Verifying DNN-based Semantic Communication Against Generative Adversarial Noise

• URL: http://arxiv.org/abs/2602.08801v1
• Date: Mon, 09 Feb 2026 15:40:13 GMT
• Title: Verifying DNN-based Semantic Communication Against Generative Adversarial Noise
• Authors: Thanh Le, Hai Duong, ThanhVu Nguyen, Takeshi Matsumura,
• Abstract summary: adversarial attacks against SemCom systems can cause catastrophic failures.<n>We present VSCAN, a neural network verification framework that provides mathematical robustness guarantees.<n>Our evaluation on 600 verification properties characterizing various attacker's capabilities shows VSCAN matches attack methods in finding vulnerabilities.
• Score: 7.477547166922622
• License: http://creativecommons.org/licenses/by/4.0/
• Abstract: Safety-critical applications like autonomous vehicles and industrial IoT are adopting semantic communication (SemCom) systems using deep neural networks to reduce bandwidth and increase transmission speed by transmitting only task-relevant semantic features. However, adversarial attacks against these DNN-based SemCom systems can cause catastrophic failures by manipulating transmitted semantic features. Existing defense mechanisms rely on empirical approaches provide no formal guarantees against the full spectrum of adversarial perturbations. We present VSCAN, a neural network verification framework that provides mathematical robustness guarantees by formulating adversarial noise generation as mixed integer programming and verifying end-to-end properties across multiple interconnected networks (encoder, decoder, and task model). Our key insight is that realistic adversarial constraints (power limitations and statistical undetectability) can be encoded as logical formulae to enable efficient verification using state-of-the-art DNN verifiers. Our evaluation on 600 verification properties characterizing various attacker's capabilities shows VSCAN matches attack methods in finding vulnerabilities while providing formal robustness guarantees for 44% of properties -- a significant achievement given the complexity of multi-network verification. Moreover, we reveal a fundamental security-efficiency tradeoff: compact 16-dimensional latent spaces achieve 50% verified robustness compared to 64-dimensional spaces.

