Exploring Adversarial Attack in Spiking Neural Networks With Spike-Compatible Gradient

doi:10.1109/TNNLS.2021.3106961

	Exploring Adversarial Attack in Spiking Neural Networks With Spike-Compatible Gradient
	Liang, Ling 1; Hu, Xing 2; Deng, Lei 3; Wu, Yujie 3; Li, Guoqi 3; Ding, Yufei 4; Li, Peng 1; Xie, Yuan 1
	2021-09-01
发表期刊	IEEE TRANSACTIONS ON NEURAL NETWORKS AND LEARNING SYSTEMS
ISSN	2162-237X
页码	15
摘要	Spiking neural network (SNN) is broadly deployed in neuromorphic devices to emulate brain function. In this context, SNN security becomes important while lacking in-depth investigation. To this end, we target the adversarial attack against SNNs and identify several challenges distinct from the artificial neural network (ANN) attack: 1) current adversarial attack is mainly based on gradient information that presents in a spatiotemporal pattern in SNNs, hard to obtain with conventional backpropagation algorithms; 2) the continuous gradient of the input is incompatible with the binary spiking input during gradient accumulation, hindering the generation of spike-based adversarial examples; and 3) the input gradient can be all-zeros (i.e., vanishing) sometimes due to the zero-dominant derivative of the firing function. Recently, backpropagation through time (BPTT)-inspired learning algorithms are widely introduced into SNNs to improve the performance, which brings the possibility to attack the models accurately given spatiotemporal gradient maps. We propose two approaches to address the above challenges of gradient-input incompatibility and gradient vanishing. Specifically, we design a gradient-to-spike (G2S) converter to convert continuous gradients to ternary ones compatible with spike inputs. Then, we design a restricted spike flipper (RSF) to construct ternary gradients that can randomly flip the spike inputs with a controllable turnover rate, when meeting all-zero gradients. Putting these methods together, we build an adversarial attack methodology for SNNs. Moreover, we analyze the influence of the training loss function and the firing threshold of the penultimate layer on the attack effectiveness. Extensive experiments are conducted to validate our solution. Besides the quantitative analysis of the influence factors, we also compare SNNs and ANNs against adversarial attacks under different attack methods. This work can help reveal what happens in SNN attacks and might stimulate more research on the security of SNN models and neuromorphic devices.
关键词	Spatiotemporal phenomena Computational modeling Perturbation methods Biological neural networks Backpropagation Unsupervised learning Training Adversarial attack backpropagation through time (BPTT) neuromorphic computing spike-compatible gradient spiking neural networks (SNNs)
DOI	10.1109/TNNLS.2021.3106961
收录类别	SCI
语种	英语
WOS研究方向	Computer Science ; Engineering
WOS类目	Computer Science, Artificial Intelligence ; Computer Science, Hardware & Architecture ; Computer Science, Theory & Methods ; Engineering, Electrical & Electronic
WOS记录号	WOS:000733549300001
出版者	IEEE-INST ELECTRICAL ELECTRONICS ENGINEERS INC
引用统计	被引频次：27[WOS] [WOS记录] [WOS相关记录]
文献类型	期刊论文
条目标识符	http://119.78.100.204/handle/2XEOYT63/18013
专题	中国科学院计算技术研究所期刊论文_英文
通讯作者	Deng, Lei
作者单位	1.Univ Calif Santa Barbara, Dept Elect & Comp Engn, Santa Barbara, CA 93106 USA 2.Chinese Acad Sci, Inst Comp Technol, State Key Lab Comp Architecture, Beijing 100190, Peoples R China 3.Tsinghua Univ, Ctr Brain Inspired Comp Res, Dept Precis Instrument, Beijing 100084, Peoples R China 4.Univ Calif Santa Barbara, Dept Comp Sci, Santa Barbara, CA 93106 USA
推荐引用方式 GB/T 7714	Liang, Ling,Hu, Xing,Deng, Lei,et al. Exploring Adversarial Attack in Spiking Neural Networks With Spike-Compatible Gradient[J]. IEEE TRANSACTIONS ON NEURAL NETWORKS AND LEARNING SYSTEMS,2021:15.
APA	Liang, Ling.,Hu, Xing.,Deng, Lei.,Wu, Yujie.,Li, Guoqi.,...&Xie, Yuan.(2021).Exploring Adversarial Attack in Spiking Neural Networks With Spike-Compatible Gradient.IEEE TRANSACTIONS ON NEURAL NETWORKS AND LEARNING SYSTEMS,15.
MLA	Liang, Ling,et al."Exploring Adversarial Attack in Spiking Neural Networks With Spike-Compatible Gradient".IEEE TRANSACTIONS ON NEURAL NETWORKS AND LEARNING SYSTEMS (2021):15.