Master's Thesis: Robustness of Authorship Verification against Adversarial Obfuscation

Background/Motivation: Authorship verification (AV) is used in areas such as forensics, plagiarism detection, and fake news detection to identify the true author of a text. The goal of authorship verification (AV) is to classify whether two or more texts were written by the same author (Y) or not (N). A major problem is that authors can intentionally obscure their writing style (adversarial obfuscation). Such attacks include, among other things, synonym replacements, paraphrasing, machine translations, or the use of language models for automatic rephrasing. These attacks often lead to AV systems making incorrect decisions, as superficial stylistic markers disappear. While current systems achieve high accuracy in controlled scenarios, there is a lack of systematic investigations into how robust they are against targeted obfuscations.



Objective: The objective of this work is to investigate various attacks on style concealment and to develop an AV system that is as robust as possible against them. To achieve this, a systematic framework should be established that:

Texts transformed with various obfuscation methods, measuring the impact of these attacks on common AV models, and designing a robust procedure (e.g., through adversarial training or contrastive learning) that better defends against these attacks.


Results: The work aims to demonstrate how vulnerable existing AV approaches are to different obfuscation strategies and which approaches remain particularly robust. In addition, an adversarially trained model is presented that significantly improves robustness. The results contribute to the development of safe, practical AV systems and provide a foundation for future research on adversarial robustness in the field of stylometry.