Deep neural networks (DNNs) have achieved excellent results in various tasks, including image and speech recognition. However, optimizing the performance of DNNs requires careful tuning of multiple hyperparameters and network parameters via training. High-performance DNNs utilize a large number of parameters, corresponding to high energy consumption during training. To address these limitations, researchers have developed spiking neural networks (SNNs), which are more energy-efficient and can process data in a biologically plausible manner, making them well-suited for tasks involving sensory data processing, i.e., neuromorphic data. Like DNNs, SNNs are vulnerable to various threats, such as adversarial examples and backdoor attacks. Yet, the attacks and countermeasures for SNNs have been almost fully unexplored. This paper investigates the application of backdoor attacks in SNNs using neuromorphic datasets and different triggers. More precisely, backdoor triggers in neuromorphic data can change their position and color, allowing a larger range of possibilities than common triggers in, e.g., the image domain. We propose different attacks achieving up to 100\% attack success rate without noticeable clean accuracy degradation. We also evaluate the stealthiness of the attacks via the structural similarity metric, showing our most powerful attacks being also stealthy. Finally, we adapt the state-of-the-art defenses from the image domain, demonstrating they are not necessarily effective for neuromorphic data resulting in inaccurate performance.

翻译：深度神经网络（DNNs）在包括图像和语音识别在内的各种任务中取得了卓越成果。然而，优化DNNs的性能需要通过训练对多个超参数和网络参数进行精细调整。高性能DNNs使用大量参数，对应训练过程中的高能耗。为解决这些局限性，研究人员开发了脉冲神经网络（SNNs），其能效更高，能以生物合理方式处理数据，因而非常适合处理涉及感官数据（即神经形态数据）的任务。与DNNs类似，SNNs易受多种威胁攻击，例如对抗性样本和后门攻击。然而，针对SNNs的攻击与防御措施几乎尚未被充分探索。本文研究了基于神经形态数据集和不同触发机制的SNNs后门攻击应用。具体而言，神经形态数据中的后门触发器可更改其位置和颜色，相比于图像域等常见触发器，这种特性允许更广泛的攻击可能性。我们提出多种攻击方法，在未显著降低干净数据准确率的情况下，攻击成功率最高可达100%。通过结构相似性指标评估攻击隐蔽性，结果表明我们最强大的攻击同时具备隐蔽性。最后，我们将图像域中最先进的防御方法进行适配，证明其对神经形态数据未必有效，会导致性能不准确。