Deployed Tibetan text classification models face security threats from adversarial attacks, and retraining them incurs high costs.
To address this, we research and implement an adversarial attack and defense system for Tibetan text.As the core module of this system, we
propose a model-agnostic, syllable-level input-level defense method based on pseudo-perplexity detection and mask reconstruction. Our ap
proach identifies potential adversarial perturbations by measuring pseudo-perplexity anomalies via an independent masked language model.
Suspicious syllables are then repaired within a multi-dimensional restricted candidate space, and the text is reconstructed by minimizing the
whole-sentence pseudo-perplexity. This method purifies the input without modifying the victim models parameters. Experimental results on
the TNCC-title and TU_SA datasets demonstrate that the proposed defense achieves stable recovery gains against various attacks while main
taining a low change rate and high semantic fidelity. This work provides a practical and deployable solution for enhancing the robustness of
Tibetan text classification systems.

Tibetan text classification;Adversarial attacks; Input-level defense; Pseudo-perplexity; Mask reconstruction

[1] Cao X, Dawa D, Qun N, et al. Pay Attention to the Robustness of Chinese Minority Language Models! Syllable-level Adversarial Attack

on Tibetan Script [C]. Proc Workshop Trustworthy Nat Lang Process, 2023: 35-46.

[2] Yang Z, Xu Z, Cui Y, et al. CINO: A Chinese Minority Pre-trained Language Model [C]. Proc Int Conf Comput Linguist, 2022: 3937-

3949.

[3] Sun Y, Liu S, Deng J, et al. TiBERT: Tibetan Pre-trained Language Model [C]. IEEE Int Conf Syst Man Cybern, 2022: 2956-2961.

[4] Li L, Song D, Qiu X. Text Adversarial Purification as Defense against Adversarial Attacks [C]. Proc Annu Meet Assoc Comput Linguist,

2023: 338-350.

[5] Cao X, Qun N, Gesang Q, et al. Multi-Granularity Tibetan Textual Adversarial Attack Method Based on Masked Language Model [C].

Companion ProcACM Web Conf, 2024: 1672-1680.

[6] Cao X, Gesang Q, Sun Y, et al. TSCheater: Generating High-Quality Tibetan Adversarial Texts via Visual Similarity [C]. Proc IEEE Int

Conf Acoust Speech Signal Process, 2025.