R-SNN: An Analysis and Design Methodology for Robustifying Spiking Neural Networks against Adversarial Attacks through Noise Filters for Dynamic Vision Sensors

Alberto Marchisio; Giacomo Pira; Maurizio Martina; Guido Masera; Muhammad Shafique

doi:10.1109/IROS51168.2021.9636718

R-SNN: An Analysis and Design Methodology for Robustifying Spiking Neural Networks against Adversarial Attacks through Noise Filters for Dynamic Vision Sensors

Alberto Marchisio, Giacomo Pira, Maurizio Martina, Guido Masera, Muhammad Shafique

Electrical Engineering

Research output: Chapter in Book/Report/Conference proceeding › Conference contribution

Abstract

Spiking Neural Networks (SNNs) aim at providing energy-efficient learning capabilities when implemented on neuromorphic chips with event-based Dynamic Vision Sensors (DVS). This paper studies the robustness of SNNs against adversarial attacks on such DVS-based systems, and proposes R-SNN, a novel methodology for robustifying SNNs through efficient DVS-noise filtering. We are the first to generate adversarial attacks on DVS signals (i.e., frames of events in the spatio-temporal domain) and to apply noise filters for DVS sensors in the quest for defending against adversarial attacks. Our results show that the noise filters effectively prevent the SNNs from being fooled. The SNNs in our experiments provide more than 90% accuracy on the DVS-Gesture and NMNIST datasets under different adversarial threat models.

Original language	English (US)
Title of host publication	IEEE/RSJ International Conference on Intelligent Robots and Systems, IROS 2021
Publisher	Institute of Electrical and Electronics Engineers Inc.
Pages	6315-6321
Number of pages	7
ISBN (Electronic)	9781665417143
DOIs	https://doi.org/10.1109/IROS51168.2021.9636718
State	Published - 2021
Event	2021 IEEE/RSJ International Conference on Intelligent Robots and Systems, IROS 2021 - Prague, Czech Republic Duration: Sep 27 2021 → Oct 1 2021

Publication series

Name	IEEE International Conference on Intelligent Robots and Systems
ISSN (Print)	2153-0858
ISSN (Electronic)	2153-0866

Conference

Conference	2021 IEEE/RSJ International Conference on Intelligent Robots and Systems, IROS 2021
Country/Territory	Czech Republic
City	Prague
Period	9/27/21 → 10/1/21

Keywords

Adversarial Attacks
DVS
DVS-Gesture
Deep Learning
Defense
Dynamic Vision Sensors
Event-Based
Filter
NMNIST
Neuromorphic
Noise
Perturbation
Robustness
SNNs
Security
Spiking Neural Networks

ASJC Scopus subject areas

Control and Systems Engineering
Software
Computer Vision and Pattern Recognition
Computer Science Applications

Access to Document

10.1109/IROS51168.2021.9636718

Cite this

Marchisio, A., Pira, G., Martina, M., Masera, G., & Shafique, M. (2021). R-SNN: An Analysis and Design Methodology for Robustifying Spiking Neural Networks against Adversarial Attacks through Noise Filters for Dynamic Vision Sensors. In IEEE/RSJ International Conference on Intelligent Robots and Systems, IROS 2021 (pp. 6315-6321). (IEEE International Conference on Intelligent Robots and Systems). Institute of Electrical and Electronics Engineers Inc.. https://doi.org/10.1109/IROS51168.2021.9636718

R-SNN : An Analysis and Design Methodology for Robustifying Spiking Neural Networks against Adversarial Attacks through Noise Filters for Dynamic Vision Sensors. / Marchisio, Alberto; Pira, Giacomo; Martina, Maurizio et al.

IEEE/RSJ International Conference on Intelligent Robots and Systems, IROS 2021. Institute of Electrical and Electronics Engineers Inc., 2021. p. 6315-6321 (IEEE International Conference on Intelligent Robots and Systems).

