A Survey of Secure Semantic Communications

TL;DR

This survey addresses secure SemCom for 6G by detailing the end-to-end SemCom lifecycle, its potential architectures, and the security/privacy threats that arise in model training, model transfer, and semantic information transmission. It synthesizes defense techniques across data cleaning, robust learning, backdoor defenses, adversarial training, differential privacy, cryptography, blockchain, model compression, and physical-layer security, providing a structured taxonomy and concrete representative methods. The paper also outlines promising directions, including dynamic data cleaning, explainable robust learning, multi-strategy backdoor defenses, and privacy-preserving SemCom that can guide future developments and standardization efforts. The work highlights the practical significance of integrating semantic-level protections with traditional security paradigms to realize secure, efficient, and scalable SemCom in next-generation networks.

Abstract

Semantic communication (SemCom) is regarded as a promising and revolutionary technology in 6G, aiming to transcend the constraints of ``Shannon's trap" by filtering out redundant information and extracting the core of effective data. Compared to traditional communication paradigms, SemCom offers several notable advantages, such as reducing the burden on data transmission, enhancing network management efficiency, and optimizing resource allocation. Numerous researchers have extensively explored SemCom from various perspectives, including network architecture, theoretical analysis, potential technologies, and future applications. However, as SemCom continues to evolve, a multitude of security and privacy concerns have arisen, posing threats to the confidentiality, integrity, and availability of SemCom systems. This paper presents a comprehensive survey of the technologies that can be utilized to secure SemCom. Firstly, we elaborate on the entire life cycle of SemCom, which includes the model training, model transfer, and semantic information transmission phases. Then, we identify the security and privacy issues that emerge during these three stages. Furthermore, we summarize the techniques available to mitigate these security and privacy threats, including data cleaning, robust learning, defensive strategies against backdoor attacks, adversarial training, differential privacy, cryptography, blockchain technology, model compression, and physical-layer security. Lastly, this paper outlines future research directions to guide researchers in related fields.

Figures (27)

• Figure 1: Organizations of this paper.
• Figure 3: Comparison of the link-level architecture between traditional communication and SemCom systems, where (a) shows the architecture of the traditional communication system, where the source and channel encoders operate independently to transmit and recover bits through the physical channel, focusing solely on accurate bit replication without considering semantic content; (b) illustrates the architecture of the SemCom system, where the semantic encoders and decoders are jointly trained to enable efficient transmission and recovery of semantically meaningful information, adapting to both the source and channel conditions. The above procedure is achieved by the transmission of models, which serve as semantic knowledge base for synonymous mapping, recovery and generation.
• Figure 4: Network-level architecture of SemCom systems, where the semantic collaboration spans across three layers: cloud, edge, and device. The first layer (cloud) hosts highly efficient models trained on vast distributed databases, providing intelligent semantic services and incentivizing user contributions. The second layer (edge) includes mobile edge computing nodes that retrain models using techniques like meta-learning and federated learning, collaborating globally to mitigate data bias and adapt to dynamic conditions. The third layer (device) consists of resource-constrained end nodes that retrieve and update models from the edge, ensuring synchronization for semantic recovery during transmission.
• Figure 5: Life cycle of SemComs, where a centralized model is first trained on the cloud and then transferred to edge servers. At the edge, the model and its slices are exchanged among servers to enable a robust co-training process that involves local training, model updates, aggregation into a refined global model and sharing it. This updated model is then delivered to the end node, and any further update requests trigger a new cycle of collaborative re-training, ensuring continuous optimization and efficient semantic information transmission throughout the network.
• Figure 6: Data cleaning in DL whang2020data, where the process ensures the quality and consistency of data through collection, cleaning, validation, training, evaluation, and serving. Data cleaning, being a fundamental step, helps improve the accuracy, robustness, and reliability of the model, enabling better overall performance in real-world applications.