With the mainstream integration of machine learning into security-sensitive domains such as healthcare and finance, concerns about data privacy have intensified. Conventional artificial neural networks (ANNs) have been found vulnerable to several attacks that can leak sensitive data. Particularly, model inversion (MI) attacks enable the reconstruction of data samples that have been used to train the model. Neuromorphic architectures have emerged as a paradigm shift in neural computing, enabling asynchronous and energy-efficient computation. However, little to no existing work has investigated the privacy of neuromorphic architectures against model inversion. Our study is motivated by the intuition that the non-differentiable aspect of spiking neural networks (SNNs) might result in inherent privacy-preserving properties, especially against gradient-based attacks. To investigate this hypothesis, we propose a thorough exploration of SNNs' privacy-preserving capabilities. Specifically, we develop novel inversion attack strategies that are comprehensively designed to target SNNs, offering a comparative analysis with their conventional ANN counterparts. Our experiments, conducted on diverse event-based and static datasets, demonstrate the effectiveness of the proposed attack strategies and therefore questions the assumption of inherent privacy-preserving in neuromorphic architectures.

翻译：随着机器学习在医疗、金融等安全敏感领域的深度集成，数据隐私问题日益受到关注。传统人工神经网络（ANNs）已被发现容易遭受多种导致敏感数据泄露的攻击。特别是，模型逆向（MI）攻击能够重建用于训练模型的数据样本。神经形态架构作为神经计算领域的范式变革，实现了异步和节能计算。然而，目前鲜有研究探讨神经形态架构在抵御模型逆向攻击方面的隐私保护能力。本研究基于直觉假设：脉冲神经网络（SNNs）的不可微特性可能赋予其内在的隐私保护属性，尤其针对基于梯度的攻击。为验证该假设，本文对SNNs的隐私保护能力进行了系统探索。具体而言，我们开发了专门针对SNNs的新型逆向攻击策略，并与传统ANNs进行了对比分析。基于多样化的事件驱动数据集和静态数据集开展的实验证明，所提出的攻击策略具有有效性，从而对神经形态架构具有内在隐私保护属性的假设提出了质疑。