Physical-Layer Adversarial Robustness for Deep Learning-Based Semantic Communications

Physical-Layer Adversarial Robustness for Deep Learning-Based Semantic Communications

End-to-end semantic communications (ESC) rely on deep neural networks (DNN) to boost communication efficiency by only transmitting the semantics of data, showing great potential for high-demand mobile applications. We argue that central to the success of ESC is the robust interpretation of conveyed...

Ausführliche Beschreibung

Gespeichert in:
Bibliographische Detailangaben
Veröffentlicht in:IEEE journal on selected areas in communications 2023-08, Vol.41 (8), p.2592-2608
Hauptverfasser: Nan, Guoshun, Li, Zhichun, Zhai, Jinli, Cui, Qimei, Chen, Gong, Du, Xin, Zhang, Xuefei, Tao, Xiaofeng, Han, Zhu, Quek, Tony Q. S.
Format: Artikel
Sprache:eng
Schlagworte:
adversarial robustness
Applications programs
Artificial neural networks
Communication
Communication system security
Communication systems
Communications systems
Controllability
Deep learning
end-to-end communication systems
Machine learning
Mobile computing
Perturbation
Perturbation methods
physical-layer attacks
Receivers
Robustness
semantic communications
Semantics
Training
Wireless communication
Online-Zugang:Volltext bestellen
Tags: Tag hinzufügen
Keine Tags, Fügen Sie den ersten Tag hinzu!
container_end_page 2608
container_issue 8
container_start_page 2592
container_title IEEE journal on selected areas in communications
container_volume 41
creator Nan, Guoshun
Li, Zhichun
Zhai, Jinli
Cui, Qimei
Chen, Gong
Du, Xin
Zhang, Xuefei
Tao, Xiaofeng
Han, Zhu
Quek, Tony Q. S.
description End-to-end semantic communications (ESC) rely on deep neural networks (DNN) to boost communication efficiency by only transmitting the semantics of data, showing great potential for high-demand mobile applications. We argue that central to the success of ESC is the robust interpretation of conveyed semantics at the receiver side, especially for security-critical applications such as automatic driving and smart healthcare. However, robustifying semantic interpretation is challenging as ESC is extremely vulnerable to physical-layer adversarial attacks due to the openness of wireless channels and the fragileness of neural models. Toward ESC robustness in practice, we ask the following two questions: Q1: For attacks, is it possible to generate semantic-oriented physical-layer adversarial attacks that are imperceptible, input-agnostic and controllable? Q2: Can we develop a defense strategy against such semantic distortions and previously proposed adversaries? To this end, we first present MobileSC , a novel semantic communication framework that considers the computation and memory efficiency in wireless environments. Equipped with this framework, we propose SemAdv , a physical-layer adversarial perturbation generator that aims to craft semantic adversaries over the air with the abovementioned criteria, thus answering the Q1. To better characterize the real-world effects for robust training and evaluation, we further introduce a novel adversarial training method \texttt {SemMixed} to harden the ESC against SemAdv attacks and existing strong threats, thus answering the Q2. Extensive experiments on three public benchmarks verify the effectiveness of our proposed methods against various physical adversarial attacks. We also show some interesting findings, e.g., our MobileSC can even be more robust than classical block-wise communication systems in the low SNR regime.
