Privacy-Preserving Task-Oriented Semantic Communications Against Model Inversion Attacks

Yanhu Wang; Shuaishuai Guo; Yiqin Deng; Haixia Zhang; Yuguang Fang

doi:10.1109/TWC.2024.3369170

Privacy-Preserving Task-Oriented Semantic Communications Against Model Inversion Attacks

Yanhu Wang, Shuaishuai Guo^*, Yiqin Deng, Haixia Zhang, Yuguang Fang

^*Corresponding author for this work

Department of Computer Science

Research output: Journal Publications and Reviews › RGC 21 - Publication in refereed journal › peer-review

37 Citations (Scopus)

90 Downloads (CityUHK Scholars)

Abstract

Semantic communication has been identified as a core technology for the sixth generation (6G) of wireless networks. Recently, task-oriented semantic communications have been proposed for low-latency inference with limited bandwidth. Although transmitting only task-related information does protect a certain level of user privacy, adversaries could apply model inversion techniques to reconstruct the raw data or extract useful information, thereby infringing on users’ privacy. To mitigate privacy infringement, this paper proposes an information bottleneck and adversarial learning (IBAL) approach to protect users’ privacy against model inversion attacks. Specifically, we extract task-relevant features from the input based on the information bottleneck (IB) theory. To overcome the difficulty in calculating the mutual information in high-dimensional space, we derive a variational upper bound to estimate the true mutual information. To prevent data reconstruction from task-related features by adversaries, we leverage adversarial learning to train encoder to fool adversaries by maximizing reconstruction distortion. Furthermore, considering the impact of channel variations on privacy-utility trade-off and the difficulty in manually tuning the weights of each loss, we propose an adaptive weight adjustment method. Numerical results demonstrate that the proposed approaches can effectively protect privacy without significantly affecting task performance and achieve better privacy-utility trade-offs than baseline methods. © 2024 IEEE.

Original language	English
Pages (from-to)	10150-10165
Number of pages	16
Journal	IEEE Transactions on Wireless Communications
Volume	23
Issue number	8
Online published	1 Mar 2024
DOIs	https://doi.org/10.1109/TWC.2024.3369170
Publication status	Published - Aug 2024

Research Keywords

adversarial learning
information bottleneck
privacy-preservation
Semantic communications

Publisher's Copyright Statement

COPYRIGHT TERMS OF DEPOSITED POSTPRINT FILE: © 2024 IEEE. Personal use of this material is permitted. Permission from IEEE must be obtained for all other uses, in any current or future media, including reprinting/republishing this material for advertising or promotional purposes, creating new collective works, for resale or redistribution to servers or lists, or reuse of any copyrighted component of this work in other works. Wang, Y., Guo, S., Deng, Y., & Zhang, H. et al. (2024). Privacy-Preserving Task-Oriented Semantic Communications Against Model Inversion Attacks. IEEE Transactions on Wireless Communications, 23(8), 10150 – 10165. https://doi.org/10.1109/TWC.2024.3369170

Access Output

10.1109/TWC.2024.3369170

221447220.pdfPost-print, 2.37 MB

Other Access Options

Check CityUHK Library

Permanent Link

Right click to copy link

Cite this

@article{3283623a54aa43e09eb56ed820e92fcc,

title = "Privacy-Preserving Task-Oriented Semantic Communications Against Model Inversion Attacks",

abstract = "Semantic communication has been identified as a core technology for the sixth generation (6G) of wireless networks. Recently, task-oriented semantic communications have been proposed for low-latency inference with limited bandwidth. Although transmitting only task-related information does protect a certain level of user privacy, adversaries could apply model inversion techniques to reconstruct the raw data or extract useful information, thereby infringing on users{\textquoteright} privacy. To mitigate privacy infringement, this paper proposes an information bottleneck and adversarial learning (IBAL) approach to protect users{\textquoteright} privacy against model inversion attacks. Specifically, we extract task-relevant features from the input based on the information bottleneck (IB) theory. To overcome the difficulty in calculating the mutual information in high-dimensional space, we derive a variational upper bound to estimate the true mutual information. To prevent data reconstruction from task-related features by adversaries, we leverage adversarial learning to train encoder to fool adversaries by maximizing reconstruction distortion. Furthermore, considering the impact of channel variations on privacy-utility trade-off and the difficulty in manually tuning the weights of each loss, we propose an adaptive weight adjustment method. Numerical results demonstrate that the proposed approaches can effectively protect privacy without significantly affecting task performance and achieve better privacy-utility trade-offs than baseline methods. {\textcopyright} 2024 IEEE.",