Research output: Chapter in Book/Report/Conference proceeding › Conference contribution

Marchisio, A, Pira, G, Martina, M, Masera, G & Shafique, M 2021, R-SNN: An Analysis and Design Methodology for Robustifying Spiking Neural Networks against Adversarial Attacks through Noise Filters for Dynamic Vision Sensors. in IEEE/RSJ International Conference on Intelligent Robots and Systems, IROS 2021. IEEE International Conference on Intelligent Robots and Systems, Institute of Electrical and Electronics Engineers Inc., pp. 6315-6321, 2021 IEEE/RSJ International Conference on Intelligent Robots and Systems, IROS 2021, Prague, Czech Republic, 9/27/21. https://doi.org/10.1109/IROS51168.2021.9636718

Marchisio A, Pira G, Martina M, Masera G, Shafique M. R-SNN: An Analysis and Design Methodology for Robustifying Spiking Neural Networks against Adversarial Attacks through Noise Filters for Dynamic Vision Sensors. In IEEE/RSJ International Conference on Intelligent Robots and Systems, IROS 2021. Institute of Electrical and Electronics Engineers Inc. 2021. p. 6315-6321. (IEEE International Conference on Intelligent Robots and Systems). https://doi.org/10.1109/IROS51168.2021.9636718

Marchisio, Alberto ; Pira, Giacomo ; Martina, Maurizio et al. / R-SNN : An Analysis and Design Methodology for Robustifying Spiking Neural Networks against Adversarial Attacks through Noise Filters for Dynamic Vision Sensors. IEEE/RSJ International Conference on Intelligent Robots and Systems, IROS 2021. Institute of Electrical and Electronics Engineers Inc., 2021. pp. 6315-6321 (IEEE International Conference on Intelligent Robots and Systems).

@inproceedings{841d806114ac46f5a493bcc34781bbe7,

title = "R-SNN: An Analysis and Design Methodology for Robustifying Spiking Neural Networks against Adversarial Attacks through Noise Filters for Dynamic Vision Sensors",

abstract = "Spiking Neural Networks (SNNs) aim at providing energy-efficient learning capabilities when implemented on neuromorphic chips with event-based Dynamic Vision Sensors (DVS). This paper studies the robustness of SNNs against adversarial attacks on such DVS-based systems, and proposes R-SNN, a novel methodology for robustifying SNNs through efficient DVS-noise filtering. We are the first to generate adversarial attacks on DVS signals (i.e., frames of events in the spatio-temporal domain) and to apply noise filters for DVS sensors in the quest for defending against adversarial attacks. Our results show that the noise filters effectively prevent the SNNs from being fooled. The SNNs in our experiments provide more than 90% accuracy on the DVS-Gesture and NMNIST datasets under different adversarial threat models.",

keywords = "Adversarial Attacks, DVS, DVS-Gesture, Deep Learning, Defense, Dynamic Vision Sensors, Event-Based, Filter, NMNIST, Neuromorphic, Noise, Perturbation, Robustness, SNNs, Security, Spiking Neural Networks",

author = "Alberto Marchisio and Giacomo Pira and Maurizio Martina and Guido Masera and Muhammad Shafique",

note = "Funding Information: This work has been partially supported by the Doctoral College Resilient Embedded Systems, which is run jointly by the TU Wien{\textquoteright}s Faculty of Informatics and the UAS Technikum Wien. This work was also jointly supported by the NYUAD Center for Interacting Urban Networks (CITIES), funded by Tamkeen under the NYUAD Research Institute Award CG001 and by the Swiss Re Institute under the Quantum Cities{\texttrademark} initiative, and Center for CyberSecurity (CCS), funded by Tamkeen under the NYUAD Research Institute Award G1104. Publisher Copyright: {\textcopyright} 2021 IEEE.; 2021 IEEE/RSJ International Conference on Intelligent Robots and Systems, IROS 2021 ; Conference date: 27-09-2021 Through 01-10-2021",

year = "2021",

doi = "10.1109/IROS51168.2021.9636718",

language = "English (US)",

series = "IEEE International Conference on Intelligent Robots and Systems",

publisher = "Institute of Electrical and Electronics Engineers Inc.",

pages = "6315--6321",

booktitle = "IEEE/RSJ International Conference on Intelligent Robots and Systems, IROS 2021",

