Data contamination, i.e., the presence of test data from downstream tasks in the training data of large language models (LLMs), is a potential major issue in measuring LLMs' real effectiveness on other tasks. We propose a straightforward yet effective method for identifying data contamination within LLMs. At its core, our approach starts by identifying potential contamination at the instance level; using this information, our approach then assesses wider contamination at the partition level. To estimate contamination of individual instances, we employ "guided instruction:" a prompt consisting of the dataset name, partition type, and the random-length initial segment of a reference instance, asking the LLM to complete it. An instance is flagged as contaminated if the LLM's output either exactly or nearly matches the latter segment of the reference. To understand if an entire partition is contaminated, we propose two ideas. The first idea marks a dataset partition as contaminated if the average overlap score with the reference instances (as measured by ROUGE-L or BLEURT) is statistically significantly better with the completions from guided instruction compared to a "general instruction" that does not include the dataset and partition name. The second idea marks a dataset partition as contaminated if a classifier based on GPT-4 with few-shot in-context learning prompt marks multiple generated completions as exact/near-exact matches of the corresponding reference instances. Our best method achieves an accuracy between 92% and 100% in detecting if an LLM is contaminated with seven datasets, containing train and test/validation partitions, when contrasted with manual evaluation by human experts. Further, our findings indicate that GPT-4 is contaminated with AG News, WNLI, and XSum datasets.

翻译：数据污染，即下游任务的测试数据出现在大型语言模型（LLM）的训练数据中，是评估LLM在其他任务上真实有效性的潜在主要问题。我们提出了一种简单而有效的方法来识别LLM中的数据污染。其核心在于，我们的方法首先在实例层面识别潜在污染；利用这些信息，接着在分区层面评估更广泛的污染。为估计单个实例的污染程度，我们采用“引导指令”：由数据集名称、分区类型和参考实例随机长度的初始片段组成的提示，要求LLM完成该片段。若LLM的输出与参考实例的后续片段完全或几乎匹配，则该实例被标记为受污染。为判断整个分区是否受污染，我们提出两种思路。第一种思路是，若与未包含数据集和分区名称的“通用指令”相比，引导指令下完成的内容与参考实例的平均重叠分数（通过ROUGE-L或BLEURT衡量）在统计上显著更优，则将该数据集分区标记为受污染。第二种思路是，若基于GPT-4的少样本上下文学习提示的分类器将多个生成的完成内容标记为对应参考实例的精确/近似匹配，则将该数据集分区标记为受污染。我们的最佳方法在检测LLM是否受七个数据集（包含训练集和测试/验证集）污染时，与人类专家手动评估相比，准确率达到92%至100%。此外，我们的发现表明GPT-4受到AG News、WNLI和XSum数据集污染。