While semantic communication (SemCom) improves transmission efficiency by focusing on task-relevant information, it also raises critical privacy concerns. Many existing secure SemCom approaches rely on restrictive or impractical assumptions, such as favorable channel conditions for the legitimate user or prior knowledge of the eavesdropper's model. To address these limitations, this paper proposes a novel secure SemCom framework for image transmission over wiretap channels, leveraging differential privacy (DP) to provide approximate privacy guarantees. Specifically, our approach first extracts disentangled semantic representations from source images using generative adversarial network (GAN) inversion method, and then selectively perturbs private semantic representations with approximate DP noise. Distinct from conventional DP-based protection methods, we introduce DP noise with learnable pattern, instead of traditional white Gaussian or Laplace noise, achieved through adversarial training of neural networks (NNs). This design mitigates the inherent non-invertibility of DP while effectively protecting private information. Moreover, it enables explicitly controllable security levels by adjusting the privacy budget according to specific security requirements, which is not achieved in most existing secure SemCom approaches. Experimental results demonstrate that, compared with the previous DP-based method and direct transmission, the proposed method significantly degrades the reconstruction quality for the eavesdropper, while introducing only slight degradation in task performance. Under comparable security levels, our approach achieves an LPIPS advantage of 0.06-0.29 and an FPPSR advantage of 0.10-0.86 for the legitimate user compared with the previous DP-based method.

翻译：尽管语义通信通过聚焦任务相关信息提升了传输效率，但其也引发了关键的隐私问题。许多现有安全语义通信方法依赖于限制性或非现实的假设，例如合法用户的有利信道条件或窃听者模型的先验知识。为应对这些局限性，本文提出了一种新颖的窃听信道图像传输安全语义通信框架，利用差分隐私提供近似隐私保证。具体而言，我们的方法首先使用生成对抗网络反演方法从源图像中提取解耦的语义表示，然后选择性地用近似差分隐私噪声扰动私有语义表示。区别于传统的基于差分隐私的保护方法，我们引入了具有可学习模式的差分隐私噪声，而非传统的白高斯或拉普拉斯噪声，这是通过神经网络的对抗训练实现的。该设计缓解了差分隐私固有的不可逆性，同时有效保护了私有信息。此外，它通过根据特定安全要求调整隐私预算，实现了明确可控的安全级别，这在大多数现有安全语义通信方法中未能实现。实验结果表明，与先前基于差分隐私的方法和直接传输相比，所提方法显著降低了窃听者的重建质量，同时仅对任务性能造成轻微下降。在可比的安全级别下，与先前基于差分隐私的方法相比，我们的方法为合法用户实现了0.06-0.29的LPIPS优势和0.10-0.86的FPPSR优势。