The Model Inversion Eavesdropping Attack in Semantic Communication Systems

TL;DR

This paper demonstrates a model inversion eavesdropping attack that can reconstruct raw messages in semantic communication systems, highlighting privacy risks, and proposes a defense method to mitigate this vulnerability.

Contribution

It introduces the MIEA attack in semantic communication, analyzes its effectiveness, and proposes a novel defense strategy to enhance privacy security.

Findings

MIEA successfully reconstructs raw messages under various conditions.

The proposed defense effectively prevents MIEA from reconstructing messages.

Semantic communication systems are vulnerable to privacy leaks via model inversion attacks.

Abstract

In recent years, semantic communication has been a popular research topic for its superiority in communication efficiency. As semantic communication relies on deep learning to extract meaning from raw messages, it is vulnerable to attacks targeting deep learning models. In this paper, we introduce the model inversion eavesdropping attack (MIEA) to reveal the risk of privacy leaks in the semantic communication system. In MIEA, the attacker first eavesdrops the signal being transmitted by the semantic communication system and then performs model inversion attack to reconstruct the raw message, where both the white-box and black-box settings are considered. Evaluation results show that MIEA can successfully reconstruct the raw message with good quality under different channel conditions. We then propose a defense method based on random permutation and substitution to defend against MIEA in order to achieve secure semantic communication. Our experimental results demonstrate the effectiveness of the proposed defense method in preventing MIEA.