doi_str_mv 10.1109/JSAC.2023.3288249
format Article
fullrecord <record><control><sourceid>proquest_RIE</sourceid><recordid>TN_cdi_proquest_journals_2845760408</recordid><sourceformat>XML</sourceformat><sourcesystem>PC</sourcesystem><ieee_id>10159517</ieee_id><sourcerecordid>2845760408</sourcerecordid><originalsourceid>FETCH-LOGICAL-c294t-2ff0729d9e1751ddc6d4af3b3e7365c7fe995deb006fa16cd22c731fef2d27dd3</originalsourceid><addsrcrecordid>eNpNkF1LwzAYhYMoOKc_QPAi4HVnPpomuZz1m4Li3HXIkjfasbYzaYX9ezvmhVfn5jnnwIPQJSUzSom-eVnMyxkjjM84U4rl-ghNqBAqI4SoYzQhkvNMSVqcorOU1oTQPFdsgpZvX7tUO7vJKruDiOf-B2KysbYb_N6thtS3kBIOXcR3AFtcgY1t3X5mtzaBxwtobNvXDpdd0wztONTXXZvO0UmwmwQXfzlFy4f7j_Ipq14fn8t5lTmm8z5jIRDJtNdApaDeu8LnNvAVB8kL4WQArYWHFSFFsLRwnjEnOQ0QmGfSez5F14fdbey-B0i9WXdDbMdLw1QuZEFyokaKHigXu5QiBLONdWPjzlBi9vbM3p7Z2zN_9sbO1aFTA8A_ngotqOS_tcNskw</addsrcrecordid><sourcetype>Aggregation Database</sourcetype><iscdi>true</iscdi><recordtype>article</recordtype><pqid>2845760408</pqid></control><display><type>article</type><title>Physical-Layer Adversarial Robustness for Deep Learning-Based Semantic Communications</title><source>IEEE Xplore</source><creator>Nan, Guoshun ; Li, Zhichun ; Zhai, Jinli ; Cui, Qimei ; Chen, Gong ; Du, Xin ; Zhang, Xuefei ; Tao, Xiaofeng ; Han, Zhu ; Quek, Tony Q. S.</creator><creatorcontrib>Nan, Guoshun ; Li, Zhichun ; Zhai, Jinli ; Cui, Qimei ; Chen, Gong ; Du, Xin ; Zhang, Xuefei ; Tao, Xiaofeng ; Han, Zhu ; Quek, Tony Q. S.</creatorcontrib><description>End-to-end semantic communications (ESC) rely on deep neural networks (DNN) to boost communication efficiency by only transmitting the semantics of data, showing great potential for high-demand mobile applications. We argue that central to the success of ESC is the robust interpretation of conveyed semantics at the receiver side, especially for security-critical applications such as automatic driving and smart healthcare. However, robustifying semantic interpretation is challenging as ESC is extremely vulnerable to physical-layer adversarial attacks due to the openness of wireless channels and the fragileness of neural models. Toward ESC robustness in practice, we ask the following two questions: Q1: For attacks, is it possible to generate semantic-oriented physical-layer adversarial attacks that are imperceptible, input-agnostic and controllable? Q2: Can we develop a defense strategy against such semantic distortions and previously proposed adversaries? To this end, we first present MobileSC , a novel semantic communication framework that considers the computation and memory efficiency in wireless environments. Equipped with this framework, we propose SemAdv , a physical-layer adversarial perturbation generator that aims to craft semantic adversaries over the air with the abovementioned criteria, thus answering the Q1. To better characterize the real-world effects for robust training and evaluation, we further introduce a novel adversarial training method &lt;inline-formula&gt; &lt;tex-math notation="LaTeX"&gt;\texttt {SemMixed} &lt;/tex-math&gt;&lt;/inline-formula&gt; to harden the ESC against SemAdv attacks and existing strong threats, thus answering the Q2. Extensive experiments on three public benchmarks verify the effectiveness of our proposed methods against various physical adversarial attacks. We also show some interesting findings, e.g., our MobileSC can even be more robust than classical block-wise communication systems in the low SNR regime.