DualGuard: Dual-stream Large Language Model Watermarking Defense against Paraphrase and Spoofing Attack

With the rapid development of cloud-based services, large language models (LLMs) have become increasingly accessible through various web platforms. However, this accessibility has also led to growing risks of model abuse. LLM watermarking has emerged as an effective approach to mitigate such misuse and protect intellectual property. Existing watermarking algorithms, however, primarily focus on defending against paraphrase attacks while overlooking piggyback spoofing attacks, which can inject harmful content, compromise watermark reliability, and undermine trust in attribution. To address this limitation, we propose DualGuard, the first watermarking algorithm capable of defending against both paraphrase and spoofing attacks. DualGuard employs the adaptive dual-stream watermarking mechanism, in which two complementary watermark signals are dynamically injected based on the semantic content. This design enables DualGuard not only to detect but also to trace spoofing attacks, thereby ensuring reliable and trustworthy watermark detection. Extensive experiments conducted across multiple datasets and language models demonstrate that DualGuard achieves excellent detectability, robustness, traceability, and text quality, effectively advancing the state of LLM watermarking for real-world applications.

Key Contributions

• First watermarking algorithm that simultaneously defends against both paraphrase attacks and piggyback spoofing attacks on LLM-generated text
• Adaptive dual-stream watermarking mechanism that dynamically injects two complementary watermark signals based on semantic content
• Spoofing attack traceability: DualGuard can not only detect but also trace injection of harmful content into watermarked text, preventing false attribution

🛡️ Threat Analysis

Details

Similar Papers