Diffusion-aided Task-oriented Semantic Communications with Model Inversion Attack

Semantic communication enhances transmission efficiency by conveying semantic information rather than raw input symbol sequences. Task-oriented semantic communication is a variant that tries to retains only task-specific information, thus achieving greater bandwidth savings. However, these neural-based communication systems are vulnerable to model inversion attacks, where adversaries try to infer sensitive input information from eavesdropped transmitted data. The key challenge, therefore, lies in preserving privacy while ensuring transmission correctness and robustness. While prior studies typically assume that adversaries aim to fully reconstruct the raw input in task-oriented settings, there exist scenarios where pixel-level metrics such as PSNR or SSIM are low, yet the adversary's outputs still suffice to accomplish the downstream task, indicating leakage of sensitive information. We therefore adopt the attacker's task accuracy as a more appropriate metric for evaluating attack effectiveness. To optimize the gap between the legitimate receiver's accuracy and the adversary's accuracy, we propose DiffSem, a diffusion-aided framework for task-oriented semantic communication. DiffSem integrates a transmitter-side self-noising mechanism that adaptively regulates semantic content while compensating for channel noise, and a receiver-side diffusion U-Net that enhances task performance and can be optionally strengthened by self-referential label embeddings. Our experiments demonstrate that DiffSem enables the legitimate receiver to achieve higher accuracy, thereby validating the superior performance of the proposed framework.