Deep neural networks (DNNs) have demonstrated remarkable performance across various tasks, including image and speech recognition. However, maximizing the effectiveness of DNNs requires meticulous optimization of numerous hyperparameters and network parameters through training. Moreover, high-performance DNNs entail many parameters, which consume significant energy during training. In order to overcome these challenges, researchers have turned to spiking neural networks (SNNs), which offer enhanced energy efficiency and biologically plausible data processing capabilities, rendering them highly suitable for sensory data tasks, particularly in neuromorphic data. Despite their advantages, SNNs, like DNNs, are susceptible to various threats, including adversarial examples and backdoor attacks. Yet, the field of SNNs still needs to be explored in terms of understanding and countering these attacks. This paper delves into backdoor attacks in SNNs using neuromorphic datasets and diverse triggers. Specifically, we explore backdoor triggers within neuromorphic data that can manipulate their position and color, providing a broader scope of possibilities than conventional triggers in domains like images. We present various attack strategies, achieving an attack success rate of up to 100\% while maintaining a negligible impact on clean accuracy. Furthermore, we assess these attacks' stealthiness, revealing that our most potent attacks possess significant stealth capabilities. Lastly, we adapt several state-of-the-art defenses from the image domain, evaluating their efficacy on neuromorphic data and uncovering instances where they fall short, leading to compromised performance.

翻译：深度神经网络（DNNs）在图像识别和语音识别等各类任务中展现出卓越性能。然而，要最大化DNNs的效果，需通过训练对大量超参数和网络参数进行精细优化。此外，高性能DNNs包含众多参数，在训练过程中会消耗大量能量。为克服这些挑战，研究人员转向脉冲神经网络（SNNs），其具有更高的能效和生物合理性数据处理能力，非常适合处理感觉数据任务，尤其是神经形态数据。尽管SNNs具有优势，但如同DNNs一样，它们易受各种威胁，包括对抗样本和后门攻击。然而，在理解和抵御这些攻击方面，SNNs领域仍需深入探索。本文利用神经形态数据集和多样化的触发器，深入研究了SNNs中的后门攻击。具体而言，我们探索了神经形态数据中可操控位置和颜色的后门触发器，相比图像领域的传统触发器，这提供了更广泛的可能性。我们提出了多种攻击策略，实现了高达100%的攻击成功率，同时对干净数据准确率的影响微乎其微。此外，我们评估了这些攻击的隐蔽性，发现最强大的攻击具有显著的隐匿能力。最后，我们改编了图像领域的若干先进防御方法，评估其在神经形态数据上的有效性，并揭示了其失效导致性能受损的情况。