The rapid advancement of large language models (LLMs) has made it increasingly difficult to distinguish between text written by humans and machines. While watermarks already exist for LLMs, they often lack flexibility, and struggle with attacks such as paraphrasing. To address these issues, we propose a multi-feature method for generating watermarks that combines multiple distinct watermark features into an ensemble watermark. Concretely, we combine acrostica and sensorimotor norms with the established red-green watermark to achieve a 98% detection rate. After a paraphrasing attack the performance remains high with 95% detection rate. The red-green feature alone as baseline achieves a detection rate of 49%. The evaluation of all feature combinations reveals that the ensemble of all three consistently has the highest detection rate across several LLMs and watermark strength settings. Due to the flexibility of combining features in the ensemble, various requirements and trade-offs can be addressed. Additionally, for all ensemble configurations the same detection function can be used without adaptations. This method is particularly of interest to facilitate accountability and prevent societal harm.

翻译：随着大语言模型（LLMs）的快速发展，区分人类与机器生成的文本变得日益困难。尽管已有针对LLMs的水印技术，但它们通常缺乏灵活性，且在遭受诸如复述攻击时表现不佳。为解决这些问题，我们提出了一种多特征水印生成方法，将多个不同的水印特征组合成集成水印。具体而言，我们将藏头诗特征与感觉运动规范特征同成熟的红绿水印相结合，实现了98%的检测率。在遭受复述攻击后，其性能仍保持较高水平，检测率达到95%。单独使用红绿特征作为基线时，检测率仅为49%。对所有特征组合的评估表明，在多种LLMs和水印强度设置下，三者集成的方案始终具有最高的检测率。由于集成中组合特征的灵活性，可以满足不同的需求并实现权衡优化。此外，所有集成配置均可使用相同的检测函数而无需调整。该方法对于促进问责制和防止社会危害具有重要价值。