keywords = "adversarial learning, information bottleneck, privacy-preservation, Semantic communications",

author = "Yanhu Wang and Shuaishuai Guo and Yiqin Deng and Haixia Zhang and Yuguang Fang",

year = "2024",

month = aug,

doi = "10.1109/TWC.2024.3369170",

language = "English",

volume = "23",

pages = "10150--10165",

journal = "IEEE Transactions on Wireless Communications",

issn = "1536-1276",

publisher = "IEEE",

number = "8",

}

TY - JOUR

T1 - Privacy-Preserving Task-Oriented Semantic Communications Against Model Inversion Attacks

AU - Wang, Yanhu

AU - Guo, Shuaishuai

AU - Deng, Yiqin

AU - Zhang, Haixia

AU - Fang, Yuguang

PY - 2024/8

Y1 - 2024/8

N2 - Semantic communication has been identified as a core technology for the sixth generation (6G) of wireless networks. Recently, task-oriented semantic communications have been proposed for low-latency inference with limited bandwidth. Although transmitting only task-related information does protect a certain level of user privacy, adversaries could apply model inversion techniques to reconstruct the raw data or extract useful information, thereby infringing on users’ privacy. To mitigate privacy infringement, this paper proposes an information bottleneck and adversarial learning (IBAL) approach to protect users’ privacy against model inversion attacks. Specifically, we extract task-relevant features from the input based on the information bottleneck (IB) theory. To overcome the difficulty in calculating the mutual information in high-dimensional space, we derive a variational upper bound to estimate the true mutual information. To prevent data reconstruction from task-related features by adversaries, we leverage adversarial learning to train encoder to fool adversaries by maximizing reconstruction distortion. Furthermore, considering the impact of channel variations on privacy-utility trade-off and the difficulty in manually tuning the weights of each loss, we propose an adaptive weight adjustment method. Numerical results demonstrate that the proposed approaches can effectively protect privacy without significantly affecting task performance and achieve better privacy-utility trade-offs than baseline methods. © 2024 IEEE.

AB - Semantic communication has been identified as a core technology for the sixth generation (6G) of wireless networks. Recently, task-oriented semantic communications have been proposed for low-latency inference with limited bandwidth. Although transmitting only task-related information does protect a certain level of user privacy, adversaries could apply model inversion techniques to reconstruct the raw data or extract useful information, thereby infringing on users’ privacy. To mitigate privacy infringement, this paper proposes an information bottleneck and adversarial learning (IBAL) approach to protect users’ privacy against model inversion attacks. Specifically, we extract task-relevant features from the input based on the information bottleneck (IB) theory. To overcome the difficulty in calculating the mutual information in high-dimensional space, we derive a variational upper bound to estimate the true mutual information. To prevent data reconstruction from task-related features by adversaries, we leverage adversarial learning to train encoder to fool adversaries by maximizing reconstruction distortion. Furthermore, considering the impact of channel variations on privacy-utility trade-off and the difficulty in manually tuning the weights of each loss, we propose an adaptive weight adjustment method. Numerical results demonstrate that the proposed approaches can effectively protect privacy without significantly affecting task performance and achieve better privacy-utility trade-offs than baseline methods. © 2024 IEEE.

KW - adversarial learning

KW - information bottleneck

KW - privacy-preservation

KW - Semantic communications

UR - http://www.scopus.com/inward/record.url?scp=85186990506&partnerID=8YFLogxK

UR - https://www.scopus.com/record/pubmetrics.uri?eid=2-s2.0-85186990506&origin=recordpage

UR - https://www.webofscience.com/wos/woscc/full-record/WOS:001329887800136

U2 - 10.1109/TWC.2024.3369170

DO - 10.1109/TWC.2024.3369170

M3 - RGC 21 - Publication in refereed journal

SN - 1536-1276

VL - 23

SP - 10150

EP - 10165

JO - IEEE Transactions on Wireless Communications

JF - IEEE Transactions on Wireless Communications

IS - 8

ER -

Privacy-Preserving Task-Oriented Semantic Communications Against Model Inversion Attacks

Abstract

Research Keywords

Publisher's Copyright Statement

Access Output

Other Access Options

Permanent Link

Other Files and Links

Fingerprint

Cite this