Large language models (LLMs) have been proven capable of memorizing their training data, which can be extracted through specifically designed prompts. As the scale of datasets continues to grow, privacy risks arising from memorization have attracted increasing attention. Quantifying language model memorization helps evaluate potential privacy risks. However, prior works on quantifying memorization require access to the precise original data or incur substantial computational overhead, making it difficult for applications in real-world language models. To this end, we propose a fine-grained, entity-level definition to quantify memorization with conditions and metrics closer to real-world scenarios. In addition, we also present an approach for efficiently extracting sensitive entities from autoregressive language models. We conduct extensive experiments based on the proposed, probing language models' ability to reconstruct sensitive entities under different settings. We find that language models have strong memorization at the entity level and are able to reproduce the training data even with partial leakages. The results demonstrate that LLMs not only memorize their training data but also understand associations between entities. These findings necessitate that trainers of LLMs exercise greater prudence regarding model memorization, adopting memorization mitigation techniques to preclude privacy violations.

翻译：大型语言模型已被证明能够记忆其训练数据，这些数据可以通过特定设计的提示被提取出来。随着数据集规模的持续增长，由记忆引发的隐私风险日益受到关注。量化语言模型的记忆有助于评估潜在的隐私风险。然而，以往关于记忆量化的研究需要访问精确的原始数据，或产生巨大的计算开销，因此难以应用于现实世界的语言模型。为此，我们提出了一种细粒度的实体级定义，在更贴近现实场景的条件下通过指标量化记忆。此外，我们还提出了一种从自回归语言模型中高效提取敏感实体的方法。基于此定义，我们开展了广泛的实验，探究语言模型在不同设置下重建敏感实体的能力。研究发现，语言模型在实体层面具有强大的记忆能力，即使仅有部分信息泄露也能复现训练数据。结果表明，大型语言模型不仅记忆训练数据，还能理解实体之间的关联。这些发现要求语言模型的训练者更加审慎地对待模型记忆问题，并采用记忆缓解技术以防止隐私侵犯。