Logo
ScienceStack
Table of Contents
Fetching ...
Sign In

Time-Distributed Backdoor Attacks on Federated Spiking Learning

Gorka Abad, Stjepan Picek, Aitor Urbieta

TL;DR

The paper tests the vulnerability of federated learning when using spiking neural networks on neuromorphic data to backdoor attacks. It first assesses whether existing FL backdoor methods transfer to SNNs and then introduces Time Bandits, a time-distributed backdoor attack across multiple malicious devices. Time Bandits significantly improves attack effectiveness and stealth, outperforming traditional single-attacker strategies and challenging defenses such as STRIP when applied to neuromorphic data. These results underscore the need for defenses tailored to neuromorphic FL systems and motivate future security-focused research in this domain.

Abstract

This paper investigates the vulnerability of spiking neural networks (SNNs) and federated learning (FL) to backdoor attacks using neuromorphic data. Despite the efficiency of SNNs and the privacy advantages of FL, particularly in low-powered devices, we demonstrate that these systems are susceptible to such attacks. We first assess the viability of using FL with SNNs using neuromorphic data, showing its potential usage. Then, we evaluate the transferability of known FL attack methods to SNNs, finding that these lead to suboptimal attack performance. Therefore, we explore backdoor attacks involving single and multiple attackers to improve the attack performance. Our primary contribution is developing a novel attack strategy tailored to SNNs and FL, which distributes the backdoor trigger temporally and across malicious devices, enhancing the attack's effectiveness and stealthiness. In the best case, we achieve a 100 attack success rate, 0.13 MSE, and 98.9 SSIM. Moreover, we adapt and evaluate an existing defense against backdoor attacks, revealing its inadequacy in protecting SNNs. This study underscores the need for robust security measures in deploying SNNs and FL, particularly in the context of backdoor attacks.

Time-Distributed Backdoor Attacks on Federated Spiking Learning

TL;DR

The paper tests the vulnerability of federated learning when using spiking neural networks on neuromorphic data to backdoor attacks. It first assesses whether existing FL backdoor methods transfer to SNNs and then introduces Time Bandits, a time-distributed backdoor attack across multiple malicious devices. Time Bandits significantly improves attack effectiveness and stealth, outperforming traditional single-attacker strategies and challenging defenses such as STRIP when applied to neuromorphic data. These results underscore the need for defenses tailored to neuromorphic FL systems and motivate future security-focused research in this domain.

Abstract

This paper investigates the vulnerability of spiking neural networks (SNNs) and federated learning (FL) to backdoor attacks using neuromorphic data. Despite the efficiency of SNNs and the privacy advantages of FL, particularly in low-powered devices, we demonstrate that these systems are susceptible to such attacks. We first assess the viability of using FL with SNNs using neuromorphic data, showing its potential usage. Then, we evaluate the transferability of known FL attack methods to SNNs, finding that these lead to suboptimal attack performance. Therefore, we explore backdoor attacks involving single and multiple attackers to improve the attack performance. Our primary contribution is developing a novel attack strategy tailored to SNNs and FL, which distributes the backdoor trigger temporally and across malicious devices, enhancing the attack's effectiveness and stealthiness. In the best case, we achieve a 100 attack success rate, 0.13 MSE, and 98.9 SSIM. Moreover, we adapt and evaluate an existing defense against backdoor attacks, revealing its inadequacy in protecting SNNs. This study underscores the need for robust security measures in deploying SNNs and FL, particularly in the context of backdoor attacks.
Paper Structure (22 sections, 6 equations, 5 figures, 10 tables)

This paper contains 22 sections, 6 equations, 5 figures, 10 tables.

Table of Contents

  1. Introduction
  2. Background
  3. SNNs & Neuromorphic Data
  4. Federated Learning
  5. Backdoor Attacks
  6. Threat Model
  7. Methodology
  8. Single Attacker
  9. Multiple Attackers - Time Bandits
  10. Experimentation
  11. Experimental Setup
  12. Single Attacker
  13. Multiple Attackers
  14. Ablation Study
  15. Effect of the Number of Attackers
  16. ...and 7 more sections

Figures (5)

  • Figure 1: Neuromorphic data at different frames.
  • Figure 2: Overview of the single attacker backdoor attack.
  • Figure 3: Overview of Time Bandits with two malicious devices. One of the attackers contaminates the first $\Omega/2$ frames, while the other poisons the last $\Omega/2$ frames.
  • Figure 4: STRIP defense results for Time Bandits attack with different numbers/fractions of devices selected per epoch. The first row is non-IID, and the second row is IID.
  • Figure 5: STRIP defense results for Time Bandits attack with different numbers/fractions of devices selected per epoch, using N-CIFAR10. The first row is non-IID, and the second row is IID.