Adversarial Training for Probabilistic Spiking Neural Networks

TL;DR

This paper investigates the vulnerability of spiking neural networks (SNNs) to adversarial attacks and introduces a robust training method to improve their resilience against such attacks.

Contribution

It is the first study to analyze adversarial sensitivity in SNNs and proposes a new robust training mechanism for enhanced security.

Findings

SNNs are vulnerable to adversarial examples.

The proposed training improves SNN robustness under white-box attacks.

Different encoding and decoding schemes affect adversarial sensitivity.

Abstract

Classifiers trained using conventional empirical risk minimization or maximum likelihood methods are known to suffer dramatic performance degradations when tested over examples adversarially selected based on knowledge of the classifier's decision rule. Due to the prominence of Artificial Neural Networks (ANNs) as classifiers, their sensitivity to adversarial examples, as well as robust training schemes, have been recently the subject of intense investigation. In this paper, for the first time, the sensitivity of spiking neural networks (SNNs), or third-generation neural networks, to adversarial examples is studied. The study considers rate and time encoding, as well as rate and first-to-spike decoding. Furthermore, a robust training mechanism is proposed that is demonstrated to enhance the performance of SNNs under white-box attacks.