</description><identifier>ISSN: 0733-8716</identifier><identifier>EISSN: 1558-0008</identifier><identifier>DOI: 10.1109/JSAC.2023.3288249</identifier><identifier>CODEN: ISACEM</identifier><language>eng</language><publisher>New York: IEEE</publisher><subject>adversarial robustness ; Applications programs ; Artificial neural networks ; Communication ; Communication system security ; Communication systems ; Communications systems ; Controllability ; Deep learning ; end-to-end communication systems ; Machine learning ; Mobile computing ; Perturbation ; Perturbation methods ; physical-layer attacks ; Receivers ; Robustness ; semantic communications ; Semantics ; Training ; Wireless communication</subject><ispartof>IEEE journal on selected areas in communications, 2023-08, Vol.41 (8), p.2592-2608</ispartof><rights>Copyright The Institute of Electrical and Electronics Engineers, Inc. (IEEE) 2023</rights><lds50>peer_reviewed</lds50><woscitedreferencessubscribed>false</woscitedreferencessubscribed><citedby>FETCH-LOGICAL-c294t-2ff0729d9e1751ddc6d4af3b3e7365c7fe995deb006fa16cd22c731fef2d27dd3</citedby><cites>FETCH-LOGICAL-c294t-2ff0729d9e1751ddc6d4af3b3e7365c7fe995deb006fa16cd22c731fef2d27dd3</cites><orcidid>0000-0002-4037-3149 ; 0000-0002-0533-2528 ; 0000-0003-1720-220X ; 0000-0002-6606-5822 ; 0000-0001-7096-9667 ; 0000-0001-9518-1622 ; 0000-0002-1987-2736</orcidid></display><links><openurl>$$Topenurl_article</openurl><openurlfulltext>$$Topenurlfull_article</openurlfulltext><thumbnail>$$Tsyndetics_thumb_exl</thumbnail><linktohtml>$$Uhttps://ieeexplore.ieee.org/document/10159517$$EHTML$$P50$$Gieee$$H</linktohtml><link.rule.ids>314,777,781,793,27905,27906,54739</link.rule.ids><linktorsrc>$$Uhttps://ieeexplore.ieee.org/document/10159517$$EView_record_in_IEEE$$FView_record_in_$$GIEEE</linktorsrc></links><search><creatorcontrib>Nan, Guoshun</creatorcontrib><creatorcontrib>Li, Zhichun</creatorcontrib><creatorcontrib>Zhai, Jinli</creatorcontrib><creatorcontrib>Cui, Qimei</creatorcontrib><creatorcontrib>Chen, Gong</creatorcontrib><creatorcontrib>Du, Xin</creatorcontrib><creatorcontrib>Zhang, Xuefei</creatorcontrib><creatorcontrib>Tao, Xiaofeng</creatorcontrib><creatorcontrib>Han, Zhu</creatorcontrib><creatorcontrib>Quek, Tony Q. S.</creatorcontrib><title>Physical-Layer Adversarial Robustness for Deep Learning-Based Semantic Communications</title><title>IEEE journal on selected areas in communications</title><addtitle>J-SAC</addtitle><description>End-to-end semantic communications (ESC) rely on deep neural networks (DNN) to boost communication efficiency by only transmitting the semantics of data, showing great potential for high-demand mobile applications. We argue that central to the success of ESC is the robust interpretation of conveyed semantics at the receiver side, especially for security-critical applications such as automatic driving and smart healthcare. However, robustifying semantic interpretation is challenging as ESC is extremely vulnerable to physical-layer adversarial attacks due to the openness of wireless channels and the fragileness of neural models. Toward ESC robustness in practice, we ask the following two questions: Q1: For attacks, is it possible to generate semantic-oriented physical-layer adversarial attacks that are imperceptible, input-agnostic and controllable? Q2: Can we develop a defense strategy against such semantic distortions and previously proposed adversaries? To this end, we first present MobileSC , a novel semantic communication framework that considers the computation and memory