Logo
ScienceStack
Table of Contents
Fetching ...
Sign In

Pay Attention to the Robustness of Chinese Minority Language Models! Syllable-level Textual Adversarial Attack on Tibetan Script

Xi Cao, Dolma Dawa, Nuo Qun, Trashi Nyima

TL;DR

The paper introduces TSAttacker, a Tibetan syllable-level black-box adversarial attack for Tibetan-script NLP, using syllable cosine distance and a scoring mechanism to select substitutions. It formalizes the attack on K-class classifiers and demonstrates its effectiveness across six CINO-based models and three downstream tasks, with high attack success and low perturbation cost. Ablation shows that increasing the allowable syllable-distance $d_{max}$ boosts attack strength, while robustness gaps remain across models, underscoring the vulnerability of Chinese minority language PLMs. By releasing code and emphasizing minority-language security, the work provides a foundation for future robustness defenses and evaluation in Tibetan NLP and related languages.

Abstract

The textual adversarial attack refers to an attack method in which the attacker adds imperceptible perturbations to the original texts by elaborate design so that the NLP (natural language processing) model produces false judgments. This method is also used to evaluate the robustness of NLP models. Currently, most of the research in this field focuses on English, and there is also a certain amount of research on Chinese. However, to the best of our knowledge, there is little research targeting Chinese minority languages. Textual adversarial attacks are a new challenge for the information processing of Chinese minority languages. In response to this situation, we propose a Tibetan syllable-level black-box textual adversarial attack called TSAttacker based on syllable cosine distance and scoring mechanism. And then, we conduct TSAttacker on six models generated by fine-tuning two PLMs (pre-trained language models) for three downstream tasks. The experiment results show that TSAttacker is effective and generates high-quality adversarial samples. In addition, the robustness of the involved models still has much room for improvement.

Pay Attention to the Robustness of Chinese Minority Language Models! Syllable-level Textual Adversarial Attack on Tibetan Script

TL;DR

The paper introduces TSAttacker, a Tibetan syllable-level black-box adversarial attack for Tibetan-script NLP, using syllable cosine distance and a scoring mechanism to select substitutions. It formalizes the attack on K-class classifiers and demonstrates its effectiveness across six CINO-based models and three downstream tasks, with high attack success and low perturbation cost. Ablation shows that increasing the allowable syllable-distance boosts attack strength, while robustness gaps remain across models, underscoring the vulnerability of Chinese minority language PLMs. By releasing code and emphasizing minority-language security, the work provides a foundation for future robustness defenses and evaluation in Tibetan NLP and related languages.

Abstract

The textual adversarial attack refers to an attack method in which the attacker adds imperceptible perturbations to the original texts by elaborate design so that the NLP (natural language processing) model produces false judgments. This method is also used to evaluate the robustness of NLP models. Currently, most of the research in this field focuses on English, and there is also a certain amount of research on Chinese. However, to the best of our knowledge, there is little research targeting Chinese minority languages. Textual adversarial attacks are a new challenge for the information processing of Chinese minority languages. In response to this situation, we propose a Tibetan syllable-level black-box textual adversarial attack called TSAttacker based on syllable cosine distance and scoring mechanism. And then, we conduct TSAttacker on six models generated by fine-tuning two PLMs (pre-trained language models) for three downstream tasks. The experiment results show that TSAttacker is effective and generates high-quality adversarial samples. In addition, the robustness of the involved models still has much room for improvement.

Paper Structure

This paper contains 22 sections, 12 equations, 1 figure, 4 tables, 1 algorithm.

Table of Contents

  1. Introduction
  2. Related Work
  3. Textual Adversarial Attacks on English
  4. Textual Adversarial Attacks on Chinese
  5. Textual Adversarial Attacks on Chinese Minority Languages
  6. Attack Method
  7. Textual Adversarial Attacks on Text Classification
  8. TSAttacker Algorithm
  9. Syllable Substitution
  10. Substitution Order
  11. Experiment
  12. Datasets and Models
  13. Datasets
  14. Models
  15. Evaluation Metrics and Experiment Results
  16. ...and 7 more sections

Figures (1)

  • Figure 1: Results of ablation experiments.