LLM Detectors Still Fall Short of Real World: Case of LLM-Generated Short News-Like Posts

Henrique Da Silva Gameiro,Andrei Kucharavy,Ljiljana Dolamic
2024-09-28
Abstract:With the emergence of widely available powerful LLMs, disinformation generated by large Language Models (LLMs) has become a major concern. Historically, LLM detectors have been touted as a solution, but their effectiveness in the real world is still to be proven. In this paper, we focus on an important setting in information operations -- short news-like posts generated by moderately sophisticated attackers. We demonstrate that existing LLM detectors, whether zero-shot or purpose-trained, are not ready for real-world use in that setting. All tested zero-shot detectors perform inconsistently with prior benchmarks and are highly vulnerable to sampling temperature increase, a trivial attack absent from recent benchmarks. A purpose-trained detector generalizing across LLMs and unseen attacks can be developed, but it fails to generalize to new human-written texts. We argue that the former indicates domain-specific benchmarking is needed, while the latter suggests a trade-off between the adversarial evasion resilience and overfitting to the reference human text, with both needing evaluation in benchmarks and currently absent. We believe this suggests a re-consideration of current LLM detector benchmarking approaches and provides a dynamically extensible benchmark to allow it (<a class="link-external link-https" href="https://github.com/Reliable-Information-Lab-HEVS/benchmark_llm_texts_detection" rel="external noopener nofollow">this https URL</a>).
Computation and Language,Artificial Intelligence,Cryptography and Security,Machine Learning
What problem does this paper attempt to address?