ProPILE: Probing Privacy Leakage in Large Language Models
Authors: Siwon Kim, Sangdoo Yun, Hwaran Lee, Martin Gubri, Sungroh Yoon, Seong Joon Oh
NeurIPS 2023 | Conference PDF | Archive PDF | Plain Text | LLM Run Details
| Reproducibility Variable | Result | LLM Response |
|---|---|---|
| Research Type | Experimental | Our experiments on the Open Pre-trained Transformers (OPT) [35] trained on the Pile dataset [10] confirm the following. 1) A significant portion of the diverse types of PII included in the training data can be disclosed through strategically crafted prompts. 2) By refining the prompt, having access to model parameters, and utilizing a few hundred training data points for the LLM, the degree of PII leakage can be significantly magnified. |
| Researcher Affiliation | Collaboration | Siwon Kim1, Sangdoo Yun3 Hwaran Lee3 Martin Gubri4,5 Sungroh Yoon1,2, Seong Joon Oh5,6, 1 Department of Electrical and Computer Engineering, Seoul National University 2 Interdisciplinary Program in Artificial Intelligence, Seoul National University 3 NAVER AI Lab 4 University of Luxembourg 5 Parameter Lab 6 Tübingen AI Center, University of Tübingen |
| Pseudocode | No | The paper does not contain structured pseudocode or algorithm blocks (clearly labeled algorithm sections or code-like formatted procedures). |
| Open Source Code | No | The paper provides a link to a demo: 'The demo can be found here: https://parameterlab.de/research/propile', but does not provide a concrete access link to the source code for the methodology described in the paper. |
| Open Datasets | Yes | To meet these criteria, we opted to utilize the OPT with 1.3 billion hyperparameters (OPT-1.3B) [35] and corresponding tokenizer released by Hugging Face [33]2 as our target LLM for probing. ... an evaluation dataset was collected from the Pile dataset, which is an 825GB English dataset included in OPT training data [10]. |
| Dataset Splits | No | The paper describes using '128 quadruplet data that are not included in the evaluation dataset' for training soft prompts and measuring results 'on the evaluation dataset' (10,000 data subjects), implying a train/test split. However, it does not explicitly specify a separate validation dataset split with percentages or counts for general model training or hyperparameter tuning. |
| Hardware Specification | No | The paper does not provide specific hardware details (exact GPU/CPU models, processor types with speeds, memory amounts, or detailed computer specifications) used for running its experiments. |
| Software Dependencies | No | The paper mentions using 'OPT with 1.3 billion hyperparameters (OPT-1.3B) [35] and corresponding tokenizer released by Hugging Face [33]' and a 'question-answering model based on RoBERTa3', but does not provide specific version numbers for these software dependencies or other libraries used in the experiments. |
| Experiment Setup | Yes | Subsequently, the generation is done using beam search with a beam size of 3. We train 20 embedding vectors for the soft prompts by appending them ahead of a single prompt to generate the target phone number; We use additional 128 quadruplet data that are not included in the evaluation dataset. |