to determine whether a given LLM has incorporated the data generated by another LLM. We propose embedding watermarks into the copyrighted training data and formulating the detection of data misappropriation as a hypothesis testing problem. We develop a general statistical testing framework, construct test statistics, determine optimal rejection thresholds, and explicitly control type I and type II errors. Furthermore, we establish the asymptotic optimality properties of the proposed tests, and demonstrate the empirical effectiveness through intensive numerical experiments.

A Statistical Hypothesis Testing Framework for Data Misappropriation Detection in Large Language Models

TL;DR

This work formalizes data misappropriation detection in large language models as a hypothesis-testing problem augmented by watermarking. It develops a general minimax framework that links token outputs to secret-watermark keys, accommodating complete and partial inheritance, and derives optimal test statistics and rejection thresholds for two representative watermark schemes (Gumbel-max and red-green-list). The authors establish asymptotic optimality guarantees and demonstrate strong empirical performance through extensive simulations and a real-LM study, highlighting robustness to model differences and limited watermark data. A key practical takeaway is the impossibility of reliable detection without watermarking, underscoring the method's relevance for copyright and privacy protection in generative AI systems.

Abstract

Large Language Models (LLMs) are rapidly gaining enormous popularity in recent years. However, the training of LLMs has raised significant privacy and legal concerns, particularly regarding the distillation and inclusion of copyrighted materials in their training data without proper attribution or licensing, an issue that falls under the broader concern of data misappropriation. In this article, we focus on a specific problem of data misappropriation detection, namely, to determine whether a given LLM has incorporated the data generated by another LLM. We propose embedding watermarks into the copyrighted training data and formulating the detection of data misappropriation as a hypothesis testing problem. We develop a general statistical testing framework, construct test statistics, determine optimal rejection thresholds, and explicitly control type I and type II errors. Furthermore, we establish the asymptotic optimality properties of the proposed tests, and demonstrate the empirical effectiveness through intensive numerical experiments.
Paper Structure (41 sections, 25 theorems, 138 equations, 9 figures)

This paper contains 41 sections, 25 theorems, 138 equations, 9 figures.

Table of Contents

  1. Introduction
  2. Problem Setup
  3. A Statistical Hypothesis Testing Framework
  4. Hypotheses and test statistics
  5. Rejection threshold
  6. Analysis of Gumbel-max Watermark
  7. Feature matrix
  8. Complete inheritance
  9. Partial inheritance
  10. Analysis of Red-green-list Watermark
  11. Feature matrix
  12. Complete inheritance
  13. Partial inheritance
  14. Simulation Studies
  15. Gumbel-max watermark
  16. ...and 26 more sections

Key Result

Theorem 1

(Hypothesis testing as minimax optimization, fixed type I error).

Figures (9)

  • Figure 1: Average type I and type II errors versus text length for the Gumbel-max watermark under the setting of fixed type I error, where $\Delta=0.005$ and $\theta = \{0.7, 0.8, 0.9, 0.95\}$.
  • Figure 2: Average sum of type I and type II errors versus text length for the Gumbel-max watermark under the setting of minimizing the sum of type I and type II errors, where $\Delta=0.005$ and $\theta=0.8$.
  • Figure 3: Average type I and type II errors versus text length for the red-green-list watermark under the setting of fixed type I error, where $\theta^*=0.8$ and $\theta = \{0.7, 0.8, 0.9, 0.95\}$.
  • Figure 4: Average sum of type I and type II errors versus text length for the red-green-list watermark under the setting of minimizing the sum of type I and type II errors, where $\theta^*=0.8$ and $\theta = \{0.7, 0.8, 0.9, 0.95\}$.
  • Figure 5: Average type I error, type II error, and sum of type I and type II errors for the real LLM study.
  • ...and 4 more figures

Theorems & Definitions (34)

  • Definition 1: Complete inheritance
  • Definition 2: Partial inheritance
  • Definition 3
  • Theorem 1
  • Theorem 2
  • Proposition 1
  • Theorem 3
  • Theorem 4
  • Theorem 5
  • Theorem 6
  • ...and 24 more