efficiency in wireless environments. Equipped with this framework, we propose SemAdv , a physical-layer adversarial perturbation generator that aims to craft semantic adversaries over the air with the abovementioned criteria, thus answering the Q1. To better characterize the real-world effects for robust training and evaluation, we further introduce a novel adversarial training method &lt;inline-formula&gt; &lt;tex-math notation="LaTeX"&gt;\texttt {SemMixed} &lt;/tex-math&gt;&lt;/inline-formula&gt; to harden the ESC against SemAdv attacks and existing strong threats, thus answering the Q2. Extensive experiments on three public benchmarks verify the effectiveness of our proposed methods against various physical adversarial attacks. We also show some interesting findings, e.g., our MobileSC can even be more robust than classical block-wise communication systems in the low SNR regime.</description><subject>adversarial robustness</subject><subject>Applications programs</subject><subject>Artificial neural networks</subject><subject>Communication</subject><subject>Communication system security</subject><subject>Communication systems</subject><subject>Communications systems</subject><subject>Controllability</subject><subject>Deep learning</subject><subject>end-to-end communication systems</subject><subject>Machine learning</subject><subject>Mobile computing</subject><subject>Perturbation</subject><subject>Perturbation methods</subject><subject>physical-layer attacks</subject><subject>Receivers</subject><subject>Robustness</subject><subject>semantic communications</subject><subject>Semantics</subject><subject>Training</subject><subject>Wireless communication</subject><issn>0733-8716</issn><issn>1558-0008</issn><fulltext>true</fulltext><rsrctype>article</rsrctype><creationdate>2023</creationdate><recordtype>article</recordtype><sourceid>RIE</sourceid><recordid>eNpNkF1LwzAYhYMoOKc_QPAi4HVnPpomuZz1m4Li3HXIkjfasbYzaYX9ezvmhVfn5jnnwIPQJSUzSom-eVnMyxkjjM84U4rl-ghNqBAqI4SoYzQhkvNMSVqcorOU1oTQPFdsgpZvX7tUO7vJKruDiOf-B2KysbYb_N6thtS3kBIOXcR3AFtcgY1t3X5mtzaBxwtobNvXDpdd0wztONTXXZvO0UmwmwQXfzlFy4f7j_Ipq14fn8t5lTmm8z5jIRDJtNdApaDeu8LnNvAVB8kL4WQArYWHFSFFsLRwnjEnOQ0QmGfSez5F14fdbey-B0i9WXdDbMdLw1QuZEFyokaKHigXu5QiBLONdWPjzlBi9vbM3p7Z2zN_9sbO1aFTA8A_ngotqOS_tcNskw</recordid><startdate>20230801</startdate><enddate>20230801</enddate><creator>Nan, Guoshun</creator><creator>Li, Zhichun</creator><creator>Zhai, Jinli</creator><creator>Cui, Qimei</creator><creator>Chen, Gong</creator><creator>Du, Xin</creator><creator>Zhang, Xuefei</creator><creator>Tao, Xiaofeng</creator><creator>Han, Zhu</creator><creator>Quek, Tony Q. S.</creator><general>IEEE</general><general>The Institute of Electrical and Electronics Engineers, Inc. (IEEE)</general><scope>97E</scope><scope>RIA</scope><scope>RIE</scope><scope>AAYXX</scope><scope>CITATION</scope><scope>7SP</scope><scope>8FD</scope><scope>L7M</scope><orcidid>https://orcid.org/0000-0002-4037-3149</orcidid><orcidid>https://orcid.org/0000-0002-0533-2528</orcidid><orcidid>https://orcid.org/0000-0003-1720-220X</orcidid><orcidid>https://orcid.org/0000-0002-6606-5822</orcidid><orcidid>https://orcid.org/0000-0001-7096-9667</orcidid><orcidid>https://orcid.org/0000-0001-9518-1622</orcidid><orcidid>https://orcid.org/0000-0002-1987-2736</orcidid></search><sort><creationdate>20230801</creationdate><title>Physical-Layer Adversarial Robustness for Deep Learning-Based Semantic Communications</title><author>Nan, Guoshun ; Li, Zhichun ; Zhai, Jinli ; Cui, Qimei ; Chen, Gong ; Du, Xin ; Zhang, Xuefei ; Tao, Xiaofeng ; Han, Zhu ; Quek, Tony Q. S.