Logo
ScienceStack
Table of Contents
Fetching ...
Sign In

As If We've Met Before: LLMs Exhibit Certainty in Recognizing Seen Files

Haodong Li, Jingqi Zhang, Xiao Cheng, Peihua Mai, Haoyu Wang, Yan Pang

TL;DR

CopyCheck introduces an uncertainty-based, file-level membership inference framework to detect whether copyrighted materials were used in LLM pretraining. By segmenting files into snippets, leveraging uncertainty signals from multiple estimation methods, and applying unsupervised clustering (e.g., Gaussian Mixture Models), it avoids ground-truth data requirements and empirically tuned thresholds. Across LLaMA, LLaMA2, and GPT-J, CopyCheck achieves approximately 90–92% balanced accuracy and outperforms state-of-the-art approaches by large margins, including robust generalization to unseen data sources like ArxivMIA and black-box API settings. This work demonstrates that uncertainty signals can effectively reveal training-data exposure, enabling practical tools for data provenance and transparency in LLM development.

Abstract

The remarkable language ability of Large Language Models (LLMs) stems from extensive training on vast datasets, often including copyrighted material, which raises serious concerns about unauthorized use. While Membership Inference Attacks (MIAs) offer potential solutions for detecting such violations, existing approaches face critical limitations and challenges due to LLMs' inherent overconfidence, limited access to ground truth training data, and reliance on empirically determined thresholds. We present COPYCHECK, a novel framework that leverages uncertainty signals to detect whether copyrighted content was used in LLM training sets. Our method turns LLM overconfidence from a limitation into an asset by capturing uncertainty patterns that reliably distinguish between ``seen" (training data) and ``unseen" (non-training data) content. COPYCHECK further implements a two-fold strategy: (1) strategic segmentation of files into smaller snippets to reduce dependence on large-scale training data, and (2) uncertainty-guided unsupervised clustering to eliminate the need for empirically tuned thresholds. Experiment results show that COPYCHECK achieves an average balanced accuracy of 90.1% on LLaMA 7b and 91.6% on LLaMA2 7b in detecting seen files. Compared to the SOTA baseline, COPYCHECK achieves over 90% relative improvement, reaching up to 93.8\% balanced accuracy. It further exhibits strong generalizability across architectures, maintaining high performance on GPT-J 6B. This work presents the first application of uncertainty for copyright detection in LLMs, offering practical tools for training data transparency.

As If We've Met Before: LLMs Exhibit Certainty in Recognizing Seen Files

TL;DR

CopyCheck introduces an uncertainty-based, file-level membership inference framework to detect whether copyrighted materials were used in LLM pretraining. By segmenting files into snippets, leveraging uncertainty signals from multiple estimation methods, and applying unsupervised clustering (e.g., Gaussian Mixture Models), it avoids ground-truth data requirements and empirically tuned thresholds. Across LLaMA, LLaMA2, and GPT-J, CopyCheck achieves approximately 90–92% balanced accuracy and outperforms state-of-the-art approaches by large margins, including robust generalization to unseen data sources like ArxivMIA and black-box API settings. This work demonstrates that uncertainty signals can effectively reveal training-data exposure, enabling practical tools for data provenance and transparency in LLM development.

Abstract

The remarkable language ability of Large Language Models (LLMs) stems from extensive training on vast datasets, often including copyrighted material, which raises serious concerns about unauthorized use. While Membership Inference Attacks (MIAs) offer potential solutions for detecting such violations, existing approaches face critical limitations and challenges due to LLMs' inherent overconfidence, limited access to ground truth training data, and reliance on empirically determined thresholds. We present COPYCHECK, a novel framework that leverages uncertainty signals to detect whether copyrighted content was used in LLM training sets. Our method turns LLM overconfidence from a limitation into an asset by capturing uncertainty patterns that reliably distinguish between ``seen" (training data) and ``unseen" (non-training data) content. COPYCHECK further implements a two-fold strategy: (1) strategic segmentation of files into smaller snippets to reduce dependence on large-scale training data, and (2) uncertainty-guided unsupervised clustering to eliminate the need for empirically tuned thresholds. Experiment results show that COPYCHECK achieves an average balanced accuracy of 90.1% on LLaMA 7b and 91.6% on LLaMA2 7b in detecting seen files. Compared to the SOTA baseline, COPYCHECK achieves over 90% relative improvement, reaching up to 93.8\% balanced accuracy. It further exhibits strong generalizability across architectures, maintaining high performance on GPT-J 6B. This work presents the first application of uncertainty for copyright detection in LLMs, offering practical tools for training data transparency.

Paper Structure

This paper contains 33 sections, 16 equations, 2 figures, 6 tables.

Table of Contents

  1. Introduction
  2. Background and Related Work
  3. Membership Inference Attacks on LLMs
  4. Uncertainty Estimation in LLMs
  5. Uncertainty Applications in LLMs: An Empirical Analysis
  6. Problem Modeling
  7. Empirical Analysis Setup
  8. Dataset
  9. Uncertainty Estimation and Quantification
  10. Results Analysis
  11. Overview of CopyCheck
  12. Uncertainty Estimation for LLMs
  13. Dataset Construction.
  14. Uncertainty Estimation Methods
  15. Uncertainty Metrics Quantification
  16. ...and 18 more sections

Figures (2)

  • Figure 1: Violin plots of aleatoric uncertainty across different uncertainty estimation methods (BLoB, MCD, and Ensemble), varying numbers of unseen books $N_\text{unseen} \in \{10, 20, 30, 40\}$, and fine-tuning epochs ($1$, $2$, and $3$), for seen (blue) and unseen (red) snippets in the Suspected Seen Dataset.
  • Figure 2: Framework of CopyCheck. This framework contains three main phases, namely, ① Uncertainty Estimation for LLMs, ② Uncertainty Metrics Quantification, and ③ Seen File Detection. Gray represents files and snippets suspected to have been seen by the target LLM, red represents those that have been seen, and blue represents those that have not been seen.