Logo
ScienceStack
Table of Contents
Fetching ...
Sign In

Watermarking Neuromorphic Brains: Intellectual Property Protection in Spiking Neural Networks

Hamed Poursiami, Ihsen Alouani, Maryam Parsa

TL;DR

This paper addresses IP protection for Spiking Neural Networks (SNNs) in neuromorphic computing. It adapts two prominent watermarking techniques from ANN literature—fingerprint-based adversarial frontier stitching and backdoor-based watermarks—to the temporal, spike-driven dynamics of SNNs, leveraging surrogate gradients and input-time-averaging to handle non-differentiability. Experiments on MNIST compare fidelity and resilience to overwriting and compression attacks against ANN baselines, revealing that backdoor-based watermarks generally preserve higher fidelity and robustness in SNNs, though both approaches retain vulnerabilities to adversarial manipulation. The work highlights the need for neuromorphic-aware IP protection strategies and provides a foundation for future research in watermarking SNNs.

Abstract

As spiking neural networks (SNNs) gain traction in deploying neuromorphic computing solutions, protecting their intellectual property (IP) has become crucial. Without adequate safeguards, proprietary SNN architectures are at risk of theft, replication, or misuse, which could lead to significant financial losses for the owners. While IP protection techniques have been extensively explored for artificial neural networks (ANNs), their applicability and effectiveness for the unique characteristics of SNNs remain largely unexplored. In this work, we pioneer an investigation into adapting two prominent watermarking approaches, namely, fingerprint-based and backdoor-based mechanisms to secure proprietary SNN architectures. We conduct thorough experiments to evaluate the impact on fidelity, resilience against overwrite threats, and resistance to compression attacks when applying these watermarking techniques to SNNs, drawing comparisons with their ANN counterparts. This study lays the groundwork for developing neuromorphic-aware IP protection strategies tailored to the distinctive dynamics of SNNs.

Watermarking Neuromorphic Brains: Intellectual Property Protection in Spiking Neural Networks

TL;DR

This paper addresses IP protection for Spiking Neural Networks (SNNs) in neuromorphic computing. It adapts two prominent watermarking techniques from ANN literature—fingerprint-based adversarial frontier stitching and backdoor-based watermarks—to the temporal, spike-driven dynamics of SNNs, leveraging surrogate gradients and input-time-averaging to handle non-differentiability. Experiments on MNIST compare fidelity and resilience to overwriting and compression attacks against ANN baselines, revealing that backdoor-based watermarks generally preserve higher fidelity and robustness in SNNs, though both approaches retain vulnerabilities to adversarial manipulation. The work highlights the need for neuromorphic-aware IP protection strategies and provides a foundation for future research in watermarking SNNs.

Abstract

As spiking neural networks (SNNs) gain traction in deploying neuromorphic computing solutions, protecting their intellectual property (IP) has become crucial. Without adequate safeguards, proprietary SNN architectures are at risk of theft, replication, or misuse, which could lead to significant financial losses for the owners. While IP protection techniques have been extensively explored for artificial neural networks (ANNs), their applicability and effectiveness for the unique characteristics of SNNs remain largely unexplored. In this work, we pioneer an investigation into adapting two prominent watermarking approaches, namely, fingerprint-based and backdoor-based mechanisms to secure proprietary SNN architectures. We conduct thorough experiments to evaluate the impact on fidelity, resilience against overwrite threats, and resistance to compression attacks when applying these watermarking techniques to SNNs, drawing comparisons with their ANN counterparts. This study lays the groundwork for developing neuromorphic-aware IP protection strategies tailored to the distinctive dynamics of SNNs.
Paper Structure (13 sections, 8 equations, 7 figures, 2 tables, 1 algorithm)

This paper contains 13 sections, 8 equations, 7 figures, 2 tables, 1 algorithm.

Table of Contents

  1. Introduction
  2. Preliminary: Spiking Neural Networks
  3. Watermarking SNNs
  4. Fingerprint-based
  5. Backdoor-based
  6. Threat Model
  7. Overwriting Attacks
  8. Compression Attacks
  9. Experiments
  10. Fingerprint-based
  11. Backdoor-based
  12. Discussion
  13. Conclusion

Figures (7)

  • Figure 1: Examples of adversaries generated by FGSM. Left: True adversaries, Right: False adversaries
  • Figure 2: Workflows of the (a) fingerprint-based adversarial frontier stitching approach le2020adversarial and (b) backdoor-based watermarking technique adi2018turning
  • Figure 3: L1 Pruning threat on fingerprint-based watermarked ANN and SNN models.
  • Figure 4: Random Pruning threat on fingerprint-based watermarked ANN and SNN models.
  • Figure 5: Eight examples of abstract patterns generated as watermarks for backdoor-based approach.
  • ...and 2 more figures