In recent years, semantic communication has been a popular research topic for its superiority in communication efficiency. As semantic communication relies on deep learning to extract meaning from raw messages, it is vulnerable to attacks targeting deep learning models. In this paper, we introduce the model inversion eavesdropping attack (MIEA) to reveal the risk of privacy leaks in the semantic communication system. In MIEA, the attacker first eavesdrops the signal being transmitted by the semantic communication system and then performs model inversion attack to reconstruct the raw message, where both the white-box and black-box settings are considered. Evaluation results show that MIEA can successfully reconstruct the raw message with good quality under different channel conditions. We then propose a defense method based on random permutation and substitution to defend against MIEA in order to achieve secure semantic communication. Our experimental results demonstrate the effectiveness of the proposed defense method in preventing MIEA.

翻译：近年来，语义通信因其在通信效率上的优势而成为热门研究课题。由于语义通信依赖深度学习从原始消息中提取语义信息，因此容易受到针对深度学习模型的攻击。本文提出模型反转窃听攻击（MIEA），以揭示语义通信系统中隐私泄露的风险。在MIEA中，攻击者首先窃听语义通信系统传输的信号，然后执行模型反转攻击以重建原始消息，同时考虑了白盒和黑盒两种设置。评估结果表明，MIEA能够在不同信道条件下成功重建出高质量的原始消息。为此，我们提出一种基于随机置换和替换的防御方法，以抵御MIEA，从而实现安全的语义通信。实验结果证明了所提防御方法在阻止MIEA方面的有效性。