Large language models (LLMs) have been proven capable of memorizing their training data, which can be extracted through specifically designed prompts. As the scale of datasets continues to grow, privacy risks arising from memorization have attracted increasing attention. Quantifying language model memorization helps evaluate potential privacy risks. However, prior works on quantifying memorization require access to the precise original data or incur substantial computational overhead, making it difficult for applications in real-world language models. To this end, we propose a fine-grained, entity-level definition to quantify memorization with conditions and metrics closer to real-world scenarios. In addition, we also present an approach for efficiently extracting sensitive entities from autoregressive language models. We conduct extensive experiments based on the proposed, probing language models' ability to reconstruct sensitive entities under different settings. We find that language models have strong memorization at the entity level and are able to reproduce the training data even with partial leakages. The results demonstrate that LLMs not only memorize their training data but also understand associations between entities. These findings necessitate that trainers of LLMs exercise greater prudence regarding model memorization, adopting memorization mitigation techniques to preclude privacy violations.

翻译：大型语言模型（LLMs）已被证明能够记忆其训练数据，这些数据可以通过精心设计的提示进行提取。随着数据集规模的不断扩大，记忆化引发的隐私风险日益受到关注。量化语言模型的记忆化有助于评估潜在的隐私风险。然而，先前关于记忆化量化的研究需要访问精确的原始数据或产生大量计算开销，这使得它们在现实语言模型中的应用变得困难。为此，我们提出了一种细粒度的实体级定义，以量化更贴近现实场景的条件和指标下的记忆化。此外，我们还提出了一种高效方法，用于从自回归语言模型中提取敏感实体。我们基于所提出的方法进行了大量实验，探究了语言模型在不同设置下重建敏感实体的能力。研究发现，语言模型在实体层面表现出强大的记忆能力，即使在部分泄露的情况下也能重现训练数据。实验结果表明，LLMs不仅记忆训练数据，还能理解实体之间的关联。这些发现要求LLMs的训练者在模型记忆化方面更加审慎，采用记忆缓解技术以防止隐私泄露。