PrivateSNN: Privacy-Preserving Spiking Neural Networks
Youngeun Kim, Yeshwanth Venkatesha, Priyadarshini Panda
TL;DR
PrivateSNN introduces a privacy-preserving, energy-efficient spiking neural network approach that encrypts weights and uses synthetic data to prevent data and class leakage during conversion from pre-trained ANNs.
Contribution
The paper proposes a novel method to build privacy-preserving SNNs from ANNs by encrypting weights and using synthetic data, reducing leakage risks and maintaining high energy efficiency.
Findings
Eliminates data and class leakage with less than 2% performance drop.
Achieves approximately 55x energy efficiency gain over standard ANNs.
Effective on datasets like CIFAR10, CIFAR100, and TinyImageNet.
Abstract
How can we bring both privacy and energy-efficiency to a neural system? In this paper, we propose PrivateSNN, which aims to build low-power Spiking Neural Networks (SNNs) from a pre-trained ANN model without leaking sensitive information contained in a dataset. Here, we tackle two types of leakage problems: 1) Data leakage is caused when the networks access real training data during an ANN-SNN conversion process. 2) Class leakage is caused when class-related features can be reconstructed from network parameters. In order to address the data leakage issue, we generate synthetic images from the pre-trained ANNs and convert ANNs to SNNs using the generated images. However, converted SNNs remain vulnerable to class leakage since the weight parameters have the same (or scaled) value with respect to ANN parameters. Therefore, we encrypt SNN weights by training SNNs with a temporal spike-based…
Peer Reviews
No public reviews on file for this paper yet. If you reviewed it on a platform where reviews are public (OpenReview, ICLR, NeurIPS, ICML), you can paste yours below so the community can read it here.
Videos
Taxonomy
TopicsAdvanced Memory and Neural Computing · Ferroelectric and Negative Capacitance Devices · Adversarial Robustness in Machine Learning