Exploring Adversarial Attack in Spiking Neural Networks with Spike-Compatible Gradient

2024-03-01 09:07:28

郑重声明：原文参见标题，如有侵权，请联系作者，将会撤销发布！

arXiv:2001.01587v1 [cs.NE] 1 Jan 2020

Abstract

Keywords:

I. INTRODUCTION

II. PRELIMINARIES

A. Spiking Neural Networks

B. Gradient-based Adversarial Attack

FGSM.

BIM.

III. CHALLENGES IN SNN ATTACK

A. Challenges and Solutions

Acquiring Spatio-temporal Gradients.

Incompatible Format between Gradients and Inputs.

Gradient Vanishing Problem.

B. Comparison with Prior Work on SNN Attack

Trial-and-Error Input Perturbation.

SNN/ANN Model Conversion.

IV. ADVERSARIAL ATTACKS AGAINST SNNS

Input Data Format.

A. Attack Flow Overview

Spiking Inputs.

Image Inputs.

B. Acquisition of Spatio-Temporal Gradients

C. Gradient-to-Spike (G2S) Converter

Probabilistic Sampling.

Sign Extraction.

Overflow-aware Transformation.

D. Gradient Trigger (GT)

Element Selection.

Gradient Construction.

E. Overall Attack Algorithm

V. LOSS FUNCTION AND FIRING THRESHOLD

A. MSE and CE Loss Functions

B. Firing Threshold of the Penultimate Layer

VI. EXPERIMENT RESULTS

A. Experiment Setup

B. Influence of G2S Converter

C. Influence of GT

D. Influence of Loss Function and Firing Threshold

E. Effectiveness Comparison with Existing SNN Attack

F. Effectiveness Comparison with ANN Attack

VII. CONCLUSION AND DISCUSSION

码农公寓