content

app.py

@@ -24,7 +24,20 @@ def update_csv_dropdown(model_name):
     return gr.Dropdown(choices=df['target_str'].tolist(), interactive=True)
 
 with gr.Blocks() as demo:
-    gr.Markdown("<h1><center>Model Memorization Checker</center></h1>")
+    gr.Markdown(
+        """
+        # Rethinking LLM Memorization through the Lens of Adversarial Compression
+
+        Authors: Avi Schwarzschild\*, Zhili Feng\*, Pratyush Maini\*, Zack Lipton, Zico Kolter
+
+        ## Abstract
+
+        Large language models (LLMs) trained on web-scale datasets raise substantial concerns regarding permissible data usage. One major questions is whether these models "memorize" all their training data; or is their integration of many data sources more akin to how a human would learn and synthesize information? The answer hinges, to a large degree, on how we define memorization. In this work, we propose the Adversarial Compression Ratio (ACR) as a metric for assessing memorization in LLMs—a given string from the training data is considered memorized if it can be elicited by a prompt shorter than the string itself. In other words, these strings can be "compressed" with the model by computing adversarial prompts of fewer tokens. We outline the limitations of existing notions of memorization and show how the ACR overcomes these challenges by (i) offering an adversarial view to measuring memorization, especially for monitoring unlearning and compliance; and (ii) allowing for the flexibility to measure memorization for arbitrary strings at a reasonably low compute. Our definition serves as a valuable and practical tool for determining when model owners may be violating terms around data usage, providing a potential legal tool and a critical lens through which to address such scenarios.
+       
+        ## Play with the Demo
+        Below, we provide an interactive demo to explore the ACR metric for different models and target strings. The demo allows you to select a model and a target string, and then calculates the number of adversarial tokens, the optimal prompt, the adversarial compression ratio, and whether the target string is memorized by the model.
+        """
+    )
 
     with gr.Row():
         model_dropdown = gr.Dropdown(choices=MODELS, label="Select Model")
@@ -46,4 +59,51 @@ with gr.Blocks() as demo:
 
     run_button.click(fn=run_check, inputs=[model_dropdown, csv_dropdown], outputs=[num_free_tokens_output, target_length_output, optimal_prompt_output, ratio_output, memorized_output])
 
+    gr.Markdown(
+        """
+        ## Understanding ACR
+        Below, we provide a high-level overview of the steps involved in calculating the Adversarial Compression Ratio (ACR) for a given target string. The ACR is calculated as the ratio of the number of tokens in the optimal prompt to the number of tokens in the target string. A lower ACR indicates that the target string is more likely to be memorized by the model.
+        """
+    )
+
+    with gr.Row():
+        gr.Image("figures/ACR.png", label="Calculating ACR")
+
+    gr.Markdown(
+        """
+        ## Rethinking Copyright Law with ACR
+        Past definitions of memorization have been limited in their ability to capture the nuances of copyright when it comes to LLMs. Some methods considered "exact regurgitation" as memorization, while others have considered merely "training membership" as memorization. The ACR metric offers a new perspective on memorization, allowing for a balanced and calibrated view of memorization that can be used to monitor compliance with data usage terms. 
+        """
+    )
+    with gr.Row(): 
+        gr.Image("figures/judge.png", label="Legal View")
+    gr.Markdown(
+        """
+        ## Sanity Checks
+        We consider two sanity checks to ensure that the ACR metric is robust and reliable. 1. First, we evaluate the ACR metric on various kinds of strings, such as fampus quotes, strings from the training data, unseen news articles from 2024 and random strings. We see a monotonic decrease in the ACR along these types.
+        2. Second, we evaluate the ACR metric on larger models to ensure that the metric scales well with model size. We see that the ACR increases as the model size increases, indicating that larger models are more likely to memorize strings.
+        """
+    )
+    with gr.Row(): 
+        gr.Image("figures/sanity.png", label="Sanity Checks")
+        gr.Image("figures/bigger.png", label="Bigger Models")
+    
+        
+
+    gr.Markdown(
+        """
+        ## Citation
+        If you find this work useful, please consider citing our paper:
+
+        ```bibtex
+        @article{schwarzschild2023rethinking,
+          title={Rethinking LLM Memorization through the Lens of Adversarial Compression},
+          author={Schwarzschild, Avi and Feng, Zhili and Maini, Pratyush and Lipton, Zack and Kolter, Zico},
+          journal={arXiv preprint},
+          year={2024}
+        }
+        ```
+        """
+    )
+
 demo.launch(debug=True, show_error=True)