Is Spiking Secure? A Comparative Study on the Security Vulnerabilities of Spiking and Deep Neural Networks

Spiking Neural Networks (SNNs) claim to present many advantages in terms of biological plausibility and energy efficiency compared to standard Deep Neural Networks (DNNs). Recent works have shown that DNNs are vulnerable to adversarial attacks, i.e., small perturbations added to the input data can lead to targeted or random misclassifications. In this paper, we aim at investigating the key research question: "Are SNNs secure?" Towards this, we perform a comparative study of the security vulnerabilities in SNNs and DNNs w.r.t. the adversarial noise. Afterwards, we propose a novel black-box attack methodology, i.e., without the knowledge of the internal structure of the SNN, which employs a greedy heuristic to automatically generate imperceptible and robust adversarial examples (i.e., attack images) for the given SNN. We perform an in-depth evaluation for a Spiking Deep Belief Network (SDBN) and a DNN having the same number of layers and neurons (to obtain a fair comparison), in order to study the efficiency of our methodology and to understand the differences between SNNs and DNNs w.r.t. the adversarial examples. Our work opens new avenues of research towards the robustness of the SNNs, considering their similarities to the human brain's functionality.

Is Spiking Secure? A Comparative Study on the Security Vulnerabilities of Spiking and Deep Neural Networks / Marchisio, Alberto; Nanfa, Giorgio; Khalid, Faiq; Hanif, Muhammad Abdullah; Martina, Maurizio; Shafique, Muhammad. - ELETTRONICO. - 1(2020), pp. 1-8. ((Intervento presentato al convegno 2020 International Joint Conference on Neural Networks (IJCNN) tenutosi a Glasgow (UK) nel 19-24 July 2020 [10.1109/IJCNN48605.2020.9207297].

SFX
Titolo: Is Spiking Secure? A Comparative Study on the Security Vulnerabilities of Spiking and Deep Neural Networks
Autori: 
MARTINA, MAURIZIO
mostra contributor esterni 
Data di pubblicazione: 2020
Abstract: Spiking Neural Networks (SNNs) claim to present many advantages in terms of biological plausibili...ty and energy efficiency compared to standard Deep Neural Networks (DNNs). Recent works have shown that DNNs are vulnerable to adversarial attacks, i.e., small perturbations added to the input data can lead to targeted or random misclassifications. In this paper, we aim at investigating the key research question: "Are SNNs secure?" Towards this, we perform a comparative study of the security vulnerabilities in SNNs and DNNs w.r.t. the adversarial noise. Afterwards, we propose a novel black-box attack methodology, i.e., without the knowledge of the internal structure of the SNN, which employs a greedy heuristic to automatically generate imperceptible and robust adversarial examples (i.e., attack images) for the given SNN. We perform an in-depth evaluation for a Spiking Deep Belief Network (SDBN) and a DNN having the same number of layers and neurons (to obtain a fair comparison), in order to study the efficiency of our methodology and to understand the differences between SNNs and DNNs w.r.t. the adversarial examples. Our work opens new avenues of research towards the robustness of the SNNs, considering their similarities to the human brain's functionality.
ISBN: 978-1-7281-6926-2
Appare nelle tipologie:4.1 Contributo in Atti di convegno

File in questo prodotto:
FileDescrizioneTipologiaLicenza 
09207297.pdf Versione editoriale2a Post-print versione editoriale / Version of RecordNon Pubblico - Accesso privato/ristrettoAdministrator   Richiedi una copia
nanfa_IJCNN.pdf Versione autore2. Post-print / Author's Accepted ManuscriptPUBBLICO - Tutti i diritti riservatiVisibile a tuttiVisualizza/Apri
Utilizza questo identificativo per citare o creare un link a questo documento:
http://hdl.handle.net/11583/2847482
I documenti in IRIS sono protetti da copyright e tutti i diritti sono riservati, salvo diversa indicazione.
 
 
 
Powered by IRIS-about IRIS-Utilizzo dei cookie
Logo CINECA  Copyright © 2021