Robust Detection of Watermarks for Large Language Models Under Human Edits

• URL: http://arxiv.org/abs/2411.13868v1
• Date: Thu, 21 Nov 2024 06:06:04 GMT
• Title: Robust Detection of Watermarks for Large Language Models Under Human Edits
• Authors: Xiang Li, Feng Ruan, Huiyuan Wang, Qi Long, Weijie J. Su,
• Abstract summary: We introduce a new method in the form of a truncated goodness-of-fit test for detecting watermarked text under human edits. We prove that the Tr-GoF test achieves optimality in robust detection of the Gumbel-GoF watermark. We also show that the Tr-GoF test attains the highest detection efficiency rate in a certain regime of moderate text modifications.
• Score: 27.678152860666163
• License:
• Abstract: Watermarking has offered an effective approach to distinguishing text generated by large language models (LLMs) from human-written text. However, the pervasive presence of human edits on LLM-generated text dilutes watermark signals, thereby significantly degrading detection performance of existing methods. In this paper, by modeling human edits through mixture model detection, we introduce a new method in the form of a truncated goodness-of-fit test for detecting watermarked text under human edits, which we refer to as Tr-GoF. We prove that the Tr-GoF test achieves optimality in robust detection of the Gumbel-max watermark in a certain asymptotic regime of substantial text modifications and vanishing watermark signals. Importantly, Tr-GoF achieves this optimality \textit{adaptively} as it does not require precise knowledge of human edit levels or probabilistic specifications of the LLMs, in contrast to the optimal but impractical (Neyman--Pearson) likelihood ratio test. Moreover, we establish that the Tr-GoF test attains the highest detection efficiency rate in a certain regime of moderate text modifications. In stark contrast, we show that sum-based detection rules, as employed by existing methods, fail to achieve optimal robustness in both regimes because the additive nature of their statistics is less resilient to edit-induced noise. Finally, we demonstrate the competitive and sometimes superior empirical performance of the Tr-GoF test on both synthetic data and open-source LLMs in the OPT and LLaMA families.

Related papers

• BiMarker: Enhancing Text Watermark Detection for Large Language Models with Bipolar Watermarks [19.689433249830465]
  Existing watermarking techniques struggle with low watermark strength and stringent false-positive requirements. tool splits generated text into positive and negative poles, enhancing detection without requiring additional computational resources.
  arXiv  Detail & Related papers  (2025-01-21T14:32:50Z)
• GaussMark: A Practical Approach for Structural Watermarking of Language Models [61.84270985214254]
  GaussMark is a simple, efficient, and relatively robust scheme for watermarking large language models. We show that GaussMark is reliable, efficient, and relatively robust to corruptions such as insertions, deletions, substitutions, and roundtrip translations.
  arXiv  Detail & Related papers  (2025-01-17T22:30:08Z)
• Signal Watermark on Large Language Models [28.711745671275477]
  We propose a watermarking method embedding a specific watermark into the text during its generation by Large Language Models (LLMs) This technique not only ensures the watermark's invisibility to humans but also maintains the quality and grammatical integrity of model-generated text. Our method has been empirically validated across multiple LLMs, consistently maintaining high detection accuracy.
  arXiv  Detail & Related papers  (2024-10-09T04:49:03Z)
• Theoretically Grounded Framework for LLM Watermarking: A Distribution-Adaptive Approach [35.319577498993354]
  We present a novel theoretical framework for watermarking Large Language Models (LLMs) Our approach focuses on maximizing detection performance while maintaining control over the worst-case Type-I error and text distortion. We propose an efficient, model-agnostic, distribution-adaptive watermarking algorithm, utilizing a surrogate model alongside the Gumbel-max trick.
  arXiv  Detail & Related papers  (2024-10-03T18:28:10Z)
• WaterSeeker: Pioneering Efficient Detection of Watermarked Segments in Large Documents [63.563031923075066]
  WaterSeeker is a novel approach to efficiently detect and locate watermarked segments amid extensive natural text. It achieves a superior balance between detection accuracy and computational efficiency.
  arXiv  Detail & Related papers  (2024-09-08T14:45:47Z)
• A Statistical Framework of Watermarks for Large Language Models: Pivot, Detection Efficiency and Optimal Rules [27.678152860666163]
  We introduce a framework for reasoning about the statistical efficiency of watermarks and powerful detection rules. We derive optimal detection rules for watermarks under our framework.
  arXiv  Detail & Related papers  (2024-04-01T17:03:41Z)
• Duwak: Dual Watermarks in Large Language Models [49.00264962860555]
  We propose, Duwak, to enhance the efficiency and quality of watermarking by embedding dual secret patterns in both token probability distribution and sampling schemes. We evaluate Duwak extensively on Llama2, against four state-of-the-art watermarking techniques and combinations of them.
  arXiv  Detail & Related papers  (2024-03-12T16:25:38Z)
• Towards Codable Watermarking for Injecting Multi-bits Information to LLMs [86.86436777626959]
  Large language models (LLMs) generate texts with increasing fluency and realism. Existing watermarking methods are encoding-inefficient and cannot flexibly meet the diverse information encoding needs. We propose Codable Text Watermarking for LLMs (CTWL) that allows text watermarks to carry multi-bit customizable information.
  arXiv  Detail & Related papers  (2023-07-29T14:11:15Z)
• Watermarking Conditional Text Generation for AI Detection: Unveiling Challenges and a Semantic-Aware Watermark Remedy [52.765898203824975]
  We introduce a semantic-aware watermarking algorithm that considers the characteristics of conditional text generation and the input context. Experimental results demonstrate that our proposed method yields substantial improvements across various text generation models.
  arXiv  Detail & Related papers  (2023-07-25T20:24:22Z)
• On the Reliability of Watermarks for Large Language Models [95.87476978352659]
  We study the robustness of watermarked text after it is re-written by humans, paraphrased by a non-watermarked LLM, or mixed into a longer hand-written document. We find that watermarks remain detectable even after human and machine paraphrasing. We also consider a range of new detection schemes that are sensitive to short spans of watermarked text embedded inside a large document.
  arXiv  Detail & Related papers  (2023-06-07T17:58:48Z)

This list is automatically generated from the titles and abstracts of the papers in this site.

This site does not guarantee the quality of this site (including all information) and is not responsible for any consequences.