Unsupervised Backdoor Detection and Mitigation for Spiking Neural Networks

We adopt several renowned backdoor defense strategies in ANNs to SNNs and analyze the challenges blocking them from being as effective in SNNs. Based on those findings, we propose innovative designs to solve the identified challenges to defending against backdoor attacks in SNNs with neuromorphic data. We propose TMPBD, a novel data-free, unsupervised backdoor detection strategy based on the TMP's MM statistic, which reaches 100% attack label detection accuracy on models poisoned by various backdoor attacks without access to any data. We propose NDSBM, a novel unsupervised backdoor mitigation strategy based on clamping the weights of the connection, also known as neural dendrites in SNNs, between the first two convolution layers in each convolution block of the model. NDSBM is capable of lowering the ASR from 100% down to 8.44% on average against dynamic trigger attacks. In addition, we utilize the end-to-end backdoor defense pipeline for both proposed backdoor detection and mitigation strategies to further reduce the ASR under SOT A dynamic trigger attack to 2.81% on average while achieving higher CA. We comprehensively evaluate the proposed backdoor defense strategies against the existing defense methods adopted for ten repetitions with multiple attack types and variant datasets. We critically discuss the scalability and robustness of the proposed methods against imbalanced datasets and adaptive attackers and provide indicative solutions to false-positive, intrinsic backdoor, and all-to-all attack issues when additional information are available.