Detecting Backdoor Attacks via Similarity in Semantic Communication Systems

TL;DR

This paper introduces a novel defense method for semantic communication systems that detects backdoor attacks by analyzing semantic similarity deviations, avoiding model modifications or strict data format requirements.

Contribution

The work proposes a similarity-based detection framework for backdoor attacks in semantic communication systems that does not alter model structure or data formats.

Findings

High detection accuracy across various poisoning ratios

Effective identification of poisoned samples without model modifications

Robust performance demonstrated through experimental validation

Abstract

Semantic communication systems, which leverage Generative AI (GAI) to transmit semantic meaning rather than raw data, are poised to revolutionize modern communications. However, they are vulnerable to backdoor attacks, a type of poisoning manipulation that embeds malicious triggers into training datasets. As a result, Backdoor attacks mislead the inference for poisoned samples while clean samples remain unaffected. The existing defenses may alter the model structure (such as neuron pruning that potentially degrades inference performance on clean inputs, or impose strict requirements on data formats (such as ``Semantic Shield" that requires image-text pairs). To address these limitations, this work proposes a defense mechanism that leverages semantic similarity to detect backdoor attacks without modifying the model structure or imposing data format constraints. By analyzing deviations in semantic feature space and establishing a threshold-based detection framework, the proposed approach effectively identifies poisoned samples. The experimental results demonstrate high detection accuracy and recall across varying poisoning ratios, underlining the significant effectiveness of our proposed solution.