On the Privacy Risks of Spiking Neural Networks: A Membership Inference Analysis
This work addresses privacy vulnerabilities in SNNs, which are important for energy-efficient AI applications, but it is incremental as it extends known MIA risks to a new model type.
The paper investigates the privacy risks of Spiking Neural Networks (SNNs) by analyzing their susceptibility to Membership Inference Attacks (MIAs), finding that SNNs are as vulnerable as Artificial Neural Networks (ANNs) and that resilience decreases with increased latency.
Spiking Neural Networks (SNNs) are increasingly explored for their energy efficiency and robustness in real-world applications, yet their privacy risks remain largely unexamined. In this work, we investigate the susceptibility of SNNs to Membership Inference Attacks (MIAs) -- a major privacy threat where an adversary attempts to determine whether a given sample was part of the training dataset. While prior work suggests that SNNs may offer inherent robustness due to their discrete, event-driven nature, we find that its resilience diminishes as latency (T) increases. Furthermore, we introduce an input dropout strategy under black box setting, that significantly enhances membership inference in SNNs. Our findings challenge the assumption that SNNs are inherently more secure, and even though they are expected to be better, our results reveal that SNNs exhibit privacy vulnerabilities that are equally comparable to Artificial Neural Networks (ANNs). Our code is available at https://github.com/sharmaabhijith/MIA_SNN.