TS-RaMIA

First Membership Inference Attack on Music Models

Revealing privacy risks in music generation through transcription structure analysis

🎵 Music AI 🔓 Privacy Risk 🏆 First MIA
Explore the Attack →

Scroll to explore

The Privacy Problem

Can AI Music Models Remember Training Data?

Music generation models learn from thousands of compositions. But can we tell if a specific piece was in the training set?

Why This Matters:

  • 🎼 Copyright protection for composers
  • 📜 Compliance with data usage agreements
  • 🔒 Privacy risks in music AI systems
  • ⚖️ Legal implications for AI training
14.6%
TPR @ 1% FPR
0.826
AUC Score

Interactive Example

Hover over samples to see if they're training data

🎹
Bach Prelude
Training Sample
🎵
Chopin Nocturne
Non-Training
🎼
Mozart Sonata
Training Sample
🎹
Beethoven Symphony
Non-Training

Our Approach

A three-step attack leveraging structural tokens in music notation

1

Structural Token Identification

Extract structure-revealing tokens from ABC notation (bars, time signatures, key signatures)

X:1 | C E G | C M:4/4 K:Cmaj |
Structural Tokens Note Tokens
2

Top-k Tail Scoring

Focus on the hardest-to-predict tokens (Top-64) which reveal memorization

Higher scores = Harder to predict = More likely memorized
3

Multi-Temperature Fusion

Combine scores across different temperatures (0.8, 1.0, 1.2, 1.5) for robust detection

Final Score = Fusion(ScoreT=0.8, ScoreT=1.0, ScoreT=1.2, ScoreT=1.5)

Try It Yourself

See the attack in action on real music samples

Select a Sample

Attack Process

🔍
Analyzing Tokens...
📊
Computing Scores...
🎯
Selecting Top-64...
🔥
Fusing Results...

Attack Result

Select a sample and click "Run Attack" to see results

Performance Results

Our method significantly outperforms baseline approaches

📊

Baseline

0.000
AUC
TPR@1%FPR 0.00%
TPR@5%FPR 0.00%
🎯

StructTail-64

0.000
AUC
TPR@1%FPR 0.00%
TPR@5%FPR 0.00%
🚀

StructTail+Fusion

0.000
AUC
TPR@1%FPR 0.00%
TPR@5%FPR 0.00%

ROC Curve Comparison

Resources & Impact

Real-World Applications

🎵

Music Copyright Protection

Detect if copyrighted music was used in model training

📋

Training Data Audit

Verify compliance with data usage agreements

🔒

Model Privacy Assessment

Evaluate privacy risks before deployment

Code & Paper

💻
GitHub Repository
Full implementation and documentation
📄
Research Paper
Technical details and analysis

Citation

@article{ts-ramia2025,
  title={TS-RaMIA: Membership Inference Attacks 
         for Symbolic Music Generation Models},
  author={Yuxuan Liu},
  year={2025}
}

Team

Research conducted at Xi'an Jiaotong-Liverpool University

Contact Us