Decentralized and federated learning algorithms face data heterogeneity as one of the biggest challenges, especially when users want to learn a specific task. Even when personalized headers are used concatenated to a shared network (PF-MTL), aggregating all the networks with a decentralized algorithm can result in performance degradation as a result of heterogeneity in the data. Our algorithm uses exchanged gradients to calculate the correlations among tasks automatically, and dynamically adjusts the communication graph to connect mutually beneficial tasks and isolate those that may negatively impact each other. This algorithm improves the learning performance and leads to faster convergence compared to the case where all clients are connected to each other regardless of their correlations. We conduct experiments on a synthetic Gaussian dataset and a large-scale celebrity attributes (CelebA) dataset. The experiment with the synthetic data illustrates that our proposed method is capable of detecting tasks that are positively and negatively correlated. Moreover, the results of the experiments with CelebA demonstrate that the proposed method may produce significantly faster training results than fully-connected networks.

This paper highlights vulnerabilities of deep learning-driven semantic communications to backdoor (Trojan) attacks. Semantic communications aims to convey a desired meaning while transferring information from a transmitter to its receiver. An encoder-decoder pair that is represented by two deep neural networks (DNNs) as part of an autoencoder is trained to reconstruct signals such as images at the receiver by transmitting latent features of small size over a limited number of channel uses. In the meantime, another DNN of a semantic task classifier at the receiver is jointly trained with the autoencoder to check the meaning conveyed to the receiver. The complex decision space of the DNNs makes semantic communications susceptible to adversarial manipulations. In a backdoor (Trojan) attack, the adversary adds triggers to a small portion of training samples and changes the label to a target label. When the transfer of images is considered, the triggers can be added to the images or equivalently to the corresponding transmitted or received signals. In test time, the adversary activates these triggers by providing poisoned samples as input to the encoder (or decoder) of semantic communications. The backdoor attack can effectively change the semantic information transferred for the poisoned input samples to a target meaning. As the performance of semantic communications improves with the signal-to-noise ratio and the number of channel uses, the success of the backdoor attack increases as well. Also, increasing the Trojan ratio in training data makes the attack more successful. In the meantime, the effect of this attack on the unpoisoned input samples remains limited. Overall, this paper shows that the backdoor attack poses a serious threat to semantic communications and presents novel design guidelines to preserve the meaning of transferred information in the presence of backdoor attacks.

Semantic communications seeks to transfer information from a source while conveying a desired meaning to its destination. We model the transmitter-receiver functionalities as an autoencoder followed by a task classifier that evaluates the meaning of the information conveyed to the receiver. The autoencoder consists of an encoder at the transmitter to jointly model source coding, channel coding, and modulation, and a decoder at the receiver to jointly model demodulation, channel decoding and source decoding. By augmenting the reconstruction loss with a semantic loss, the two deep neural networks (DNNs) of this encoder-decoder pair are interactively trained with the DNN of the semantic task classifier. This approach effectively captures the latent feature space and reliably transfers compressed feature vectors with a small number of channel uses while keeping the semantic loss low. We identify the multi-domain security vulnerabilities of using the DNNs for semantic communications. Based on adversarial machine learning, we introduce test-time (targeted and non-targeted) adversarial attacks on the DNNs by manipulating their inputs at different stages of semantic communications. As a computer vision attack, small perturbations are injected to the images at the input of the transmitter's encoder. As a wireless attack, small perturbations signals are transmitted to interfere with the input of the receiver's decoder. By launching these stealth attacks individually or more effectively in a combined form as a multi-domain attack, we show that it is possible to change the semantics of the transferred information even when the reconstruction loss remains low. These multi-domain adversarial attacks pose as a serious threat to the semantics of information transfer (with larger impact than conventional jamming) and raise the need of defense methods for the safe adoption of semantic communications.

Communications systems to date are primarily designed with the goal of reliable (error-free) transfer of digital sequences (bits). Next generation (NextG) communication systems are beginning to explore shifting this design paradigm of reliably decoding bits to reliably executing a given task. Task-oriented communications system design is likely to find impactful applications, for example, considering the relative importance of messages. In this paper, a wireless signal classification is considered as the task to be performed in the NextG Radio Access Network (RAN) for signal intelligence and spectrum awareness applications such as user equipment (UE) identification and authentication, and incumbent signal detection for spectrum co-existence. For that purpose, edge devices collect wireless signals and communicate with the NextG base station (gNodeB) that needs to know the signal class. Edge devices may not have sufficient processing power and may not be trusted to perform the signal classification task, whereas the transfer of the captured signals from the edge devices to the gNodeB may not be efficient or even feasible subject to stringent delay, rate, and energy restrictions. We present a task-oriented communications approach, where all the transmitter, receiver and classifier functionalities are jointly trained as two deep neural networks (DNNs), one for the edge device and another for the gNodeB. We show that this approach achieves better accuracy with smaller DNNs compared to the baselines that treat communications and signal classification as two separate tasks. Finally, we discuss how adversarial machine learning poses a major security threat for the use of DNNs for task-oriented communications. We demonstrate the major performance loss under backdoor (Trojan) attacks and adversarial (evasion) attacks that target the training and test processes of task-oriented communications.

