Physical-layer Adversarial Robustness for Deep Learning-based Semantic Communications

TL;DR

This paper introduces MobileSC, a semantic communication framework, and SemAdv, a physical-layer adversarial attack generator, along with SemMixed adversarial training, to enhance robustness of deep learning-based semantic communications against physical adversarial attacks.

Contribution

The paper proposes MobileSC for efficient semantic communication, SemAdv for generating physical adversarial attacks, and SemMixed for robust training, addressing security vulnerabilities in semantic communications.

Findings

MobileSC outperforms classical systems in low SNR scenarios.

SemAdv effectively crafts imperceptible, input-agnostic physical adversarial attacks.

SemMixed improves robustness against various physical adversarial threats.

Abstract

End-to-end semantic communications (ESC) rely on deep neural networks (DNN) to boost communication efficiency by only transmitting the semantics of data, showing great potential for high-demand mobile applications. We argue that central to the success of ESC is the robust interpretation of conveyed semantics at the receiver side, especially for security-critical applications such as automatic driving and smart healthcare. However, robustifying semantic interpretation is challenging as ESC is extremely vulnerable to physical-layer adversarial attacks due to the openness of wireless channels and the fragileness of neural models. Toward ESC robustness in practice, we ask the following two questions: Q1: For attacks, is it possible to generate semantic-oriented physical-layer adversarial attacks that are imperceptible, input-agnostic and controllable? Q2: Can we develop a defense strategy against such semantic distortions and previously proposed adversaries? To this end, we first present MobileSC, a novel semantic communication framework that considers the computation and memory efficiency in wireless environments. Equipped with this framework, we propose SemAdv, a physical-layer adversarial perturbation generator that aims to craft semantic adversaries over the air with the abovementioned criteria, thus answering the Q1. To better characterize the realworld effects for robust training and evaluation, we further introduce a novel adversarial training method SemMixed to harden the ESC against SemAdv attacks and existing strong threats, thus answering the Q2. Extensive experiments on three public benchmarks verify the effectiveness of our proposed methods against various physical adversarial attacks. We also show some interesting findings, e.g., our MobileSC can even be more robust than classical block-wise communication systems in the low SNR regime.