Saved in:
Bibliographic Details
Main Authors: Janicki, Juliusz, Chamezopoulos, Savvas, Kanoulas, Evangelos, Tsatsaronis, Georgios
Format: Preprint
Published: 2026
Subjects:
Online Access:https://arxiv.org/abs/2604.19561
Tags: Add Tag
No Tags, Be the first to tag this record!
_version_ 1866908984066179072
author Janicki, Juliusz
Chamezopoulos, Savvas
Kanoulas, Evangelos
Tsatsaronis, Georgios
author_facet Janicki, Juliusz
Chamezopoulos, Savvas
Kanoulas, Evangelos
Tsatsaronis, Georgios
contents Large Language Models (LLMs) utilize large amounts of data for their training, some of which may come from copyrighted sources. Membership Inference Attacks (MIA) aim to detect those documents and whether they have been included in the training corpora of the LLMs. The black-box MIAs require a significant amount of data manipulation; therefore, their comparison is often challenging. We study state-of-the-art (SOTA) MIAs under the black-box assumptions and compare them to each other using a unified set of datasets to determine if any of them can reliably detect membership under SOTA LLMs. In addition, a new method, called the Familiarity Ranking, was developed to showcase a possible approach to black-box MIAs, thereby giving LLMs more freedom in their expression to understand their reasoning better. The results indicate that none of the methods are capable of reliably detecting membership in LLMs, as shown by an AUC-ROC of approximately 0.5 for all methods across several LLMs. The higher TPR and FPR for more advanced LLMs indicate higher reasoning and generalizing capabilities, showcasing the difficulty of detecting membership in LLMs using black-box MIAs.
format Preprint
id arxiv_https___arxiv_org_abs_2604_19561
institution arXiv
publishDate 2026
record_format arxiv
spellingShingle Detecting Data Contamination in Large Language Models
Janicki, Juliusz
Chamezopoulos, Savvas
Kanoulas, Evangelos
Tsatsaronis, Georgios
Artificial Intelligence
Large Language Models (LLMs) utilize large amounts of data for their training, some of which may come from copyrighted sources. Membership Inference Attacks (MIA) aim to detect those documents and whether they have been included in the training corpora of the LLMs. The black-box MIAs require a significant amount of data manipulation; therefore, their comparison is often challenging. We study state-of-the-art (SOTA) MIAs under the black-box assumptions and compare them to each other using a unified set of datasets to determine if any of them can reliably detect membership under SOTA LLMs. In addition, a new method, called the Familiarity Ranking, was developed to showcase a possible approach to black-box MIAs, thereby giving LLMs more freedom in their expression to understand their reasoning better. The results indicate that none of the methods are capable of reliably detecting membership in LLMs, as shown by an AUC-ROC of approximately 0.5 for all methods across several LLMs. The higher TPR and FPR for more advanced LLMs indicate higher reasoning and generalizing capabilities, showcasing the difficulty of detecting membership in LLMs using black-box MIAs.
title Detecting Data Contamination in Large Language Models
topic Artificial Intelligence
url https://arxiv.org/abs/2604.19561