Securing Deep Spiking Neural Networks against Adversarial Attacks through Inherent Structural Parameters

Rida El-Allami, Alberto Marchisio, Muhammad Shafique, Ihsen Alouani

Research output: Chapter in Book/Report/Conference proceedingConference contribution

20 Citations (Scopus)

Abstract

Deep Learning (DL) algorithms have gained popularity owing to their practical problem-solving capacity. However, they suffer from a serious integrity threat, i.e., their vulnerability to adversarial attacks. In the quest for DL trustworthiness, recent works claimed the inherent robustness of Spiking Neural Networks (SNNs) to these attacks, without considering the variability in their structural spiking parameters. This paper explores the security enhancement of SNNs through internal structural parameters. Specifically, we investigate the SNNs robustness to adversarial attacks with different values of the neuron's firing voltage thresholds and time window boundaries. We thoroughly study SNNs security under different adversarial attacks in the strong white-box setting, with different noise budgets and under variable spiking parameters. Our results show a significant impact of the structural parameters on the SNNs' security, and promising sweet spots can be reached to design trustworthy SNNs with 85% higher robustness than a traditional non-spiking DL system. To the best of our knowledge, this is the first work that investigates the impact of structural parameters on SNNs robustness to adversarial attacks. The proposed contributions and the experimental framework is available online 11https://github.com/rda-ela/SNN-Adversarial-Attacks to the community for reproducible research.

Original languageEnglish
Title of host publicationProceedings of the 2021 Design, Automation and Test in Europe, DATE 2021
PublisherInstitute of Electrical and Electronics Engineers Inc.
Pages774-779
Number of pages6
ISBN (Electronic)9783981926354
DOIs
Publication statusPublished - 21 Dec 2021
Externally publishedYes
Event2021 Design, Automation and Test in Europe Conference and Exhibition, DATE 2021 - Virtual, Online
Duration: 01 Feb 202105 Feb 2021

Publication series

NameProceedings -Design, Automation and Test in Europe, DATE
Volume2021-February
ISSN (Print)1530-1591

Conference

Conference2021 Design, Automation and Test in Europe Conference and Exhibition, DATE 2021
CityVirtual, Online
Period01/02/202105/02/2021

Bibliographical note

Funding Information:
This work has been partially supported by the Doctoral College Resilient Embedded Systems which is run jointly by TU Wien’s Faculty of Informatics and FH-Technikum Wien. This work is also partially supported by Intel Corporation through Gift funding for the project “Cost-Effective Dependability for Deep Neural Networks and Spiking Neural Networks”.

Publisher Copyright:
© 2021 EDAA.

Keywords

  • Adversarial Attacks
  • Analysis
  • Deep Learning
  • Machine Learning
  • Neuromorphic
  • Optimization
  • Parameters
  • Robustness
  • Security
  • SNN
  • Spiking Neural Networks

ASJC Scopus subject areas

  • General Engineering

Fingerprint

Dive into the research topics of 'Securing Deep Spiking Neural Networks against Adversarial Attacks through Inherent Structural Parameters'. Together they form a unique fingerprint.

Cite this