NeuroAttack: Undermining Spiking Neural Networks Security through Externally Triggered Bit-Flips

TL;DR

NeuroAttack demonstrates a novel cross-layer attack that exploits hardware reliability issues via adversarial inputs to compromise the integrity of Spiking Neural Networks, posing significant security threats.

Contribution

This paper introduces NeuroAttack, a new method for undermining SNN security by combining fault injection with adversarial noise, revealing vulnerabilities in current neural network implementations.

Findings

NeuroAttack successfully triggers hardware backdoors in SNNs.

The attack compromises the integrity of state-of-the-art machine-learning models.

Results show significant security risks for deployed SNN systems.

Abstract

Due to their proven efficiency, machine-learning systems are deployed in a wide range of complex real-life problems. More specifically, Spiking Neural Networks (SNNs) emerged as a promising solution to the accuracy, resource-utilization, and energy-efficiency challenges in machine-learning systems. While these systems are going mainstream, they have inherent security and reliability issues. In this paper, we propose NeuroAttack, a cross-layer attack that threatens the SNNs integrity by exploiting low-level reliability issues through a high-level attack. Particularly, we trigger a fault-injection based sneaky hardware backdoor through a carefully crafted adversarial input noise. Our results on Deep Neural Networks (DNNs) and SNNs show a serious integrity threat to state-of-the art machine-learning techniques.