ML Security PapersHuman Texts Are Outliers: Detecting LLM-generated Texts via Out-of-distribution Detection
Cong Zeng 1, Shengkun Tang 2, Yuanzhou Chen 1, Zhiqiang Shen 2, Wenchao Yu 3, Xujiang Zhao 2, Haifeng Chen 1, Wei Cheng 2, Zhiqiang Xu 1
Published on arXiv
2510.08602
Output Integrity Attack
OWASP ML Top 10 — ML09
Key Finding
OOD-based detection achieves 98.3% AUROC and AUPR with only 8.9% FPR95 on the DeepFake dataset, outperforming binary classifiers across multilingual and adversarial robustness settings.
OOD-based LLM text detection (DeepSVDD / HRN / Energy-based)
Novel technique introduced
The rapid advancement of large language models (LLMs) such as ChatGPT, DeepSeek, and Claude has significantly increased the presence of AI-generated text in digital communication. This trend has heightened the need for reliable detection methods to distinguish between human-authored and machine-generated content. Existing approaches both zero-shot methods and supervised classifiers largely conceptualize this task as a binary classification problem, often leading to poor generalization across domains and models. In this paper, we argue that such a binary formulation fundamentally mischaracterizes the detection task by assuming a coherent representation of human-written texts. In reality, human texts do not constitute a unified distribution, and their diversity cannot be effectively captured through limited sampling. This causes previous classifiers to memorize observed OOD characteristics rather than learn the essence of `non-ID' behavior, limiting generalization to unseen human-authored inputs. Based on this observation, we propose reframing the detection task as an out-of-distribution (OOD) detection problem, treating human-written texts as distributional outliers while machine-generated texts are in-distribution (ID) samples. To this end, we develop a detection framework using one-class learning method including DeepSVDD and HRN, and score-based learning techniques such as energy-based method, enabling robust and generalizable performance. Extensive experiments across multiple datasets validate the effectiveness of our OOD-based approach. Specifically, the OOD-based method achieves 98.3% AUROC and AUPR with only 8.9% FPR95 on DeepFake dataset. Moreover, we test our detection framework on multilingual, attacked, and unseen-model and -domain text settings, demonstrating the robustness and generalizability of our framework. Code, pretrained weights, and demo will be released.
Key Contributions
- Reframes LLM-generated text detection as an out-of-distribution detection problem, treating human texts as distributional outliers rather than a coherent in-distribution class
- Detection framework combining one-class learning methods (DeepSVDD, HRN) and energy-based scoring to enable robust, generalizable detection
- Demonstrates strong generalization across multilingual, adversarially attacked, and unseen-model/unseen-domain text settings, achieving 98.3% AUROC on the DeepFake dataset
🛡️ Threat Analysis
Directly addresses AI-generated content detection — distinguishing LLM-generated text from human-authored text. The paper's primary contribution is a novel detection methodology (OOD framing with DeepSVDD, HRN, and energy-based scoring) for verifying the authenticity and provenance of text content, which is a core ML09 concern.