Adversarial Robustness of Bottleneck Injected Deep Neural Networks for Task-Oriented Communication
It addresses security concerns for next-generation communication systems using neural networks for goal-oriented compression, but the findings are incremental as they build on existing IB methods.
This paper investigates the adversarial robustness of deep neural networks using Information Bottleneck objectives in task-oriented communication systems, finding that while these approaches provide baseline resilience, reliance on generative models introduces new vulnerabilities, with Shallow Variational Bottleneck Injection showing less robustness than Deep Variational Information Bottleneck, especially for complex tasks.
This paper investigates the adversarial robustness of Deep Neural Networks (DNNs) using Information Bottleneck (IB) objectives for task-oriented communication systems. We empirically demonstrate that while IB-based approaches provide baseline resilience against attacks targeting downstream tasks, the reliance on generative models for task-oriented communication introduces new vulnerabilities. Through extensive experiments on several datasets, we analyze how bottleneck depth and task complexity influence adversarial robustness. Our key findings show that Shallow Variational Bottleneck Injection (SVBI) provides less adversarial robustness compared to Deep Variational Information Bottleneck (DVIB) approaches, with the gap widening for more complex tasks. Additionally, we reveal that IB-based objectives exhibit stronger robustness against attacks focusing on salient pixels with high intensity compared to those perturbing many pixels with lower intensity. Lastly, we demonstrate that task-oriented communication systems that rely on generative models to extract and recover salient information have an increased attack surface. The results highlight important security considerations for next-generation communication systems that leverage neural networks for goal-oriented compression.