Your Language Model Can Secretly Write Like Humans: Contrastive Paraphrase Attacks on LLM-Generated Text Detectors (2025.emnlp-main)
Copied to clipboard
Hao Fang, Jiawei Kong, Tianqu Zhuang, Yixiang Qiu, Kuofeng Gao, Bin Chen, Shu-Tao Xia, Yaowei Wang, Min Zhang
| Challenge: | Existing methods to detect large language models (LLMs) generated for plagiarism use paraphrases to rewrite them to evade detection. |
| Approach: | They propose a training-free method that effectively fools text detectors using off-the-shelf LLMs by rewriting them to evade detection. |
| Outcome: | The proposed method deceives text detectors using off-the-shelf LLMs by rewriting them to produce human-like sentences that are less discernible by detectors. |
Similar Papers
FOCUS: Forging Originality through Contrastive Use in Self-Plagiarism for Language Models (2024.findings-acl)
Copied to clipboard
| Challenge: | Existing methods to generate original text using pre-trained language models are problematic as they are trained on corpora constructed by human authors. |
| Approach: | They propose a unique “self-plagiarism” contrastive decoding strategy that modifies prompts in LLMs to develop an amateur model and a professional model. |
| Outcome: | The proposed method enables the development of an amateur model and a professional model while maintaining its standard language model status. |
User Inference Attacks on Large Language Models (2024.emnlp-main)
Copied to clipboard
| Challenge: | a large amount of data written by humans is used to train and fine-tune large language models. |
| Approach: | They propose to infer if a user's data was used to train an LLM by using example-level differential privacy. |
| Outcome: | The proposed attacks are easy to employ and only require black-box access to an LLM and a few samples from the user. |
Humanizing Machine-Generated Content: Evading AI-Text Detection through Adversarial Attack (2024.lrec-main)
Copied to clipboard
| Challenge: | Despite the development of large language models, there are still significant challenges in detecting whether text is generated by a machine. |
| Approach: | They propose a framework for a broader class of adversarial attacks to perform minor perturbations in machine-generated content to evade detection. |
| Outcome: | The proposed framework can be compromised in as little as 10 seconds, and improves over iterative adversarial learning. |
RAFT: Realistic Attacks to Fool Text Detectors (2024.emnlp-main)
Copied to clipboard
| Challenge: | Large language models (LLMs) have exhibited remarkable fluency across tasks, but their unethical applications are unclear. |
| Approach: | They propose a grammar error-free black-box attack that exploits LLM embeddings at the word-level while preserving original text quality. |
| Outcome: | The proposed attack compromises all detectors across domains and is transferable across source models. |
SearchLLM: Detecting LLM Paraphrased Text by Measuring the Similarity with Regeneration of the Candidate Source via Search Engine (2026.eacl-long)
Copied to clipboard
| Challenge: | Large language models (LLMs) can be used to enhance text quality but can sometimes result in loss or distortion of original meaning. |
| Approach: | They propose a method to identify LLM-paraphrased text by leveraging search engine capabilities to locate potential original text sources. |
| Outcome: | The proposed approach distinguishes LLM-paraphrased text from genuine human writing . it uses search engine capabilities to integrate with existing detectors to improve performance . |
Mitigating Paraphrase Attacks on Machine-Text Detection via Paraphrase Inversion (2025.findings-acl)
Copied to clipboard
| Challenge: | Paraphrases applied to machine-generated texts can degrade performance of machine-text detectors. |
| Approach: | They propose an approach which frames the problem as translation from paraphrased text back to the original text. |
| Outcome: | The proposed approach yields an average improvement of +22% AUROC across seven detectors and three different domains. |
Learning to Rewrite: Generalized LLM-Generated Text Detection (2025.acl-long)
Copied to clipboard
| Challenge: | Existing detectors for Large Language Models (LLMs) struggle to generalize in open-world settings. |
| Approach: | They propose a framework to detect LLM-generated text with exceptional generalization to unseen domains by reinforcing LLMs’ inherent rewriting tendencies. |
| Outcome: | The proposed framework outperforms state-of-the-art detection methods by 23.04% in AUROC, 35.10% for out-of distribution tests, and 48.66% under adversarial attacks. |
Bias in the Mirror : Are LLMs opinions robust to their own adversarial attacks (2025.acl-long)
Copied to clipboard
| Challenge: | Existing work on large language models lacks robustness, highlighting the limitations of such models. |
| Approach: | They propose a novel approach where two LLMs engage in self-debate to persuade a neutral version of the model. |
| Outcome: | The proposed approach examines whether large language models are robust during interactions and whether they are susceptible to reinforcing misinformation or shifting to harmful viewpoints. |
Adapting Fake News Detection to the Era of Large Language Models (2024.findings-naacl)
Copied to clipboard
| Challenge: | a gap exists in understanding the interplay between machine-paraphrased real news, machine-generated fake news, and human-written real news . false information is easier to generate but harder to detect due to the bias of detectors against machine-generated texts . |
| Approach: | They propose a strategy to adapt fake news detectors to the era of large language models and AI-driven content creation . |
| Outcome: | The proposed detectors perform well on human-written articles but not vice versa . the proposed detector should be trained on datasets with lower machine-generated news ratio than the test set . |
From Text to Source: Results in Detecting Large Language Model-Generated Content (2024.lrec-main)
Copied to clipboard
| Challenge: | Large Language Models (LLMs) generate human-like text, but have ethical and misuse concerns. |
| Approach: | They evaluate whether a classifier trained to distinguish between source and target LLMs can detect text from an LLM without further training. |
| Outcome: | The proposed method detects text from target LLMs without further training. |