Stumbling Blocks: Stress Testing the Robustness of Machine-Generated Text Detectors Under Attacks
This work addresses the problem of ensuring reliable detection of machine-generated text for preventing misuse, highlighting critical vulnerabilities in existing methods.
The study stress-tested the robustness of machine-generated text detectors against various attacks, revealing that almost none remain robust under all attacks, with an average performance drop of 35% across all attacks.
The widespread use of large language models (LLMs) is increasing the demand for methods that detect machine-generated text to prevent misuse. The goal of our study is to stress test the detectors' robustness to malicious attacks under realistic scenarios. We comprehensively study the robustness of popular machine-generated text detectors under attacks from diverse categories: editing, paraphrasing, prompting, and co-generating. Our attacks assume limited access to the generator LLMs, and we compare the performance of detectors on different attacks under different budget levels. Our experiments reveal that almost none of the existing detectors remain robust under all the attacks, and all detectors exhibit different loopholes. Averaging all detectors, the performance drops by 35% across all attacks. Further, we investigate the reasons behind these defects and propose initial out-of-the-box patches to improve robustness.