# A Comprehensive Analysis on Adversarial Robustness of Spiking Neural   Networks

**Authors:** Saima Sharmin, Priyadarshini Panda, Syed Shakib Sarwar, Chankyu Lee,, Wachirawit Ponghiran, Kaushik Roy

arXiv: 1905.02704 · 2019-05-08

## TL;DR

This paper provides a comprehensive analysis of the adversarial robustness of Spiking Neural Networks (SNNs), comparing them to traditional ANNs under various attack scenarios and proposing a new attack framework based on SNNs.

## Contribution

It is the first detailed study comparing SNN and ANN robustness under adversarial attacks and introduces a novel attack method leveraging SNNs.

## Key findings

- SNNs show greater resilience than ANNs under black-box attacks.
- Training method significantly influences SNN robustness.
- Attacks crafted from SNNs are more effective than those from ANNs.

## Abstract

In this era of machine learning models, their functionality is being threatened by adversarial attacks. In the face of this struggle for making artificial neural networks robust, finding a model, resilient to these attacks, is very important. In this work, we present, for the first time, a comprehensive analysis of the behavior of more bio-plausible networks, namely Spiking Neural Network (SNN) under state-of-the-art adversarial tests. We perform a comparative study of the accuracy degradation between conventional VGG-9 Artificial Neural Network (ANN) and equivalent spiking network with CIFAR-10 dataset in both whitebox and blackbox setting for different types of single-step and multi-step FGSM (Fast Gradient Sign Method) attacks. We demonstrate that SNNs tend to show more resiliency compared to ANN under black-box attack scenario. Additionally, we find that SNN robustness is largely dependent on the corresponding training mechanism. We observe that SNNs trained by spike-based backpropagation are more adversarially robust than the ones obtained by ANN-to-SNN conversion rules in several whitebox and blackbox scenarios. Finally, we also propose a simple, yet, effective framework for crafting adversarial attacks from SNNs. Our results suggest that attacks crafted from SNNs following our proposed method are much stronger than those crafted from ANNs.

## Full text

_Full body text omitted from this summary view._ Fetch the complete paper as Markdown: https://tomesphere.com/paper/1905.02704/full.md

## Figures

4 figures with captions in the complete paper: https://tomesphere.com/paper/1905.02704/full.md

## References

16 references — full list in the complete paper: https://tomesphere.com/paper/1905.02704/full.md

---
Source: https://tomesphere.com/paper/1905.02704