</author></sort><facets><frbrtype>5</frbrtype><frbrgroupid>cdi_FETCH-LOGICAL-c294t-2ff0729d9e1751ddc6d4af3b3e7365c7fe995deb006fa16cd22c731fef2d27dd3</frbrgroupid><rsrctype>articles</rsrctype><prefilter>articles</prefilter><language>eng</language><creationdate>2023</creationdate><topic>adversarial robustness</topic><topic>Applications programs</topic><topic>Artificial neural networks</topic><topic>Communication</topic><topic>Communication system security</topic><topic>Communication systems</topic><topic>Communications systems</topic><topic>Controllability</topic><topic>Deep learning</topic><topic>end-to-end communication systems</topic><topic>Machine learning</topic><topic>Mobile computing</topic><topic>Perturbation</topic><topic>Perturbation methods</topic><topic>physical-layer attacks</topic><topic>Receivers</topic><topic>Robustness</topic><topic>semantic communications</topic><topic>Semantics</topic><topic>Training</topic><topic>Wireless communication</topic><toplevel>peer_reviewed</toplevel><toplevel>online_resources</toplevel><creatorcontrib>Nan, Guoshun</creatorcontrib><creatorcontrib>Li, Zhichun</creatorcontrib><creatorcontrib>Zhai, Jinli</creatorcontrib><creatorcontrib>Cui, Qimei</creatorcontrib><creatorcontrib>Chen, Gong</creatorcontrib><creatorcontrib>Du, Xin</creatorcontrib><creatorcontrib>Zhang, Xuefei</creatorcontrib><creatorcontrib>Tao, Xiaofeng</creatorcontrib><creatorcontrib>Han, Zhu</creatorcontrib><creatorcontrib>Quek, Tony Q. S.</creatorcontrib><collection>IEEE All-Society Periodicals Package (ASPP) 2005–Present</collection><collection>IEEE All-Society Periodicals Package (ASPP) 1998–Present</collection><collection>IEEE Xplore</collection><collection>CrossRef</collection><collection>Electronics &amp; Communications Abstracts</collection><collection>Technology Research Database</collection><collection>Advanced Technologies Database with Aerospace</collection><jtitle>IEEE journal on selected areas in communications</jtitle></facets><delivery><delcategory>Remote Search Resource</delcategory><fulltext>fulltext_linktorsrc</fulltext></delivery><addata><au>Nan, Guoshun</au><au>Li, Zhichun</au><au>Zhai, Jinli</au><au>Cui, Qimei</au><au>Chen, Gong</au><au>Du, Xin</au><au>Zhang, Xuefei</au><au>Tao, Xiaofeng</au><au>Han, Zhu</au><au>Quek, Tony Q. S.</au><format>journal</format><genre>article</genre><ristype>JOUR</ristype><atitle>Physical-Layer Adversarial Robustness for Deep Learning-Based Semantic Communications</atitle><jtitle>IEEE journal on selected areas in communications</jtitle><stitle>J-SAC</stitle><date>2023-08-01</date><risdate>2023</risdate><volume>41</volume><issue>8</issue><spage>2592</spage><epage>2608</epage><pages>2592-2608</pages><issn>0733-8716</issn><eissn>1558-0008</eissn><coden>ISACEM</coden><abstract>End-to-end semantic communications (ESC) rely on deep neural networks (DNN) to boost communication efficiency by only transmitting the semantics of data, showing great potential for high-demand mobile applications. We argue that central to the success of ESC is the robust interpretation of conveyed semantics at the receiver side, especially for security-critical applications such as automatic driving and smart healthcare. However, robustifying semantic interpretation is challenging as ESC is extremely vulnerable to physical-layer adversarial attacks due to the openness of wireless channels and the fragileness of neural models. Toward ESC robustness