Privacy-preserving is a key problem for the machine learning algorithm. Spiking neural network (SNN) plays an important role in many domains, such as image classification, object detection, and speech recognition, but the study on the privacy protection of SNN is urgently needed. This study combines the differential privacy (DP) algorithm and SNN and proposes differentially private spiking neural network (DPSNN). DP injects noise into the gradient, and SNN transmits information in discrete spike trains so that our differentially private SNN can maintain strong privacy protection while still ensuring high accuracy. We conducted experiments on MNIST, Fashion-MNIST, and the face recognition dataset Extended YaleB. When the privacy protection is improved, the accuracy of the artificial neural network(ANN) drops significantly, but our algorithm shows little change in performance. Meanwhile, we analyzed different factors that affect the privacy protection of SNN. Firstly, the less precise the surrogate gradient is, the better the privacy protection of the SNN. Secondly, the Integrate-And-Fire (IF) neurons perform better than leaky Integrate-And-Fire (LIF) neurons. Thirdly, a large time window contributes more to privacy protection and performance.

翻译：隐私保护是机器学习算法的关键问题。脉冲神经网络（SNN）在图像分类、目标检测和语音识别等众多领域发挥着重要作用，但针对SNN隐私保护的研究亟待加强。本研究将差分隐私（DP）算法与SNN相结合，提出了差分隐私脉冲神经网络（DPSNN）。DP通过向梯度中注入噪声，而SNN利用离散脉冲序列传递信息，从而使得我们的差分隐私SNN在保持强大隐私保护能力的同时，仍能确保高精度。我们在MNIST、Fashion-MNIST以及人脸识别数据集Extended YaleB上进行了实验。当隐私保护强度提升时，人工神经网络（ANN）的精度显著下降，而我们的算法性能变化极小。同时，我们分析了影响SNN隐私保护的不同因素。首先，替代梯度越不精确，SNN的隐私保护效果越好；其次，积分-激发（IF）神经元的表现优于泄漏积分-激发（LIF）神经元；第三，较大的时间窗口更有利于隐私保护与性能提升。