RSC-SNN: Exploring the Trade-off Between Adversarial Robustness and Accuracy in Spiking Neural Networks via Randomized Smoothing Coding

Download PDF

Keming Wu, Man Yao, Yuhong Chou, Xuerui Qiu, Rui Yang, Bo XU, Guoqi Li

Published: 20 Jul 2024, Last Modified: 29 Jul 2024MM2024 PosterEveryoneRevisionsBibTeXCC BY 4.0
Abstract: Spiking Neural Networks (SNNs) have received widespread attention due to their unique neuronal dynamics and low-power nature. Previous research empirically shows that SNNs with Poisson coding are more robust than Artificial Neural Networks (ANNs) on small-scale datasets. However, it is still unclear in theory how the adversarial robustness of SNNs is derived, and whether SNNs can still maintain its adversarial robustness advantage on large-scale dataset tasks. This work theoretically demonstrates that SNN's inherent adversarial robustness stems from its Poisson coding. We reveal the conceptual equivalence of Poisson coding and randomized smoothing in defense strategies, and analyze in depth the trade-off between accuracy and adversarial robustness in SNNs via the proposed Randomized Smoothing Coding (RSC) method. Experiments demonstrate that the proposed RSC-SNNs show remarkable adversarial robustness, surpassing ANNs and achieving state-of-the-art robustness results on large-scale dataset ImageNet. Our open-source implementation code is available at ~\href{https://github.com/KemingWu/RSC-SNN}{\textit{https://github.com/KemingWu/RSC-SNN}}.
Relevance To Conference: This work makes a significant contribution to multimedia/multimodal processing by introducing a novel perspective on the adversarial robustness of Spiking Neural Networks (SNNs). SNNs, characterized by their unique neuronal dynamics and low-power nature, have demonstrated enhanced robustness over Artificial Neural Networks (ANNs) on small-scale datasets using Poisson coding. Our theoretical exploration in this study uncovers the fundamental source of SNNs' adversarial robustness, linking it to their Poisson coding mechanism. We further elucidate the equivalence between Poisson coding and the concept of randomized smoothing, providing a comprehensive understanding of the trade-off between accuracy and adversarial robustness in SNNs through our proposed Randomized Smoothing Coding (RSC) method. By achieving state-of-the-art adversarial robustness results on large-scale ImageNet datasets, our findings extend the applicability and effectiveness of SNNs in multimedia/multimodal processing tasks, thereby paving the way for more secure and reliable neural network applications in complex multimedia environments.
Supplementary Material: zip
Primary Subject Area: [Experience] Multimedia Applications
Secondary Subject Area: [Experience] Multimedia Applications
Submission Number: 1348