in practice, we ask the following two questions: Q1: For attacks, is it possible to generate semantic-oriented physical-layer adversarial attacks that are imperceptible, input-agnostic and controllable? Q2: Can we develop a defense strategy against such semantic distortions and previously proposed adversaries? To this end, we first present MobileSC , a novel semantic communication framework that considers the computation and memory efficiency in wireless environments. Equipped with this framework, we propose SemAdv , a physical-layer adversarial perturbation generator that aims to craft semantic adversaries over the air with the abovementioned criteria, thus answering the Q1. To better characterize the real-world effects for robust training and evaluation, we further introduce a novel adversarial training method &lt;inline-formula&gt; &lt;tex-math notation="LaTeX"&gt;\texttt {SemMixed} &lt;/tex-math&gt;&lt;/inline-formula&gt; to harden the ESC against SemAdv attacks and existing strong threats, thus answering the Q2. Extensive experiments on three public benchmarks verify the effectiveness of our proposed methods against various physical adversarial attacks. We also show some interesting findings, e.g., our MobileSC can even be more robust than classical block-wise communication systems in the low SNR regime.</abstract><cop>New York</cop><pub>IEEE</pub><doi>10.1109/JSAC.2023.3288249</doi><tpages>17</tpages><orcidid>https://orcid.org/0000-0002-4037-3149</orcidid><orcidid>https://orcid.org/0000-0002-0533-2528</orcidid><orcidid>https://orcid.org/0000-0003-1720-220X</orcidid><orcidid>https://orcid.org/0000-0002-6606-5822</orcidid><orcidid>https://orcid.org/0000-0001-7096-9667</orcidid><orcidid>https://orcid.org/0000-0001-9518-1622</orcidid><orcidid>https://orcid.org/0000-0002-1987-2736</orcidid></addata></record>
fulltext fulltext_linktorsrc
identifier ISSN: 0733-8716
ispartof IEEE journal on selected areas in communications, 2023-08, Vol.41 (8), p.2592-2608
issn 0733-8716
1558-0008
language eng
recordid cdi_proquest_journals_2845760408
source IEEE Xplore
subjects adversarial robustness
Applications programs
Artificial neural networks
Communication
Communication system security
Communication systems
Communications systems
Controllability
Deep learning
end-to-end communication systems
Machine learning
Mobile computing
Perturbation
Perturbation methods
physical-layer attacks
Receivers
Robustness
semantic communications
Semantics
Training
Wireless communication
title Physical-Layer Adversarial Robustness for Deep Learning-Based Semantic Communications
url https://sfx.bib-bvb.de/sfx_tum?ctx_ver=Z39.88-2004&ctx_enc=info:ofi/enc:UTF-8&ctx_tim=2025-01-17T18%3A38%3A49IST&url_ver=Z39.88-2004&url_ctx_fmt=infofi/fmt:kev:mtx:ctx&rfr_id=info:sid/primo.exlibrisgroup.com:primo3-Article-proquest_RIE&rft_val_fmt=info:ofi/fmt:kev:mtx:journal&rft.genre=article&rft.atitle=Physical-Layer%20Adversarial%20Robustness%20for%20Deep%20Learning-Based%20Semantic%20Communications&rft.jtitle=IEEE%20journal%20on%20selected%20areas%20in%20communications&rft.au=Nan,%20Guoshun&rft.date=2023-08-01&rft.volume=41&rft.issue=8&rft.spage=2592&rft.epage=2608&rft.pages=2592-2608&rft.issn=0733-8716&rft.eissn=1558-0008&rft.coden=ISACEM&rft_id=info:doi/10.1109/JSAC.2023.3288249&rft_dat=%3Cproquest_RIE%3E2845760408%3C/proquest_RIE%3E%3Curl%3E%3C/url%3E&disable_directlink=true&sfx.directlink=off&sfx.report_link=0&rft_id=info:oai/&rft_pqid=2845760408&rft_id=info:pmid/&rft_ieee_id=10159517&rfr_iscdi=true