To address privacy leakage caused by model inversion attacks in task-oriented semantic communication for 6G, this paper proposes DiffSem—a framework that enhances semantic-level privacy protection without compromising downstream task accuracy. Methodologically, DiffSem integrates a diffusion-based generative mechanism with self-referential label embedding to achieve high-fidelity semantic reconstruction; introduces a novel semantic-consistency metric to expose the inadequacy of conventional image-quality metrics (e.g., PSNR, SSIM) for quantifying semantic leakage; and incorporates channel-noise compensation alongside controllable semantic distortion. Experimental results demonstrate a 10.03% improvement in classification accuracy on MNIST while maintaining robustness under dynamic channel conditions. To the best of our knowledge, DiffSem is the first framework to jointly optimize semantic privacy preservation, task performance, and transmission efficiency in 6G semantic communication.

Semantic communication has emerged as a promising neural network-based system design for 6G networks. Task-oriented semantic communication is a novel paradigm whose core goal is to efficiently complete specific tasks by transmitting semantic information, optimizing communication efficiency and task performance. The key challenge lies in preserving privacy while maintaining task accuracy, as this scenario is susceptible to model inversion attacks. In such attacks, adversaries can restore or even reconstruct input data by analyzing and processing model outputs, owing to the neural network-based nature of the systems. In addition, traditional systems use image quality indicators (such as PSNR or SSIM) to assess attack severity, which may be inadequate for task-oriented semantic communication, since visual differences do not necessarily ensure semantic divergence. In this paper, we propose a diffusion-based semantic communication framework, named DiffSem, that optimizes semantic information reconstruction through a diffusion mechanism with self-referential label embedding to significantly improve task performance. Our model also compensates channel noise and adopt semantic information distortion to ensure the robustness of the system in various signal-to-noise ratio environments. To evaluate the attacker's effectiveness, we propose a new metric that better quantifies the semantic fidelity of estimations from the adversary. Experimental results based on this criterion show that on the MNIST dataset, DiffSem improves the classification accuracy by 10.03%, and maintain stable performance under dynamic channels. Our results further demonstrate that significant deviation exists between traditional image quality indicators and the leakage of task-relevant semantic information.