Related papers: Rethinking Security in Semantic Communication: Latent Manipulation as a New Threat

Rethinking Security in Semantic Communication: Latent Manipulation as a New Threat

URL: http://arxiv.org/abs/2512.03361v1
Date: Wed, 03 Dec 2025 01:54:11 GMT
Title: Rethinking Security in Semantic Communication: Latent Manipulation as a New Threat
Authors: Zhiyuan Xi, Kun Zhu,
Abstract summary: Deep learning-based semantic communication (SemCom) has emerged as a promising paradigm for next-generation wireless networks.<n>In this paper, we uncover a fundamental latent-space vulnerability that enables Man-in-the-Middle (MitM) attacker to covertly manipulate the transmitted semantics.
Score: 4.488447044579913
License: http://arxiv.org/licenses/nonexclusive-distrib/1.0/
Abstract: Deep learning-based semantic communication (SemCom) has emerged as a promising paradigm for next-generation wireless networks, offering superior transmission efficiency by extracting and conveying task-relevant semantic latent representations rather than raw data. However, the openness of the wireless medium and the intrinsic vulnerability of semantic latent representations expose such systems to previously unrecognized security risks. In this paper, we uncover a fundamental latent-space vulnerability that enables Man-in-the-Middle (MitM) attacker to covertly manipulate the transmitted semantics while preserving the statistical properties of the transmitted latent representations. We first present a Diffusion-based Re-encoding Attack (DiR), wherein the attacker employs a diffusion model to synthesize an attacker-designed semantic variant, and re-encodes it into a valid latent representation compatible with the SemCom decoder. Beyond this model-dependent pathway, we further propose a model-agnostic and training-free Test-Time Adaptation Latent Manipulation attack (TTA-LM), in which the attacker perturbs and steers the intercepted latent representation toward an attacker-specified semantic target by leveraging the gradient of a target loss function. In contrast to diffusion-based manipulation, TTA-LM does not rely on any generative model and does not impose modality-specific or task-specific assumptions, thereby enabling efficient and broadly applicable latent-space tampering across diverse SemCom architectures. Extensive experiments on representative semantic communication architectures demonstrate that both attacks can significantly alter the decoded semantics while preserving natural latent-space distributions, making the attacks covert and difficult to detect.

Related papers

Secure Semantic Communications via AI Defenses: Fundamentals, Solutions, and Future Directions [44.71660423560587]
This survey provides a defense-centered and system-oriented synthesis of security in SemCom via AI defense.<n>We present a structured taxonomy of defense strategies organized by where semantic integrity can be compromised in SemCom systems.<n>We also examine security utility operating envelopes that capture tradeoffs among semantic fidelity, robustness, latency, and energy.
arXiv Detail & Related papers (2026-02-25T17:28:07Z)
Diffusion-aided Task-oriented Semantic Communications with Model Inversion Attack [8.014010065113707]
We propose DiffSem, a diffusion-aided framework for task-oriented semantic communication.<n>DiffSem integrates a transmitter-side self-noising mechanism that adaptively regulates semantic content while compensating for channel noise.<n>Our experiments demonstrate that DiffSem enables the legitimate receiver to achieve higher accuracy, thereby validating the superior performance of the proposed framework.
arXiv Detail & Related papers (2025-06-24T05:21:27Z)
TRAP: Targeted Redirecting of Agentic Preferences [3.6293956720749425]
We introduce TRAP, a generative adversarial framework that manipulates the agent's decision-making using diffusion-based semantic injections.<n>Our method combines negative prompt-based degradation with positive semantic optimization, guided by a Siamese semantic network and layout-aware spatial masking.<n>TRAP achieves a 100% attack success rate on leading models, including LLaVA-34B, Gemma3, and Mistral-3.1.
arXiv Detail & Related papers (2025-05-29T14:57:16Z)
AIM: Additional Image Guided Generation of Transferable Adversarial Attacks [72.24101555828256]
Transferable adversarial examples highlight the vulnerability of deep neural networks (DNNs) to imperceptible perturbations across various real-world applications.<n>In this work, we focus on generative approaches for targeted transferable attacks.<n>We introduce a novel plug-and-play module into the general generator architecture to enhance adversarial transferability.
arXiv Detail & Related papers (2025-01-02T07:06:49Z)
Transferable Adversarial Attacks on SAM and Its Downstream Models [87.23908485521439]
This paper explores the feasibility of adversarial attacking various downstream models fine-tuned from the segment anything model (SAM)<n>To enhance the effectiveness of the adversarial attack towards models fine-tuned on unknown datasets, we propose a universal meta-initialization (UMI) algorithm.
arXiv Detail & Related papers (2024-10-26T15:04:04Z)
Agent-driven Generative Semantic Communication with Cross-Modality and Prediction [57.335922373309074]
We propose a novel agent-driven generative semantic communication framework based on reinforcement learning. In this work, we develop an agent-assisted semantic encoder with cross-modality capability, which can track the semantic changes, channel condition, to perform adaptive semantic extraction and sampling. The effectiveness of the designed models has been verified using the UA-DETRAC dataset, demonstrating the performance gains of the overall A-GSC framework.
arXiv Detail & Related papers (2024-04-10T13:24:27Z)
Generative AI-aided Joint Training-free Secure Semantic Communications via Multi-modal Prompts [89.04751776308656]
This paper proposes a GAI-aided SemCom system with multi-model prompts for accurate content decoding. In response to security concerns, we introduce the application of covert communications aided by a friendly jammer.
arXiv Detail & Related papers (2023-09-05T23:24:56Z)
Blockchain-aided Secure Semantic Communication for AI-Generated Content in Metaverse [59.04428659123127]
We propose a blockchain-aided semantic communication framework for AIGC services in virtual transportation networks. We illustrate a training-based semantic attack scheme to generate adversarial semantic data by various loss functions. We also design a semantic defense scheme that uses the blockchain and zero-knowledge proofs to tell the difference between the semantic similarities of adversarial and authentic semantic data.
arXiv Detail & Related papers (2023-01-25T02:32:02Z)
Is Semantic Communications Secure? A Tale of Multi-Domain Adversarial Attacks [70.51799606279883]
We introduce test-time adversarial attacks on deep neural networks (DNNs) for semantic communications. We show that it is possible to change the semantics of the transferred information even when the reconstruction loss remains low.
arXiv Detail & Related papers (2022-12-20T17:13:22Z)

This list is automatically generated from the titles and abstracts of the papers in this site.

This site does not guarantee the quality of this site (including all information) and is not responsible for any consequences.