This work addresses the vulnerability of deep neural network–driven semantic communication systems to adversarial noise attacks in safety-critical scenarios, where existing defenses lack formal robustness guarantees against diverse perturbations. The authors propose VSCAN, a verification framework that, for the first time, encodes practical adversarial constraints—such as power limits and statistical imperceptibility—into logical formulas and formulates the attack as a mixed-integer programming problem. This enables end-to-end formal verification of the joint system comprising the encoder, decoder, and task model. Experimental results demonstrate that VSCAN provides rigorous robustness guarantees for 44% of 600 verified properties and reveals that a 16-dimensional latent space yields a 50% improvement in verified robustness over a 64-dimensional counterpart, highlighting the security benefits of compact semantic representations.

Safety-critical applications like autonomous vehicles and industrial IoT are adopting semantic communication (SemCom) systems using deep neural networks to reduce bandwidth and increase transmission speed by transmitting only task-relevant semantic features. However, adversarial attacks against these DNN-based SemCom systems can cause catastrophic failures by manipulating transmitted semantic features. Existing defense mechanisms rely on empirical approaches provide no formal guarantees against the full spectrum of adversarial perturbations. We present VSCAN, a neural network verification framework that provides mathematical robustness guarantees by formulating adversarial noise generation as mixed integer programming and verifying end-to-end properties across multiple interconnected networks (encoder, decoder, and task model). Our key insight is that realistic adversarial constraints (power limitations and statistical undetectability) can be encoded as logical formulae to enable efficient verification using state-of-the-art DNN verifiers. Our evaluation on 600 verification properties characterizing various attacker's capabilities shows VSCAN matches attack methods in finding vulnerabilities while providing formal robustness guarantees for 44% of properties -- a significant achievement given the complexity of multi-network verification. Moreover, we reveal a fundamental security-efficiency tradeoff: compact 16-dimensional latent spaces achieve 50% verified robustness compared to 64-dimensional spaces.