Go to TMLR homepageSIPHER: Spike based Neuromorphic Computing for Secure Inference against Bit-Flip Attack
Abstract: Deep Artificial Neural Networks (ANNs) have been shown to be vulnerable to parameter attacks, such as the bit-flip attack, where intentional alterations of network weights can cause significant performance loss. Although extensive research has enhanced the efficacy of these attacks against standard ANN models, robust and efficient defense mechanisms remain underdeveloped. In this work, we propose the spike-based neuromorphic computing paradigm, referred to as SIPHER, as a potent defense strategy that exploits the inherent properties of Spiking Neural Networks (SNNs) to mitigate such attacks. SNNs have emerged as a biologically plausible and energy-efficient alternative to ANNs. However, their fault tolerance and robustness against parameter attacks have not yet been thoroughly investigated. We show that SNNs, on account of their temporal computing capability, effectively neutralize the state-of-the-art progressive bit search method for bit-flip attack, effectively rendering the attack equivalent to random bit-flips. Our results reveal that an 8-bit quantized ResNet-20 SNN requires 145$\times$ more malicious bit-flips compared to ANNs to achieve similar accuracy degradation, with 250$\times$ longer average attack time per bit-flip. The resilience of SNNs increases significantly with model size, with an 8-bit quantized VGG-16 SNN requiring 518$\times$ more bit-flips than ANNs to inflict comparable degradation, thus outperforming state-of-the-art defenses against bit-flip attack. We validate SIPHER on different models and datasets, thereby demonstrating the robustness of the spike-based inference method.
Submission Length: Regular submission (no more than 12 pages of main content)
Assigned Action Editor: ~Wei_Liu3
Submission Number: 5234
Loading