Abstract
Spiking neural networks (SNNs) are promising to be widely deployed in real-time and safety-critical applications with the advance of neuromorphic computing. Recent work has demonstrated the insensitivity of SNNs to small random perturbations due to the discrete internal information representation. The variety of training algorithms and the involvement of the temporal dimension pose more threats to the robustness of SNNs than that of typical neural networks. We account for the vulnerability of SNNs by constructing adversaries based on different differentiable approximation techniques. By deriving a Lipschitz constant specifically for the spike representation, we first theoretically answer the question of how much adversarial invulnerability is retained in SNNs. Hence, to defend against the broad attack methods, we propose a regularized adversarial training scheme with low computational overheads. SNNs can benefit from the constraint of the perturbed spike distance's amplification and the generalization on multiple adversarial ϵ-neighbourhoods. Our experiments on the image recognition benchmarks have proven that our training scheme can defend against powerful adversarial attacks crafted from strong differentiable approximations. To be specific, our approach makes the black-box attacks of the Projected Gradient Descent attack nearly ineffective. We believe that our work will facilitate the spread of SNNs for safety-critical applications and help understand the robustness of the human brain.
Original language | English |
---|---|
Title of host publication | Advances in Neural Information Processing Systems 35 (NeurIPS 2022) |
Editors | S. Koyejo, S. Mohamed, A. Agarwal, D. Belgrave, K. Cho, A. Oh |
Publisher | NeurIPS |
Pages | 24780-24793 |
Number of pages | 14 |
ISBN (Print) | 9781713871088 |
Publication status | Published - 9 Dec 2022 |
Event | 36th Conference on Neural Information Processing Systems (NeurIPS 2022) - New Orleans, United States Duration: 28 Nov 2022 → 9 Dec 2022 |
Publication series
Name | Advances in neural information processing systems |
---|---|
Volume | 35 |
ISSN (Print) | 1049-5258 |
Conference
Conference | 36th Conference on Neural Information Processing Systems (NeurIPS 2022) |
---|---|
Abbreviated title | NeurIPS 2022 |
Country/Territory | United States |
City | New Orleans |
Period | 28/11/22 → 9/12/22 |
Bibliographical note
Acknowledgements:We thank Yujia Liu for valuable discussions. This work was supported by the National Natural Science Foundation of China Grants 62176003 and 62088102.