This letter explores the positive side of the adversarial attack for the security-aware semantic communication system. Specifically, a pair of matching pluggable modules is installed: one after the semantic transmitter and the other before the semantic receiver. The module at transmitter uses a trainable adversarial residual network (ARN) to generate adversarial examples, while the module at receiver employs another trainable ARN to remove the adversarial attacks and the channel noise. To mitigate the threat of semantic eavesdropping, the trainable ARNs are jointly optimized to minimize the weighted sum of the power of adversarial attack, the mean squared error of semantic communication, and the confidence of eavesdropper correctly retrieving private information. Numerical results show that the proposed scheme is capable of fooling the eavesdropper while maintaining the high-quality semantic communication.

翻译：本文探讨了对抗攻击在安全感知语义通信系统中的积极作用。具体而言，系统安装了一对匹配的可插拔模块：一个位于语义发射器之后，另一个位于语义接收器之前。发射器端的模块使用可训练的对抗残差网络（ARN）生成对抗样本，而接收器端的模块则采用另一个可训练的ARN来消除对抗攻击和信道噪声。为减轻语义窃听的威胁，可训练的ARN通过联合优化来最小化对抗攻击功率、语义通信均方误差以及窃听者正确获取私有信息置信度的加权和。数值结果表明，所提方案能够在保持高质量语义通信的同时有效欺骗窃听者。