@inproceedings{e7d8bd8403a843889363d15b5e6453e3,
title = "DVS-Attacks: Adversarial Attacks on Dynamic Vision Sensors for Spiking Neural Networks",
abstract = "Spiking Neural Networks (SNNs), despite being energy-efficient when implemented on neuromorphic hardware and coupled with event-based Dynamic Vision Sensors (DVS), are vulnerable to security threats, such as adversarial attacks, i.e., small perturbations added to the input for inducing a misclassification. Toward this, we propose DVS-Attacks, a set of stealthy yet efficient adversarial attack methodologies targeted to perturb the event sequences that compose the input of the SNNs. First, we show that noise filters for DVS can be used as defense mechanisms against adversarial attacks. Afterwards, we implement several attacks and test them in the presence of two types of noise filters for DVS cameras. The experimental results show that the filters can only partially defend the SNNs against our proposed DVS-Attacks. Using the best settings for the noise filters, our proposed Mask Filter-Aware Dash Attack reduces the accuracy by more than 20% on the DVS-Gesture dataset and by more than 65% on the MNIST dataset, compared to the original clean frames. The source code of all the proposed DVS-Attacks and noise filters is released at https://github.com/albertomarchisio/DVS-Attacks.",
keywords = "Adversarial Attacks, DVS, Deep Learning, Defense, Dynamic Vision Sensors, Event-Based, Filter, Neuromorphic, Noise, Perturbation, Robustness, SNNs, Security, Spiking Neural Networks",
author = "Alberto Marchisio and Giacomo Pira and Maurizio Martina and Guido Masera and Muhammad Shafique",
note = "Funding Information: This work has been partially supported by the Doctoral College Resilient Embedded Systems, which is run jointly by the TU Wien{\textquoteright}s Faculty of Informatics and the UAS Technikum Wien. This work was also jointly supported by the NYUAD Center for Interacting Urban Networks (CITIES), funded by Tamkeen under the NYUAD Research Institute Award CG001 and by the Swiss Re Institute under the Quantum Cities{\texttrademark} initiative, and Center for CyberSecurity (CCS), funded by Tamkeen under the NYUAD Research Institute Award G1104. Publisher Copyright: {\textcopyright} 2021 IEEE.; 2021 International Joint Conference on Neural Networks, IJCNN 2021 ; Conference date: 18-07-2021 Through 22-07-2021",
year = "2021",
month = jul,
day = "18",
doi = "10.1109/IJCNN52387.2021.9534364",
language = "English (US)",
series = "Proceedings of the International Joint Conference on Neural Networks",
publisher = "Institute of Electrical and Electronics Engineers Inc.",
booktitle = "IJCNN 2021 - International Joint Conference on Neural Networks, Proceedings",
}