Are Neuromorphic Architectures Inherently Privacy-preserving? An Exploratory Study
Ayana Moshruba, Ihsen Alouani, Maryam Parsa
TL;DR
The paper addresses whether Spiking Neural Networks (SNNs) inherently offer better privacy against membership inference attacks than traditional ANNs. It combines MIA evaluations across multiple datasets with studies of SNN-specific learning methods (surrogate gradient and evolutionary) and differential privacy with DPSGD to assess privacy-utility trade-offs. The authors report that SNNs consistently exhibit greater privacy resilience than ANNs, with notably lower attack AUC on CIFAR-10 and CIFAR-100, and that evolutionary learning further enhances privacy. They also show that SNNs maintain better utility under identical privacy constraints, underscoring their potential for privacy-sensitive, resource-constrained deployments, while acknowledging training and hardware challenges and outlining directions for future work.
Abstract
While machine learning (ML) models are becoming mainstream, especially in sensitive application areas, the risk of data leakage has become a growing concern. Attacks like membership inference (MIA) have shown that trained models can reveal sensitive data, jeopardizing confidentiality. While traditional Artificial Neural Networks (ANNs) dominate ML applications, neuromorphic architectures, specifically Spiking Neural Networks (SNNs), are emerging as promising alternatives due to their low power consumption and event-driven processing, akin to biological neurons. Privacy in ANNs is well-studied; however, little work has explored the privacy-preserving properties of SNNs. This paper examines whether SNNs inherently offer better privacy. Using MIAs, we assess the privacy resilience of SNNs versus ANNs across diverse datasets. We analyze the impact of learning algorithms (surrogate gradient and evolutionary), frameworks (snnTorch, TENNLab, LAVA), and parameters on SNN privacy. Our findings show that SNNs consistently outperform ANNs in privacy preservation, with evolutionary algorithms offering additional resilience. For instance, on CIFAR-10, SNNs achieve an AUC of 0.59, significantly lower than ANNs' 0.82, and on CIFAR-100, SNNs maintain an AUC of 0.58 compared to ANNs' 0.88. Additionally, we explore the privacy-utility trade-off with Differentially Private Stochastic Gradient Descent (DPSGD), finding that SNNs sustain less accuracy loss than ANNs under similar privacy constraints.