Defending Spiking Neural Networks against Adversarial Attacks through Image Purification

• URL: http://arxiv.org/abs/2404.17092v1
• Date: Fri, 26 Apr 2024 00:57:06 GMT
• Title: Defending Spiking Neural Networks against Adversarial Attacks through Image Purification
• Authors: Weiran Chen, Qi Sun, Qi Xu,
• Abstract summary: Spiking Neural Networks (SNNs) aim to bridge the gap between neuroscience and machine learning. SNNs are vulnerable to adversarial attacks like convolutional neural networks. We propose a biologically inspired methodology to enhance the robustness of SNNs.
• Score: 20.492531851480784
• License: http://arxiv.org/licenses/nonexclusive-distrib/1.0/
• Abstract: Spiking Neural Networks (SNNs) aim to bridge the gap between neuroscience and machine learning by emulating the structure of the human nervous system. However, like convolutional neural networks, SNNs are vulnerable to adversarial attacks. To tackle the challenge, we propose a biologically inspired methodology to enhance the robustness of SNNs, drawing insights from the visual masking effect and filtering theory. First, an end-to-end SNN-based image purification model is proposed to defend against adversarial attacks, including a noise extraction network and a non-blind denoising network. The former network extracts noise features from noisy images, while the latter component employs a residual U-Net structure to reconstruct high-quality noisy images and generate clean images. Simultaneously, a multi-level firing SNN based on Squeeze-and-Excitation Network is introduced to improve the robustness of the classifier. Crucially, the proposed image purification network serves as a pre-processing module, avoiding modifications to classifiers. Unlike adversarial training, our method is highly flexible and can be seamlessly integrated with other defense strategies. Experimental results on various datasets demonstrate that the proposed methodology outperforms state-of-the-art baselines in terms of defense effectiveness, training time, and resource consumption.

Related papers

• A Tunable Despeckling Neural Network Stabilized via Diffusion Equation [15.996302571895045]
  Multiplicative Gamma noise remove is a critical research area in the application of synthetic aperture radar (SAR) imaging. We propose a tunable, regularized neural network that unrolls a denoising unit and a regularization unit into a single network for end-to-end training.
  arXiv  Detail & Related papers  (2024-11-24T17:08:43Z)
• Graph Neural Networks for Learning Equivariant Representations of Neural Networks [55.04145324152541]
  We propose to represent neural networks as computational graphs of parameters. Our approach enables a single model to encode neural computational graphs with diverse architectures. We showcase the effectiveness of our method on a wide range of tasks, including classification and editing of implicit neural representations.
  arXiv  Detail & Related papers  (2024-03-18T18:01:01Z)
• Deep Multi-Threshold Spiking-UNet for Image Processing [51.88730892920031]
  This paper introduces the novel concept of Spiking-UNet for image processing, which combines the power of Spiking Neural Networks (SNNs) with the U-Net architecture. To achieve an efficient Spiking-UNet, we face two primary challenges: ensuring high-fidelity information propagation through the network via spikes and formulating an effective training strategy. Experimental results show that, on image segmentation and denoising, our Spiking-UNet achieves comparable performance to its non-spiking counterpart.
  arXiv  Detail & Related papers  (2023-07-20T16:00:19Z)
• Training High-Performance Low-Latency Spiking Neural Networks by Differentiation on Spike Representation [70.75043144299168]
  Spiking Neural Network (SNN) is a promising energy-efficient AI model when implemented on neuromorphic hardware. It is a challenge to efficiently train SNNs due to their non-differentiability. We propose the Differentiation on Spike Representation (DSR) method, which could achieve high performance.
  arXiv  Detail & Related papers  (2022-05-01T12:44:49Z)
• Self-Denoising Neural Networks for Few Shot Learning [66.38505903102373]
  We present a new training scheme that adds noise at multiple stages of an existing neural architecture while simultaneously learning to be robust to this added noise. This architecture, which we call a Self-Denoising Neural Network (SDNN), can be applied easily to most modern convolutional neural architectures.
  arXiv  Detail & Related papers  (2021-10-26T03:28:36Z)
• (ASNA) An Attention-based Siamese-Difference Neural Network with Surrogate Ranking Loss function for Perceptual Image Quality Assessment [0.0]
  Deep convolutional neural networks (DCNN) that leverage the adversarial training framework for image restoration and enhancement have significantly improved the processed images' sharpness. It is necessary to develop a quantitative metric to reflect their performances, which is well-aligned with the perceived quality of an image. This paper has proposed a convolutional neural network using an extension architecture of the traditional Siamese network.
  arXiv  Detail & Related papers  (2021-05-06T09:04:21Z)
• BreakingBED -- Breaking Binary and Efficient Deep Neural Networks by Adversarial Attacks [65.2021953284622]
  We study robustness of CNNs against white-box and black-box adversarial attacks. Results are shown for distilled CNNs, agent-based state-of-the-art pruned models, and binarized neural networks.
  arXiv  Detail & Related papers  (2021-03-14T20:43:19Z)
• Convolutional versus Self-Organized Operational Neural Networks for Real-World Blind Image Denoising [25.31981236136533]
  We tackle the real-world blind image denoising problem by employing, for the first time, a deep Self-ONN. Deep Self-ONNs consistently achieve superior results with performance gains of up to 1.76dB in PSNR.
  arXiv  Detail & Related papers  (2021-03-04T14:49:17Z)
• Operational vs Convolutional Neural Networks for Image Denoising [25.838282412957675]
  Convolutional Neural Networks (CNNs) have recently become a favored technique for image denoising due to its adaptive learning ability. We propose a heterogeneous network model which allows greater flexibility for embedding additional non-linearity at the core of the data transformation. An extensive set of comparative evaluations of ONNs and CNNs over two severe image denoising problems yield conclusive evidence that ONNs enriched by non-linear operators can achieve a superior denoising performance against CNNs with both equivalent and well-known deep configurations.
  arXiv  Detail & Related papers  (2020-09-01T12:15:28Z)
• Progressive Tandem Learning for Pattern Recognition with Deep Spiking Neural Networks [80.15411508088522]
  Spiking neural networks (SNNs) have shown advantages over traditional artificial neural networks (ANNs) for low latency and high computational efficiency. We propose a novel ANN-to-SNN conversion and layer-wise learning framework for rapid and efficient pattern recognition.
  arXiv  Detail & Related papers  (2020-07-02T15:38:44Z)
• TensorShield: Tensor-based Defense Against Adversarial Attacks on Images [7.080154188969453]
  Recent studies have demonstrated that machine learning approaches like deep neural networks (DNNs) are easily fooled by adversarial attacks. In this paper, we utilize tensor decomposition techniques as a preprocessing step to find a low-rank approximation of images which can significantly discard high-frequency perturbations.
  arXiv  Detail & Related papers  (2020-02-18T00:39:49Z)

This list is automatically generated from the titles and abstracts of the papers in this site.

This site does not guarantee the quality of this site (including all information) and is not responsible for any consequences.