Data Poisoning-based Backdoor Attack Framework against Supervised Learning Rules of Spiking Neural Networks

TL;DR

This paper introduces a universal backdoor attack framework targeting supervised learning in SNNs, revealing vulnerabilities and migration risks, and discusses potential defenses and future research directions.

Contribution

It proposes a generic backdoor attack framework for SNNs, analyzes robustness differences, and uncovers high migration rates during conversion-based training.

Findings

Backdoor attack framework applicable to all SNN datasets.

SNNs are vulnerable to backdoor attacks, losing inherent robustness.

Backdoor migration rate can exceed 99% during conversion.

Abstract

Spiking Neural Networks (SNNs), the third generation neural networks, are known for their low energy consumption and high robustness. SNNs are developing rapidly and can compete with Artificial Neural Networks (ANNs) in many fields. To ensure that the widespread use of SNNs does not cause serious security incidents, much research has been conducted to explore the robustness of SNNs under adversarial sample attacks. However, many other unassessed security threats exist, such as highly stealthy backdoor attacks. Therefore, to fill the research gap in this and further explore the security vulnerabilities of SNNs, this paper explores the robustness performance of SNNs trained by supervised learning rules under backdoor attacks. Specifically, the work herein includes: i) We propose a generic backdoor attack framework that can be launched against the training process of existing supervised learning rules and covers all learnable dataset types of SNNs. ii) We analyze the robustness differences between different learning rules and between SNN and ANN, which suggests that SNN no longer has inherent robustness under backdoor attacks. iii) We reveal the vulnerability of conversion-dependent learning rules caused by backdoor migration and further analyze the migration ability during the conversion process, finding that the backdoor migration rate can even exceed 99%. iv) Finally, we discuss potential countermeasures against this kind of backdoor attack and its technical challenges and point out several promising research directions.