NeuroAttack: Undermining Spiking Neural Networks Security through Externally Triggered Bit-Flips
This addresses security and reliability issues for SNN deployments in real-world applications, representing an incremental advance in understanding hardware-based attacks.
The paper tackles the security vulnerabilities of Spiking Neural Networks (SNNs) by proposing NeuroAttack, a cross-layer attack that triggers hardware bit-flips through adversarial noise, resulting in demonstrated integrity threats to state-of-the-art DNNs and SNNs.
Due to their proven efficiency, machine-learning systems are deployed in a wide range of complex real-life problems. More specifically, Spiking Neural Networks (SNNs) emerged as a promising solution to the accuracy, resource-utilization, and energy-efficiency challenges in machine-learning systems. While these systems are going mainstream, they have inherent security and reliability issues. In this paper, we propose NeuroAttack, a cross-layer attack that threatens the SNNs integrity by exploiting low-level reliability issues through a high-level attack. Particularly, we trigger a fault-injection based sneaky hardware backdoor through a carefully crafted adversarial input noise. Our results on Deep Neural Networks (DNNs) and SNNs show a serious integrity threat to state-of-the art machine-learning techniques.