详细信息
- 来源站点
- ArXiv CS.AI
- 作者
- Meng Tong, Yuntao Du, Kejiang Chen, Weiming Zhang, Ninghui Li
- 文章类型
- NEWS
- 语言
- en
- 发布日期
- 2026-05-26
摘要
arXiv:2510.05699v4 Announce Type: replace-cross Abstract: Membership inference attacks (MIAs) are widely used to assess the privacy risks associated with machine learning models. However, when these attacks are applied to pre-trained large language models (LLMs), they encounter significant challenges, including mislabeled samples, distribution shifts, and discrepancies in model size between experimental and real-world settings. To address these limitations, we introduce tokenizers as a new attack vector for membership inference. Specifically, a tokenizer converts raw text into tokens for LLMs. Unlike full models, tokenizers can be efficiently trained from scratch, thereby avoiding the aforementioned challenges. In addition, the tokenizer's training data is typically representative of the data used to pre-train LLMs. Despite these advantages, the potential of tokenizers as an attack vector remains unexplored.