Skip to content

mengtong0110/Tokenizer-MIA

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

18 Commits
downloaded_data
downloaded_data
 
 
infer_results
infer_results
 
 
min_defense
min_defense
 
 
shadow_tokenizer
shadow_tokenizer
 
 
tokenizer_info
tokenizer_info
 
 
trained_tokenizer
trained_tokenizer
 
 
website_data
website_data
 
 
LICENSE
LICENSE
 
 
README.md
README.md
 
 
download_datasets.py
download_datasets.py
 
 
mia_via_compression_rate.py
mia_via_compression_rate.py
 
 
mia_via_frequency_estimation.py
mia_via_frequency_estimation.py
 
 
mia_via_merge_similarity.py
mia_via_merge_similarity.py
 
 
mia_via_naive_bayes.py
mia_via_naive_bayes.py
 
 
mia_via_vocabulary_overlap.py
mia_via_vocabulary_overlap.py
 
 
requirements.txt
requirements.txt
 
 
train_shadow_tokenizer.py
train_shadow_tokenizer.py
 
 
train_target_tokenizer.py
train_target_tokenizer.py
 
 

Repository files navigation

Membership Inference Attacks on Tokenizers of Large Language Models

Code for the Security'26 submission "Membership Inference Attacks on Tokenizers of Large Language Models"

Note that this repo is anonymous and only intended for review purpose only.

Implementation Steps

Step 0. Install Required Packages

First, set up the Python environment and install all required dependencies.

conda create -n MIA python=3.12
conda activate MIA
pip install -r requirements.txt

Step 1. Download Datasets for Evaluation

Next, download the datasets used in our evaluations. These datasets have been collected by Google

python download_datasets.py

Step 2. Train Target Tokenizers

In this step, train the target tokenizers, which serve as the attack targets in MIA experiments.

python train_target_tokenizer.py

Step 3. Train Shadow Tokenizers

Shadow tokenizers are trained to mimic the behavior of the target tokenizer. These are used in the attack phase to help infer membership.

python train_shadow_tokenizer.py

Step 4. Perform Membership Inference Attacks

Now, conduct membership inference attacks using various methods. Each script below implements a different attack method.

python mia_via_compression_rate.py
python mia_via_vocabulary_overlap.py
python mia_via_frequency_estimation.py
python mia_via_merge_similarity.py
python mia_via_naive_bayes.py

All experimental results will be saved in the infer_results folder for further analysis.

Step 5. Min Count Mechanism against MIAs

The code for the min count defense is provided in the 'min_defense' folder. It can be deployed using the following code:

 python min_defense.py

About

[USENIX Security 2026] Membership Inference Attacks on Tokenizers of Large Language Models

Resources

Readme

License

Apache-2.0 license
Activity

Stars

19 stars

Watchers

0 watching

Forks

0 forks
Report repository

Releases

No releases published

Packages

 
 
 

Contributors

Languages