Watermarking Training Data of Music Generation Models

no code implementations • 11 Dec 2024 • Pascal Epple, Igor Shilov, Bozhidar Stevanoski, Yves-Alexandre de Montjoye

We study factors that impact the model's generation behaviour: the watermarking technique, the proportion of watermarked samples in the training set, and the robustness of the watermarking technique against the model's tokenizer.

Music Generation

Free Record-Level Privacy Risk Evaluation Through Artifact-Based Methods

1 code implementation • 8 Nov 2024 • Joseph Pollock, Igor Shilov, Euodia Dodd, Yves-Alexandre de Montjoye

Membership inference attacks (MIAs) are widely used to empirically assess privacy risks in machine learning models, both providing model-level vulnerability metrics and identifying the most vulnerable training samples.

SoK: Membership Inference Attacks on LLMs are Rushing Nowhere (and How to Fix It)

1 code implementation • 25 Jun 2024 • Matthieu Meeus, Igor Shilov, Shubham Jain, Manuel Faysse, Marek Rei, Yves-Alexandre de Montjoye

We then quantify distribution shifts present in 6 datasets used in the literature using a model-less bag of word classifier and show that all datasets constructed post-hoc suffer from strong distribution shifts.

Benchmarking Experimental Design +1

Certification for Differentially Private Prediction in Gradient-Based Training

1 code implementation • 19 Jun 2024 • Matthew Wicker, Philip Sosnin, Igor Shilov, Adrianna Janik, Mark N. Müller, Yves-Alexandre de Montjoye, Adrian Weller, Calvin Tsay

Differential privacy upper-bounds the information leakage of machine learning models, yet providing meaningful privacy guarantees has proven to be challenging in practice.

Image Classification Medical Image Classification +1

Mosaic Memory: Fuzzy Duplication in Copyright Traps for Large Language Models

no code implementations • 24 May 2024 • Igor Shilov, Matthieu Meeus, Yves-Alexandre de Montjoye

This introduces a previously unexplored confounding factor in post-hoc studies of LLM memorization, and questions the effectiveness of (exact) data deduplication as a privacy protection technique.

Inference Attack Membership Inference Attack +1

Copyright Traps for Large Language Models

1 code implementation • 14 Feb 2024 • Matthieu Meeus, Igor Shilov, Manuel Faysse, Yves-Alexandre de Montjoye

We here propose to use copyright traps, the inclusion of fictitious entries in original content, to detect the use of copyrighted materials in LLMs with a focus on models where memorization does not naturally occur.

Memorization

Defending against Reconstruction Attacks with Rényi Differential Privacy

no code implementations • 15 Feb 2022 • Pierre Stock, Igor Shilov, Ilya Mironov, Alexandre Sablayrolles

Reconstruction attacks allow an adversary to regenerate data samples of the training set using access to only a trained model.

Opacus: User-Friendly Differential Privacy Library in PyTorch

3 code implementations • 25 Sep 2021 • Ashkan Yousefpour, Igor Shilov, Alexandre Sablayrolles, Davide Testuggine, Karthik Prasad, Mani Malek, John Nguyen, Sayan Ghosh, Akash Bharadwaj, Jessica Zhao, Graham Cormode, Ilya Mironov

We introduce Opacus, a free, open-source PyTorch library for training deep learning models with differential privacy (hosted at opacus. ai).

Antipodes of Label Differential Privacy: PATE and ALIBI

1 code implementation • NeurIPS 2021 • Mani Malek, Ilya Mironov, Karthik Prasad, Igor Shilov, Florian Tramèr

We propose two novel approaches based on, respectively, the Laplace mechanism and the PATE framework, and demonstrate their effectiveness on standard benchmarks.

Bayesian Inference Memorization +2