Is My Text in Your AI Model? Gradient-based Membership Inference Test applied to LLMs

TL;DR

This work applies a gradient-based Membership Inference Test (gMINT) to language models, aiming to determine whether specific text samples were used in training. By training a 3-layer auditing model on the gradients $∇w$ of the audited LLMs, the approach distinguishes training data $D$ from external data $E$ across seven Transformer models and six NLP datasets, totaling about $2.5$ million sentences. Results show AUC values ranging from $0.70$ to $0.99$, with higher performance when more auditing data or larger models are used, and generally stronger performance in mixed-domain settings. This demonstrates gMINT as a scalable tool for auditing data usage in NLP, supporting transparency, data protection, and ethical deployment of AI systems, while outlining practical limitations and avenues for future work in broader tasks and generative models.

Abstract

This work adapts and studies the gradient-based Membership Inference Test (gMINT) to the classification of text based on LLMs. MINT is a general approach intended to determine if given data was used for training machine learning models, and this work focuses on its application to the domain of Natural Language Processing. Using gradient-based analysis, the MINT model identifies whether particular data samples were included during the language model training phase, addressing growing concerns about data privacy in machine learning. The method was evaluated in seven Transformer-based models and six datasets comprising over 2.5 million sentences, focusing on text classification tasks. Experimental results demonstrate MINTs robustness, achieving AUC scores between 85% and 99%, depending on data size and model architecture. These findings highlight MINTs potential as a scalable and reliable tool for auditing machine learning models, ensuring transparency, safeguarding sensitive data, and fostering ethical compliance in the deployment of AI/NLP technologies.

Figures (7)

• Figure 1: The objective of MINT is to discern whether given data (d) were utilized in the training process of an AI Model (M) trained with a specific database ($\mathcal{D}$).
• Figure 2: The MINT Model $T(\nabla \textbf{w} | \boldsymbol\uptheta)$ is trained to determine whether a given data instance $d$ was part of the training data $\mathcal{D}$ used to develop a Language Model M. The inputs for the MINT Model consist of gradients $\nabla \textbf{w}$, specifically the gradients of the model’s parameters with respect to the data samples $d$.
• Figure 3: ROC curves for the BSLTM model on DBPedia, varying the size of $\mathcal{D}$ and $\mathcal{E}$. (Intra-Database.)
• Figure 4: ROC curves for the XLN model on DBPedia, varying the size of $\mathcal{D}$ and $\mathcal{E}$. (Intra-Database.)
• Figure 5: ROC curves for the BLSTM model on DBPedia, varying the size of $\mathcal{D}$ and $\mathcal{E}$. (Mixed-Database.)