Membership Inference Attacks against Large Vision-Language Models
About
Large vision-language models (VLLMs) exhibit promising capabilities for processing multi-modal tasks across various application scenarios. However, their emergence also raises significant data security concerns, given the potential inclusion of sensitive information, such as private photos and medical records, in their training datasets. Detecting inappropriately used data in VLLMs remains a critical and unresolved issue, mainly due to the lack of standardized datasets and suitable methodologies. In this study, we introduce the first membership inference attack (MIA) benchmark tailored for various VLLMs to facilitate training data detection. Then, we propose a novel MIA pipeline specifically designed for token-level image detection. Lastly, we present a new metric called MaxR\'enyi-K%, which is based on the confidence of the model output and applies to both text and image data. We believe that our work can deepen the understanding and methodology of MIAs in the context of VLLMs. Our code and datasets are available at https://github.com/LIONS-EPFL/VL-MIA.
Related benchmarks
| Task | Dataset | Result | Rank | |
|---|---|---|---|---|
| Image Membership Inference Attack | VL-MIA Flickr (test) | AUC0.937 | 149 | |
| Membership Inference Attack | Flickr | TPR @ 5% FPR23 | 142 | |
| Membership Inference | VL-MIA DALL·E | AUROC86.5 | 120 | |
| Text Membership Inference Attack | LLaVA LLM Pre-training | AUC0.688 | 88 | |
| Membership Inference Attack | Flickr | Accuracy67.5 | 71 | |
| Membership Inference Attack | DALL·E (test) | TPR @ 5% FPR22.3 | 54 | |
| Membership Inference Attack | VL-MIA Flickr 2k | AUC0.668 | 45 | |
| Membership Inference Attack | VL-MIA Flickr-10k | AUC0.676 | 45 | |
| Membership Inference Attack | VL-MIA Flickr v1 (test) | AUC0.627 | 45 | |
| Text Membership Inference Attack | LLaVA VLLM Tuning | AUC0.993 | 44 |