Related papers

• CREDIT: Certified Ownership Verification of Deep Neural Networks Against Model Extraction Attacks [54.04030169323115]
  We introduce CREDIT, a certified ownership verification against Model Extraction Attacks (MEAs)<n>We quantify the similarity between DNN models, propose a practical verification threshold, and provide rigorous theoretical guarantees for ownership verification based on this threshold.<n>We extensively evaluate our approach on several mainstream datasets across different domains and tasks, achieving state-of-the-art performance.
  arXiv  Detail & Related papers  (2026-02-23T23:36:25Z)
• Multi-Agent-Driven Cognitive Secure Communications in Satellite-Terrestrial Networks [58.70163955407538]
  Malicious eavesdroppers pose a serious threat to private information via satellite-terrestrial networks (STNs)<n>We propose a cognitive secure communication framework driven by multiple agents that coordinates spectrum scheduling and protection through real-time sensing.<n>We exploit generative adversarial networks to produce adversarial matrices, and employ learning-aided power control to set real and adversarial signal powers for protection layer.
  arXiv  Detail & Related papers  (2026-01-06T10:30:41Z)
• SemanticNN: Compressive and Error-Resilient Semantic Offloading for Extremely Weak Devices [9.795432423267503]
  We propose SemanticNN, a semanticcoder that tolerates bit-level errors in pursuit of semantic-level correctness.<n>It incorporates a Bit Error Rate (BER)-aware decoder that adapts to dynamic channel conditions and a Soft Quantization (SQ)-based encoder to learn compact representations.<n>We conduct extensive experiments on STM32 using three models and six datasets across image classification and object detection tasks.
  arXiv  Detail & Related papers  (2025-11-14T07:47:25Z)
• Towards Ultra-Low Latency: Binarized Neural Network Architectures for In-Vehicle Network Intrusion Detection [0.0]
  This paper presents a lightweight intrusion detection technique based on Binarized Neural Networks (BNNs)<n>We develop hybrid binary encoding techniques to integrate non-binary features, such as message IDs and frequencies.<n>The proposed method, namely the BNN framework specifically optimized for in-vehicle intrusion detection combined with hybrid binary quantization techniques for non-payload attributes, demonstrates efficacy in both anomaly detection and multi-class network traffic classification.
  arXiv  Detail & Related papers  (2025-11-02T06:47:56Z)
• Cyber Attacks Detection, Prevention, and Source Localization in Digital Substation Communication using Hybrid Statistical-Deep Learning [39.58317527488534]
  This paper proposes a novel method using hybrid statistical-deep learning for the detection, prevention, and source localization of IEC 61850 SV injection attacks.<n>It effectively discards malicious SV frames with minimal processing overhead and latency, maintains robustness against communication network latency variation and time-synchronization issues.<n>Results demonstrate the method's suitability for practical deployment in IEC 61850-compliant digital substations.
  arXiv  Detail & Related papers  (2025-07-01T07:38:22Z)
• Distributionally Robust Wireless Semantic Communication with Large AI Models [111.47794569742206]
  Current SemCom systems fail to generalize across diverse noise conditions, adversarial attacks, and out-of-distribution data.<n>Wasserstein distributionally robust optimization is employed to provide resilience against semantic misinterpretation and channel perturbations.<n> Experimental results on image and text transmission demonstrate that WaSeCom achieves improved robustness under noise and adversarial perturbations.
  arXiv  Detail & Related papers  (2025-05-28T04:03:57Z)
• Enhancing Privacy in Semantic Communication over Wiretap Channels leveraging Differential Privacy [51.028047763426265]
  Semantic communication (SemCom) improves transmission efficiency by focusing on task-relevant information.<n> transmitting semantic-rich data over insecure channels introduces privacy risks.<n>This paper proposes a novel SemCom framework that integrates differential privacy mechanisms to protect sensitive semantic features.
  arXiv  Detail & Related papers  (2025-04-23T08:42:44Z)
• Reformulation is All You Need: Addressing Malicious Text Features in DNNs [53.45564571192014]
  We propose a unified and adaptive defense framework that is effective against both adversarial and backdoor attacks.<n>Our framework outperforms existing sample-oriented defense baselines across a diverse range of malicious textual features.
  arXiv  Detail & Related papers  (2025-02-02T03:39:43Z)
• Evaluating Single Event Upsets in Deep Neural Networks for Semantic Segmentation: an embedded system perspective [1.474723404975345]
  This paper delves into the robustness assessment in embedded Deep Neural Networks (DNNs)<n>By scrutinizing the layer-by-layer and bit-by-bit sensitivity of various encoder-decoder models to soft errors, this study thoroughly investigates the vulnerability of segmentation DNNs to SEUs.<n>We propose a set of practical lightweight error mitigation techniques with no memory or computational cost suitable for resource-constrained deployments.
  arXiv  Detail & Related papers  (2024-12-04T18:28:38Z)
• Is Semantic Communications Secure? A Tale of Multi-Domain Adversarial Attacks [70.51799606279883]
  We introduce test-time adversarial attacks on deep neural networks (DNNs) for semantic communications. We show that it is possible to change the semantics of the transferred information even when the reconstruction loss remains low.
  arXiv  Detail & Related papers  (2022-12-20T17:13:22Z)
• Towards a Safety Case for Hardware Fault Tolerance in Convolutional Neural Networks Using Activation Range Supervision [1.7968112116887602]
  Convolutional neural networks (CNNs) have become an established part of numerous safety-critical computer vision applications. We build a prototypical safety case for CNNs by demonstrating that range supervision represents a highly reliable fault detector. We explore novel, non-uniform range restriction methods that effectively suppress the probability of silent data corruptions and uncorrectable errors.
  arXiv  Detail & Related papers  (2021-08-16T11:13:55Z)
• A Self-supervised Approach for Adversarial Robustness [105.88250594033053]
  Adversarial examples can cause catastrophic mistakes in Deep Neural Network (DNNs) based vision systems. This paper proposes a self-supervised adversarial training mechanism in the input space. It provides significant robustness against the textbfunseen adversarial attacks.
  arXiv  Detail & Related papers  (2020-06-08T20:42:39Z)

This list is automatically generated from the titles and abstracts of the papers in this site.

This site does not guarantee the quality of this site (including all information) and is not responsible for any consequences.