Spiking Neural Networks (SNNs) have attracted great attention for their energy-efficient operations and biologically inspired structures, offering potential advantages over Artificial Neural Networks (ANNs) in terms of energy efficiency and interpretability. Nonetheless, similar to ANNs, the robustness of SNNs remains a challenge, especially when facing adversarial attacks. Existing techniques, whether adapted from ANNs or specifically designed for SNNs, exhibit limitations in training SNNs or defending against strong attacks. In this paper, we propose a novel approach to enhance the robustness of SNNs through gradient sparsity regularization. We observe that SNNs exhibit greater resilience to random perturbations compared to adversarial perturbations, even at larger scales. Motivated by this, we aim to narrow the gap between SNNs under adversarial and random perturbations, thereby improving their overall robustness. To achieve this, we theoretically prove that this performance gap is upper bounded by the gradient sparsity of the probability associated with the true label concerning the input image, laying the groundwork for a practical strategy to train robust SNNs by regularizing the gradient sparsity. We validate the effectiveness of our approach through extensive experiments on both image-based and event-based datasets. The results demonstrate notable improvements in the robustness of SNNs. Our work highlights the importance of gradient sparsity in SNNs and its role in enhancing robustness.

翻译：脉冲神经网络因其高能效操作和受生物启发的结构而备受关注，在能效和可解释性方面相比人工神经网络具有潜在优势。然而，与人工神经网络类似，脉冲神经网络的鲁棒性仍然面临挑战，尤其是在面对对抗攻击时。现有技术无论是从人工神经网络迁移而来还是专门为脉冲神经网络设计，在训练脉冲神经网络或防御强攻击方面均存在局限性。本文提出一种通过梯度稀疏正则化增强脉冲神经网络鲁棒性的新方法。我们观察到，即使在较大扰动规模下，脉冲神经网络对随机扰动的抵抗能力仍显著优于对抗扰动。受此启发，我们致力于缩小脉冲神经网络在对抗扰动与随机扰动下的性能差距，从而提升其整体鲁棒性。为实现这一目标，我们从理论上证明该性能差距的上界与真实标签对应概率关于输入图像的梯度稀疏性相关，这为通过正则化梯度稀疏性来训练鲁棒脉冲神经网络的实用策略奠定了理论基础。我们在基于图像和基于事件的数据集上进行了大量实验，验证了所提方法的有效性。结果表明，该方法显著提升了脉冲神经网络的鲁棒性。本研究揭示了梯度稀疏性在脉冲神经网络中的重要性及其对增强鲁棒性的作用。