Backdoor Attacks and Defenses on Semantic-Symbol Reconstruction in Semantic Communications

• URL: http://arxiv.org/abs/2404.13279v1
• Date: Sat, 20 Apr 2024 05:32:55 GMT
• Title: Backdoor Attacks and Defenses on Semantic-Symbol Reconstruction in Semantic Communications
• Authors: Yuan Zhou, Rose Qingyang Hu, Yi Qian,
• Abstract summary: This paper delves into backdoor attacks targeting deep learning-enabled semantic communication systems. A new backdoor attack paradigm on semantic symbols (BASS) is introduced. reverse engineering-based and pruning-based defense strategies are designed to protect against BASS.
• Score: 27.444926954449336
• License: http://creativecommons.org/licenses/by-nc-nd/4.0/
• Abstract: Semantic communication is of crucial importance for the next-generation wireless communication networks. The existing works have developed semantic communication frameworks based on deep learning. However, systems powered by deep learning are vulnerable to threats such as backdoor attacks and adversarial attacks. This paper delves into backdoor attacks targeting deep learning-enabled semantic communication systems. Since current works on backdoor attacks are not tailored for semantic communication scenarios, a new backdoor attack paradigm on semantic symbols (BASS) is introduced, based on which the corresponding defense measures are designed. Specifically, a training framework is proposed to prevent BASS. Additionally, reverse engineering-based and pruning-based defense strategies are designed to protect against backdoor attacks in semantic communication. Simulation results demonstrate the effectiveness of both the proposed attack paradigm and the defense strategies.

Related papers

• Secure Semantic Communication via Paired Adversarial Residual Networks [59.468221305630784]
  This letter explores the positive side of the adversarial attack for the security-aware semantic communication system. A pair of matching pluggable modules is installed: one after the semantic transmitter and the other before the semantic receiver. The proposed scheme is capable of fooling the eavesdropper while maintaining the high-quality semantic communication.
  arXiv  Detail & Related papers  (2024-07-02T08:32:20Z)
• Breaking the False Sense of Security in Backdoor Defense through Re-Activation Attack [32.74007523929888]
  We re-investigate the characteristics of backdoored models after defense. We find that the original backdoors still exist in defense models derived from existing post-training defense strategies. We empirically show that these dormant backdoors can be easily re-activated during inference.
  arXiv  Detail & Related papers  (2024-05-25T08:57:30Z)
• BadCLIP: Dual-Embedding Guided Backdoor Attack on Multimodal Contrastive Learning [85.2564206440109]
  This paper reveals the threats in this practical scenario that backdoor attacks can remain effective even after defenses. We introduce the emphtoolns attack, which is resistant to backdoor detection and model fine-tuning defenses.
  arXiv  Detail & Related papers  (2023-11-20T02:21:49Z)
• The Model Inversion Eavesdropping Attack in Semantic Communication Systems [19.385375706864334]
  We introduce the model inversion eavesdropping attack (MIEA) to reveal the risk of privacy leaks in the semantic communication system. MIEA reconstructs the raw message, where both the white-box and black-box settings are considered. We propose a defense method based on random permutation and substitution to defend against MIEA.
  arXiv  Detail & Related papers  (2023-08-08T14:50:05Z)
• On the Vulnerability of Backdoor Defenses for Federated Learning [8.345632941376673]
  Federated Learning (FL) is a popular distributed machine learning paradigm that enables jointly training a global model without sharing clients' data. In this paper, we study whether the current defense mechanisms truly neutralize the backdoor threats from federated learning. We propose a new federated backdoor attack method for possible countermeasures.
  arXiv  Detail & Related papers  (2023-01-19T17:02:02Z)
• Vulnerabilities of Deep Learning-Driven Semantic Communications to Backdoor (Trojan) Attacks [70.51799606279883]
  This paper highlights vulnerabilities of deep learning-driven semantic communications to backdoor (Trojan) attacks. Backdoor attack can effectively change the semantic information transferred for poisoned input samples to a target meaning. Design guidelines are presented to preserve the meaning of transferred information in the presence of backdoor attacks.
  arXiv  Detail & Related papers  (2022-12-21T17:22:27Z)
• Contributor-Aware Defenses Against Adversarial Backdoor Attacks [2.830541450812474]
  adversarial backdoor attacks have demonstrated the capability to perform targeted misclassification of specific examples. We propose a contributor-aware universal defensive framework for learning in the presence of multiple, potentially adversarial data sources. Our empirical studies demonstrate the robustness of the proposed framework against adversarial backdoor attacks from multiple simultaneous adversaries.
  arXiv  Detail & Related papers  (2022-05-28T20:25:34Z)
• On the Effectiveness of Adversarial Training against Backdoor Attacks [111.8963365326168]
  A backdoored model always predicts a target class in the presence of a predefined trigger pattern. In general, adversarial training is believed to defend against backdoor attacks. We propose a hybrid strategy which provides satisfactory robustness across different backdoor attacks.
  arXiv  Detail & Related papers  (2022-02-22T02:24:46Z)
• Hidden Backdoor Attack against Semantic Segmentation Models [60.0327238844584]
  The emphbackdoor attack intends to embed hidden backdoors in deep neural networks (DNNs) by poisoning training data. We propose a novel attack paradigm, the emphfine-grained attack, where we treat the target label from the object-level instead of the image-level. Experiments show that the proposed methods can successfully attack semantic segmentation models by poisoning only a small proportion of training data.
  arXiv  Detail & Related papers  (2021-03-06T05:50:29Z)
• Backdoor Learning: A Survey [75.59571756777342]
  Backdoor attack intends to embed hidden backdoor into deep neural networks (DNNs) Backdoor learning is an emerging and rapidly growing research area. This paper presents the first comprehensive survey of this realm.
  arXiv  Detail & Related papers  (2020-07-17T04:09:20Z)

This list is automatically generated from the titles and abstracts of the papers in this site.

This site does not guarantee the quality of this site (including all information) and is not responsible for any consequences.