Boosting Physical Layer Black-Box Attacks with Semantic Adversaries in Semantic Communications

TL;DR

This paper introduces SemBLK, a novel black-box attack method that generates imperceptible physical layer semantic adversaries to compromise end-to-end semantic communication systems, enhancing attack effectiveness.

Contribution

The paper presents a new approach to generate physical layer semantic adversaries in black-box settings, including a surrogate encoder and a semantic perturbation method, advancing attack strategies in semantic communications.

Findings

SemBLK effectively attacks ESC systems in black-box scenarios.

Semantic adversaries significantly degrade communication performance.

Visual case studies demonstrate the superiority of the proposed perturbations.

Abstract

End-to-end semantic communication (ESC) system is able to improve communication efficiency by only transmitting the semantics of the input rather than raw bits. Although promising, ESC has also been shown susceptible to the crafted physical layer adversarial perturbations due to the openness of wireless channels and the sensitivity of neural models. Previous works focus more on the physical layer white-box attacks, while the challenging black-box ones, as more practical adversaries in real-world cases, are still largely under-explored. To this end, we present SemBLK, a novel method that can learn to generate destructive physical layer semantic attacks for an ESC system under the black-box setting, where the adversaries are imperceptible to humans. Specifically, 1) we first introduce a surrogate semantic encoder and train its parameters by exploring a limited number of queries to an existing ESC system. 2) Equipped with such a surrogate encoder, we then propose a novel semantic perturbation generation method to learn to boost the physical layer attacks with semantic adversaries. Experiments on two public datasets show the effectiveness of our proposed SemBLK in attacking the ESC system under the black-box setting. Finally, we provide case studies to visually justify the superiority of our physical layer semantic perturbations.