Stumbling Blocks: Stress Testing the Robustness of Machine-Generated Text Detectors Under Attacks

TL;DR

This paper evaluates the robustness of machine-generated text detectors against various attack methods, revealing significant vulnerabilities and proposing initial patches to enhance their resilience.

Contribution

It provides a comprehensive stress test of existing detectors under realistic attack scenarios and offers initial solutions to improve their robustness.

Findings

Detectors' performance drops by 35% under attacks

Almost no detector remains robust against all attack types

Different detectors have unique vulnerabilities

Abstract

The widespread use of large language models (LLMs) is increasing the demand for methods that detect machine-generated text to prevent misuse. The goal of our study is to stress test the detectors' robustness to malicious attacks under realistic scenarios. We comprehensively study the robustness of popular machine-generated text detectors under attacks from diverse categories: editing, paraphrasing, prompting, and co-generating. Our attacks assume limited access to the generator LLMs, and we compare the performance of detectors on different attacks under different budget levels. Our experiments reveal that almost none of the existing detectors remain robust under all the attacks, and all detectors exhibit different loopholes. Averaging all detectors, the performance drops by 35% across all attacks. Further, we investigate the reasons behind these defects and propose initial out-of-the-box patches to improve robustness.