Search papers, labs, and topics across Lattice.
This paper investigates the vulnerabilities of semantic communication (SemCom) systems in shared-access wireless networks, specifically focusing on a selective over-the-air backdoor attack that manipulates semantic inference for one transmitter while minimally impacting another. The authors develop a trigger-aware defense mechanism that effectively preserves semantic integrity under adversarial conditions. Key results reveal that the proposed defense significantly enhances robustness against low-power trigger waveforms, highlighting the critical need for security measures in multi-user SemCom environments.
A stealthy low-power backdoor attack can selectively manipulate semantic inference in shared-access wireless networks, exposing significant vulnerabilities in current SemCom systems.
Semantic communication (SemCom) aims to preserve semantic meaning and task-oriented information beyond conventional message recovery over wireless channels. The adoption of SemCom in shared-access wireless networks introduces new vulnerabilities for multi-user semantic inference. This paper considers a SemCom system for two transmitters communicating with a common receiver over a multiple access channel. Each transmitter maps source information into latent semantic representations, while the receiver jointly reconstructs and classifies the semantic information for both transmitters. A selective over-the-air backdoor (Trojan) attack is presented in which an adversary transmits a low-power trigger waveform over the air and injects it into the shared received signal during training. By transmitting the trigger again during testing, this stealthy, low-power attack selectively manipulates the semantic inference for one transmitter while minimally affecting the inference of the other transmitter. To mitigate this vulnerability, a trigger-aware defense mechanism is developed to preserve correct semantic labels under trigger-contaminated wireless observations. The results demonstrate both the vulnerability of shared-access SemCom systems to selective over-the-air backdoor attacks and the effectiveness of trigger-aware robust training for semantic protection.