add ReCaLL attack #26
Conversation
mimir/config.py
Outdated
| @@ -174,6 +174,8 @@ class ExperimentConfig(Serializable): | |||
| """Chunk size""" | |||
| scoring_model_name: Optional[str] = None | |||
| """Scoring model (if different from base model)""" | |||
| recall_num_shots: Optional[int] = 1 | |||
There was a problem hiding this comment.
Can you create a separate class for Configuration (just like we have a separate NeighborhoodConfig for neighborhood attack) for this instead of adding it directly to the ExperimentConfig?
run.py
Outdated
| nonmember_prefix = kwargs.get("nonmember_prefix", None) | ||
| if AllAttacks.RECALL in attackers_dict.keys(): | ||
| if nonmember_prefix is None: | ||
| raise ValueError("Must include a prefix for ReCaLL attack") |
There was a problem hiding this comment.
Do we want this condition? nonmember_prefix only needs to be present for the recall attack, not all attacks? If someone runs a config with multiple attacks including recall, must all attack function-calls include the nonmember-prefix?
| @@ -515,6 +526,21 @@ def main(config: ExperimentConfig): | |||
| mask_model_tokenizer=mask_model.tokenizer if mask_model else None, | |||
| ) | |||
|
|
|||
| #* ReCaLL Specific | |||
| if AllAttacks.RECALL in config.blackbox_attacks: | |||
There was a problem hiding this comment.
If the config has multiple attacks, data_member and data_nonmember should not be modified like this for all attacks, but right now they will modify raw data before running any attack
|
Hey @austinbrown5 - great work, and thanks for the PR! I left some minor comments, but apart from those the code change looks good to me and I can merge the PR once you've had a look at them. |
|
Hey @iamgroot42- thanks for reviewing our PR. We made some changes according to the comments you made. Let us know if everything looks good now. Thanks so much! |
|
Thanks, @austinbrown5 ! |
Hi @iamgroot42,
In this pull request we introduce ReCaLL into the unified benchmark as defined here
Overview
ReCaLL is a novel membership inference attack (MIA) method designed to detect pretraining data in large language models (LLMs). It leverages the conditional language modeling capabilities of LLMs to identify whether a given piece of text was part of the model's training data
Files Changed
readme.md: added ReCaLL to list of attacks.configs/recall.json: added config file to run ReCaLL on its own.mimir/attacks/all_attacks.py: added ReCaLL to list of attacks.mimir/attacks/recall.py: implemented ReCaLL attack.mimir/attacks/utils.py: added ReCaLL to attacker mapping .mimir/config.py: added support for recall_num_shots, to allow ReCaLL to be run with more than one shot.run.py: added necessary support to allow ReCaLL to run as well as verify it is being run correctlyImplementation Details
Please review the changes and let me know if any modifications or additional information is needed.
Thanks so much! 🙌