ML Security PapersA Survey of Secure Semantic Communications
Rui Meng 1, Song Gao 1, Dayu Fan 1, Haixiao Gao 1, Yining Wang 1, Xiaodong Xu 1,2, Bizhu Wang 1, Suyu Lv 3, Zhidi Zhang 1, Mengying Sun 1, Shujun Han 1, Chen Dong 1, Xiaofeng Tao 1, Ping Zhang 1,2
Published on arXiv
2501.00842
Input Manipulation Attack
OWASP ML Top 10 — ML01
Data Poisoning Attack
OWASP ML Top 10 — ML02
Model Poisoning
OWASP ML Top 10 — ML10
Key Finding
Provides a lifecycle-structured taxonomy of ML security threats (poisoning, backdoor, adversarial, privacy) in semantic communication systems and surveys corresponding countermeasures across training, transfer, and transmission phases
Semantic communication (SemCom) is regarded as a promising and revolutionary technology in 6G, aiming to transcend the constraints of ``Shannon's trap" by filtering out redundant information and extracting the core of effective data. Compared to traditional communication paradigms, SemCom offers several notable advantages, such as reducing the burden on data transmission, enhancing network management efficiency, and optimizing resource allocation. Numerous researchers have extensively explored SemCom from various perspectives, including network architecture, theoretical analysis, potential technologies, and future applications. However, as SemCom continues to evolve, a multitude of security and privacy concerns have arisen, posing threats to the confidentiality, integrity, and availability of SemCom systems. This paper presents a comprehensive survey of the technologies that can be utilized to secure SemCom. Firstly, we elaborate on the entire life cycle of SemCom, which includes the model training, model transfer, and semantic information transmission phases. Then, we identify the security and privacy issues that emerge during these three stages. Furthermore, we summarize the techniques available to mitigate these security and privacy threats, including data cleaning, robust learning, defensive strategies against backdoor attacks, adversarial training, differential privacy, cryptography, blockchain technology, model compression, and physical-layer security. Lastly, this paper outlines future research directions to guide researchers in related fields.
Key Contributions
- Taxonomy of security and privacy threats across the full SemCom lifecycle: model training, model transfer, and semantic information transmission phases
- Comprehensive survey of mitigation techniques including data cleaning, robust learning, backdoor defenses, adversarial training, differential privacy, cryptography, blockchain, and physical-layer security
- Identification of open research challenges and future directions for securing 6G SemCom systems
🛡️ Threat Analysis
Adversarial attacks on SemCom deep learning models and adversarial training defenses are explicitly identified as a primary security concern at inference time.
Data poisoning attacks on SemCom model training are surveyed, with data cleaning and robust learning covered as primary defenses.
Backdoor/trojan attacks on SemCom models and defensive strategies against them are explicitly listed as a major security threat covered in the survey.