With the mainstream integration of machine learning into security-sensitive domains such as healthcare and finance, concerns about data privacy have intensified. Conventional artificial neural networks (ANNs) have been found vulnerable to several attacks that can leak sensitive data. Particularly, model inversion (MI) attacks enable the reconstruction of data samples that have been used to train the model. Neuromorphic architectures have emerged as a paradigm shift in neural computing, enabling asynchronous and energy-efficient computation. However, little to no existing work has investigated the privacy of neuromorphic architectures against model inversion. Our study is motivated by the intuition that the non-differentiable aspect of spiking neural networks (SNNs) might result in inherent privacy-preserving properties, especially against gradient-based attacks. To investigate this hypothesis, we propose a thorough exploration of SNNs' privacy-preserving capabilities. Specifically, we develop novel inversion attack strategies that are comprehensively designed to target SNNs, offering a comparative analysis with their conventional ANN counterparts. Our experiments, conducted on diverse event-based and static datasets, demonstrate the effectiveness of the proposed attack strategies and therefore questions the assumption of inherent privacy-preserving in neuromorphic architectures.

翻译：随着机器学习在医疗、金融等安全敏感领域的深度整合，数据隐私担忧日益加剧。传统人工神经网络（ANNs）已被证实易受多种可泄露敏感数据的攻击影响。其中，模型反转（MI）攻击能够重建用于训练模型的数据样本。神经形态架构作为神经计算领域的范式变革，实现了异步与高能效计算。然而，目前鲜有研究探讨神经形态架构针对模型反转攻击的隐私保护能力。我们基于脉冲神经网络（SNNs）不可微分特性可能天然具备隐私保护属性（尤其针对基于梯度的攻击）的直觉开展研究。为验证该假设，我们系统探索了SNNs的隐私保护能力。具体而言，我们创新性地设计了专门针对SNNs的反转攻击策略，并与传统ANNs进行对比分析。在多样化的事件驱动数据集与静态数据集上的实验表明，所提攻击策略具有显著有效性，从而对神经形态架构具有内在隐私保护特性的假设提出了质疑。