Multi-task learning (MTL) is a learning paradigm to learn multiple related tasks simultaneously with a single shared network where each task has a distinct personalized header network for fine-tuning. MTL can be integrated into a federated learning (FL) setting if tasks are distributed across clients and clients have a single shared network, leading to personalized federated learning (PFL). To cope with statistical heterogeneity in the federated setting across clients which can significantly degrade the learning performance, we use a distributed dynamic weighting approach. To perform the communication between the remote parameter server (PS) and the clients efficiently over the noisy channel in a power and bandwidth-limited regime, we utilize over-the-air (OTA) aggregation and hierarchical federated learning (HFL). Thus, we propose hierarchical over-the-air (HOTA) PFL with a dynamic weighting strategy which we call HOTA-FedGradNorm. Our algorithm considers the channel conditions during the dynamic weight selection process. We conduct experiments on a wireless communication system dataset (RadComDynamic). The experimental results demonstrate that the training speed with HOTA-FedGradNorm is faster compared to the algorithms with a naive static equal weighting strategy. In addition, HOTA-FedGradNorm provides robustness against the negative channel effects by compensating for the channel conditions during the dynamic weight selection process.

通过从大型天线移动到用于软件定义的无线系统的天线表面，可重新配置的智能表面（RISS）依赖于单元电池的阵列，以控制信号的散射和反射轮廓，减轻传播损耗和多路径衰减，从而改善覆盖范围和光谱效率。在本文中，在RIS存在下考虑了隐蔽的通信。虽然RIS升高了持续的传动，但是预期接收器和窃听者都可以单独尝试使用自己的深神经网络（DNN）分类器来检测该传输。 RIS交互向量是通过平衡将发送信号聚焦到接收器的两个（潜在冲突）目标而设计的，并将发送的信号远离窃听器。为了提高封面通信，对发射机的信号添加对抗扰动以欺骗窃听器的分类器，同时保持对接收器的影响。来自不同网络拓扑的结果表明，可以共同设计对抗扰动和RIS交互向量，以有效地提高接收器处的信号检测精度，同时降低窃听器的检测精度以实现封面通信。

编码的计算技术为分布式计算中的贸易管理者提供鲁棒性。但是，大多数现有计划都需要精确地配置争吵行为，并忽略通过谋杀工人执行的计算。此外，这些方案通常被设计为准确地恢复所需的计算结果，而在许多机器学习和迭代优化算法中，已知更快的近似解决方案导致整体收敛时间的改善。在本文中，我们首先引入一种新的编码矩阵 - 向量乘法方案，称为组成的编码计算，其中部分恢复（CCPR），这有利于编码和未编码的计算方案的优点，并减少了计算时间和解码复杂度允许在准确性和计算速度之间进行权衡。然后，我们通过提出具有部分恢复的编码通信方案来扩展这种方法来分发更多一般计算任务，其中在传送之前编码由工人计算的子任务的结果。大型线性回归任务的数值模拟确认了所提出的分布式计算方案的优势，在计算准确性和延迟之间的权衡方面具有部分恢复。

本文提出了对基于深度学习的无线信号分类器的信道感知对抗攻击。有一个发射器，发送具有不同调制类型的信号。每个接收器使用深神经网络以将其超空气接收信号分类为调制类型。与此同时，对手将对手扰动（受到电力预算的影响）透射到欺骗接收器，以在作为透射信号叠加和对抗扰动的叠加接收的分类信号中进行错误。首先，当在设计对抗扰动时不考虑通道时，这些逃避攻击被证明会失败。然后，通过考虑来自每个接收器的对手的频道效应来提出现实攻击。在示出频道感知攻击是选择性的（即，它只影响扰动设计中的信道中考虑的接收器），通过制作常见的对抗扰动来呈现广播对抗攻击，以在不同接收器处同时欺骗分类器。通过占通道，发射机输入和分类器模型可用的不同信息，将调制分类器对过空中侵犯攻击的主要脆弱性。最后，引入了基于随机平滑的经过认证的防御，即增加了噪声训练数据，使调制分类器鲁棒到对抗扰动。