Abstract
Deep Learning (DL) algorithms have gained popularity owing to their practical problem-solving capacity. However, they suffer from a serious integrity threat, i.e., their vulnerability to adversarial attacks. In the quest for DL trustworthiness, recent works claimed the inherent robustness of Spiking Neural Networks (SNNs) to these attacks, without considering the variability in their structural spiking parameters. This paper explores the security enhancement of SNNs through internal structural parameters. Specifically, we investigate the SNNs robustness to adversarial attacks with different values of the neuron's firing voltage thresholds and time window boundaries. We thoroughly study SNNs security under different adversarial attacks in the strong white-box setting, with different noise budgets and under variable spiking parameters. Our results show a significant impact of the structural parameters on the SNNs' security, and promising sweet spots can be reached to design trustworthy SNNs with 85% higher robustness than a traditional non-spiking DL system. To the best of our knowledge, this is the first work that investigates the impact of structural parameters on SNNs robustness to adversarial attacks. The proposed contributions and the experimental framework is available online 11https://github.com/rda-ela/SNN-Adversarial-Attacks to the community for reproducible research.
Original language | English |
---|---|
Title of host publication | Proceedings of the 2021 Design, Automation and Test in Europe, DATE 2021 |
Publisher | Institute of Electrical and Electronics Engineers Inc. |
Pages | 774-779 |
Number of pages | 6 |
ISBN (Electronic) | 9783981926354 |
DOIs | |
Publication status | Published - 21 Dec 2021 |
Externally published | Yes |
Event | 2021 Design, Automation and Test in Europe Conference and Exhibition, DATE 2021 - Virtual, Online Duration: 01 Feb 2021 → 05 Feb 2021 |
Publication series
Name | Proceedings -Design, Automation and Test in Europe, DATE |
---|---|
Volume | 2021-February |
ISSN (Print) | 1530-1591 |
Conference
Conference | 2021 Design, Automation and Test in Europe Conference and Exhibition, DATE 2021 |
---|---|
City | Virtual, Online |
Period | 01/02/2021 → 05/02/2021 |
Bibliographical note
Funding Information:This work has been partially supported by the Doctoral College Resilient Embedded Systems which is run jointly by TU Wien’s Faculty of Informatics and FH-Technikum Wien. This work is also partially supported by Intel Corporation through Gift funding for the project “Cost-Effective Dependability for Deep Neural Networks and Spiking Neural Networks”.
Publisher Copyright:
© 2021 EDAA.
Keywords
- Adversarial Attacks
- Analysis
- Deep Learning
- Machine Learning
- Neuromorphic
- Optimization
- Parameters
- Robustness
- Security
- SNN
- Spiking Neural Networks
ASJC Scopus subject areas
- General Engineering