Membership Inference Attacks against Large Vision-Language Models
About
Large vision-language models (VLLMs) exhibit promising capabilities for processing multi-modal tasks across various application scenarios. However, their emergence also raises significant data security concerns, given the potential inclusion of sensitive information, such as private photos and medical records, in their training datasets. Detecting inappropriately used data in VLLMs remains a critical and unresolved issue, mainly due to the lack of standardized datasets and suitable methodologies. In this study, we introduce the first membership inference attack (MIA) benchmark tailored for various VLLMs to facilitate training data detection. Then, we propose a novel MIA pipeline specifically designed for token-level image detection. Lastly, we present a new metric called MaxR\'enyi-K%, which is based on the confidence of the model output and applies to both text and image data. We believe that our work can deepen the understanding and methodology of MIAs in the context of VLLMs. Our code and datasets are available at https://github.com/LIONS-EPFL/VL-MIA.
Related benchmarks
| Task | Dataset | Result | Rank | |
|---|---|---|---|---|
| Membership Inference Attack | Flickr | TPR @ 5% FPR23 | 142 | |
| Text Membership Inference Attack | LLaVA LLM Pre-training | AUC0.688 | 88 | |
| Membership Inference Attack | Flickr | Accuracy67.5 | 71 | |
| Membership Inference Attack | DALL·E (test) | TPR @ 5% FPR22.3 | 54 | |
| Text Membership Inference Attack | LLaVA VLLM Tuning | AUC0.993 | 44 | |
| Membership Inference Attack (TEXTLEN=32) | VL-MIA TEXT | Accuracy62.7 | 33 | |
| Membership Inference Attack | DALL-E | Accuracy66.7 | 26 | |
| Membership Inference Attack | VL-MIA Text LLaMA Adapter TEXTLEN=64 | AUC61.6 | 21 | |
| Membership Inference Attack | VL-MIA Text MiniGPT-4 TEXTLEN=32 | AUC63.7 | 21 | |
| Membership Inference Attack | Flickr (test) | AUC64.6 | 21 |