Spiking neural networks (SNNs) offer promise for efficient and powerful neurally inspired computation. Common to other types of neural networks, however, SNNs face the severe issue of vulnerability to adversarial attacks. We present the first study that draws inspiration from neural homeostasis to develop a bio-inspired solution that counters the susceptibilities of SNNs to adversarial onslaughts. At the heart of our approach is a novel threshold-adapting leaky integrate-and-fire (TA-LIF) neuron model, which we adopt to construct the proposed adversarially robust homeostatic SNN (HoSNN). Distinct from traditional LIF models, our TA-LIF model incorporates a self-stabilizing dynamic thresholding mechanism, curtailing adversarial noise propagation and safeguarding the robustness of HoSNNs in an unsupervised manner. Theoretical analysis is presented to shed light on the stability and convergence properties of the TA-LIF neurons, underscoring their superior dynamic robustness under input distributional shifts over traditional LIF neurons. Remarkably, without explicit adversarial training, our HoSNNs demonstrate inherent robustness on CIFAR-10, with accuracy improvements to 72.6% and 54.19% against FGSM and PGD attacks, up from 20.97% and 0.6%, respectively. Furthermore, with minimal FGSM adversarial training, our HoSNNs surpass previous models by 29.99% under FGSM and 47.83% under PGD attacks on CIFAR-10. Our findings offer a new perspective on harnessing biological principles for bolstering SNNs adversarial robustness and defense, paving the way to more resilient neuromorphic computing.

翻译：摘要：脉冲神经网络（SNN）为高效且强大的神经形态计算提供了前景。然而，与其他类型神经网络类似，SNN面临对抗攻击的严重脆弱性问题。我们提出首项受神经稳态启发的研究，开发了一种生物启发的解决方案，以应对SNN对对抗攻击的敏感性。该方法的核心是新颖的阈值自适应泄漏积分激发（TA-LIF）神经元模型，我们采用该模型构建所提出的对抗鲁棒稳态SNN（HoSNN）。与传统LIF模型不同，我们的TA-LIF模型融合了自稳定动态阈值机制，以无监督方式抑制对抗噪声传播并保护HoSNN的鲁棒性。通过理论分析揭示了TA-LIF神经元的稳定性与收敛特性，凸显其在输入分布偏移下相比传统LIF神经元具有更优的动态鲁棒性。值得注意的是，在未进行显式对抗训练的情况下，我们的HoSNN在CIFAR-10数据集上展现出固有鲁棒性：针对FGSM和PGD攻击，准确率分别从20.97%和0.6%提升至72.6%和54.19%。此外，通过最小量的FGSM对抗训练，我们的HoSNN在CIFAR-10上相比先前模型，在FGSM和PGD攻击下分别提升29.99%和47.83%。本研究为利用生物原理增强SNN的对抗鲁棒性与防御提供了新视角，为构建更具韧性的神经形态计算铺平了道路。