Detecting Backdoor Attacks via Similarity in Semantic Communication Systems
This addresses a security vulnerability in semantic communication systems, which are critical for modern communications, though it is an incremental improvement over existing defenses.
The paper tackles the problem of backdoor attacks in semantic communication systems by proposing a defense mechanism that uses semantic similarity to detect poisoned samples without altering the model structure or data formats, achieving high detection accuracy and recall across varying poisoning ratios.
Semantic communication systems, which leverage Generative AI (GAI) to transmit semantic meaning rather than raw data, are poised to revolutionize modern communications. However, they are vulnerable to backdoor attacks, a type of poisoning manipulation that embeds malicious triggers into training datasets. As a result, Backdoor attacks mislead the inference for poisoned samples while clean samples remain unaffected. The existing defenses may alter the model structure (such as neuron pruning that potentially degrades inference performance on clean inputs, or impose strict requirements on data formats (such as ``Semantic Shield" that requires image-text pairs). To address these limitations, this work proposes a defense mechanism that leverages semantic similarity to detect backdoor attacks without modifying the model structure or imposing data format constraints. By analyzing deviations in semantic feature space and establishing a threshold-based detection framework, the proposed approach effectively identifies poisoned samples. The experimental results demonstrate high detection accuracy and recall across varying poisoning ratios, underlining the significant effectiveness of our proposed solution.