Deep neural networks (DNNs) have demonstrated remarkable performance across various tasks, including image and speech recognition. However, maximizing the effectiveness of DNNs requires meticulous optimization of numerous hyperparameters and network parameters through training. Moreover, high-performance DNNs entail many parameters, which consume significant energy during training. In order to overcome these challenges, researchers have turned to spiking neural networks (SNNs), which offer enhanced energy efficiency and biologically plausible data processing capabilities, rendering them highly suitable for sensory data tasks, particularly in neuromorphic data. Despite their advantages, SNNs, like DNNs, are susceptible to various threats, including adversarial examples and backdoor attacks. Yet, the field of SNNs still needs to be explored in terms of understanding and countering these attacks. This paper delves into backdoor attacks in SNNs using neuromorphic datasets and diverse triggers. Specifically, we explore backdoor triggers within neuromorphic data that can manipulate their position and color, providing a broader scope of possibilities than conventional triggers in domains like images. We present various attack strategies, achieving an attack success rate of up to 100% while maintaining a negligible impact on clean accuracy. Furthermore, we assess these attacks' stealthiness, revealing that our most potent attacks possess significant stealth capabilities. Lastly, we adapt several state-of-the-art defenses from the image domain, evaluating their efficacy on neuromorphic data and uncovering instances where they fall short, leading to compromised performance.

翻译：深度神经网络（DNNs）在包括图像和语音识别在内的各类任务中表现卓越。然而，最大化DNNs的有效性需要通过训练对大量超参数和网络参数进行精细优化。此外，高性能DNNs包含众多参数，在训练过程中消耗大量能量。为克服这些挑战，研究者转向脉冲神经网络（SNNs），其具有增强的能效和生物合理的数据处理能力，使其特别适用于感官数据任务，尤其是神经形态数据。尽管具有优势，SNNs与DNNs一样易受各类威胁，包括对抗样本和后门攻击。然而，SNNs领域在理解和防御这些攻击方面仍有待探索。本文深入研究了基于神经形态数据集和多种触发器的SNNs后门攻击。具体而言，我们探索了神经形态数据中可操控位置和颜色的后门触发器，相比图像等领域的传统触发器提供了更广泛的可能性。我们提出了多种攻击策略，在保持对干净数据准确率影响可忽略的同时，实现了高达100%的攻击成功率。此外，我们评估了这些攻击的隐蔽性，揭示出最强大的攻击具备显著的隐藏能力。最后，我们改编了图像领域多项先进防御方法，评估其在神经形态数据上的有效性，并揭示了其失效导致性能受损的案例。