}

TY - GEN

T1 - R-SNN

T2 - 2021 IEEE/RSJ International Conference on Intelligent Robots and Systems, IROS 2021

AU - Marchisio, Alberto

AU - Pira, Giacomo

AU - Martina, Maurizio

AU - Masera, Guido

AU - Shafique, Muhammad

N1 - Funding Information: This work has been partially supported by the Doctoral College Resilient Embedded Systems, which is run jointly by the TU Wien’s Faculty of Informatics and the UAS Technikum Wien. This work was also jointly supported by the NYUAD Center for Interacting Urban Networks (CITIES), funded by Tamkeen under the NYUAD Research Institute Award CG001 and by the Swiss Re Institute under the Quantum Cities™ initiative, and Center for CyberSecurity (CCS), funded by Tamkeen under the NYUAD Research Institute Award G1104. Publisher Copyright: © 2021 IEEE.

PY - 2021

Y1 - 2021

N2 - Spiking Neural Networks (SNNs) aim at providing energy-efficient learning capabilities when implemented on neuromorphic chips with event-based Dynamic Vision Sensors (DVS). This paper studies the robustness of SNNs against adversarial attacks on such DVS-based systems, and proposes R-SNN, a novel methodology for robustifying SNNs through efficient DVS-noise filtering. We are the first to generate adversarial attacks on DVS signals (i.e., frames of events in the spatio-temporal domain) and to apply noise filters for DVS sensors in the quest for defending against adversarial attacks. Our results show that the noise filters effectively prevent the SNNs from being fooled. The SNNs in our experiments provide more than 90% accuracy on the DVS-Gesture and NMNIST datasets under different adversarial threat models.

AB - Spiking Neural Networks (SNNs) aim at providing energy-efficient learning capabilities when implemented on neuromorphic chips with event-based Dynamic Vision Sensors (DVS). This paper studies the robustness of SNNs against adversarial attacks on such DVS-based systems, and proposes R-SNN, a novel methodology for robustifying SNNs through efficient DVS-noise filtering. We are the first to generate adversarial attacks on DVS signals (i.e., frames of events in the spatio-temporal domain) and to apply noise filters for DVS sensors in the quest for defending against adversarial attacks. Our results show that the noise filters effectively prevent the SNNs from being fooled. The SNNs in our experiments provide more than 90% accuracy on the DVS-Gesture and NMNIST datasets under different adversarial threat models.

KW - Adversarial Attacks

KW - DVS

KW - DVS-Gesture

KW - Deep Learning

KW - Defense

KW - Dynamic Vision Sensors

KW - Event-Based

KW - Filter

KW - NMNIST

KW - Neuromorphic

KW - Noise

KW - Perturbation

KW - Robustness

KW - SNNs

KW - Security

KW - Spiking Neural Networks

UR - http://www.scopus.com/inward/record.url?scp=85124363366&partnerID=8YFLogxK

UR - http://www.scopus.com/inward/citedby.url?scp=85124363366&partnerID=8YFLogxK

U2 - 10.1109/IROS51168.2021.9636718

DO - 10.1109/IROS51168.2021.9636718

M3 - Conference contribution

AN - SCOPUS:85124363366

T3 - IEEE International Conference on Intelligent Robots and Systems

SP - 6315

EP - 6321

BT - IEEE/RSJ International Conference on Intelligent Robots and Systems, IROS 2021

PB - Institute of Electrical and Electronics Engineers Inc.

Y2 - 27 September 2021 through 1 October 2021

ER -

R-SNN: An Analysis and Design Methodology for Robustifying Spiking Neural Networks against Adversarial Attacks through Noise Filters for Dynamic Vision Sensors

Abstract

Publication series

Conference

Keywords

ASJC Scopus subject areas

Access to Document

Other files and links

Fingerprint

Cite this