DoPE: Decoy Oriented Perturbation Encapsulation Human-Readable, AI-Hostile Documents for Academic Integrity

TL;DR

DoPE introduces a novel document-layer defense that embeds semantic decoys into exam documents to prevent and detect AI-based cheating in assessments, leveraging render-parse discrepancies in multimodal LLMs.

Contribution

The paper presents DoPE, a new framework for embedding semantic decoys into exam documents, along with FewSoRT-Q and FewSoRT-D pipelines, to enhance academic integrity against multimodal LLMs.

Findings

Achieves 91.4% detection rate with 8.7% false positives.

Prevents successful AI completion in 96.3% of attempts.

Provides a new benchmark, Integrity-Bench, for evaluating document-layer defenses.

Abstract

Multimodal Large Language Models (MLLMs) can directly consume exam documents, threatening conventional assessments and academic integrity. We present DoPE (Decoy-Oriented Perturbation Encapsulation), a document-layer defense framework that embeds semantic decoys into PDF/HTML assessments to exploit render-parse discrepancies in MLLM pipelines. By instrumenting exams at authoring time, DoPE provides model-agnostic prevention (stop or confound automated solving) and detection (flag blind AI reliance) without relying on conventional one-shot classifiers. We formalize prevention and detection tasks, and introduce FewSoRT-Q, an LLM-guided pipeline that generates question-level semantic decoys and FewSoRT-D to encapsulate them into watermarked documents. We evaluate on Integrity-Bench, a novel benchmark of 1826 exams (PDF+HTML) derived from public QA datasets and OpenCourseWare. Against black-box MLLMs from OpenAI and Anthropic, DoPE yields strong empirical gains: a 91.4% detection rate at an 8.7% false-positive rate using an LLM-as-Judge verifier, and prevents successful completion or induces decoy-aligned failures in 96.3% of attempts. We release Integrity-Bench, our toolkit, and evaluation code to enable reproducible study of document-layer defenses for academic integrity.