To address unintended memorization of private or copyrighted content in large language model (LLM) pretraining data, this paper proposes KeyMIA, a keyword-driven membership inference attack. KeyMIA is the first method to incorporate semantic-aware keyword importance modeling into the membership inference framework. It operates in two stages: semantic-sensitive keyword tagging and fine-grained discrimination via average log-likelihood scoring (Tabbing), thereby enabling word-level data provenance—surpassing conventional token-level probability statistics. Technically, it integrates NLP keyword extraction, LLM probability output parsing, and statistical analysis. Evaluated on three benchmarks—BookMIA, MIMIR, and The Pile—KeyMIA achieves AUC improvements of 4.1–12.1% over state-of-the-art methods, significantly enhancing both interpretability and accuracy in detecting data leakage.

Large language models (LLMs) have become essential digital task assistance tools. Their training relies heavily on the collection of vast amounts of data, which may include copyright-protected or sensitive information. Recent studies on the detection of pretraining data in LLMs have primarily focused on sentence-level or paragraph-level membership inference attacks (MIAs), usually involving probability analysis of the target model prediction tokens. However, the proposed methods often demonstrate poor performance, specifically in terms of accuracy, failing to account for the semantic importance of textual content and word significance. To address these shortcomings, we propose Tag&Tab, a novel approach for detecting data that has been used as part of the LLM pretraining. Our method leverages advanced natural language processing (NLP) techniques to tag keywords in the input text - a process we term Tagging. Then, the LLM is used to obtain the probabilities of these keywords and calculate their average log-likelihood to determine input text membership, a process we refer to as Tabbing. Our experiments on three benchmark datasets (BookMIA, MIMIR, and the Pile) and several open-source LLMs of varying sizes demonstrate an average increase in the AUC scores ranging from 4.1% to 12.1% over state-of-the-art methods. Tag&Tab not only sets a new standard for data leakage detection in LLMs, but its outstanding performance is a testament to the importance of words in MIAs on LLMs.