SpikeMimicAI and SpikeShieldNet for modality aware detection and defense against spike domain mimicry and poisoning attacks
摘要
Spiking neural networks (SNNs) and event-driven sensors have become a growing interdisciplinary field of interest as potential brain-inspired methods for intelligent computation, capable of offering ultra-low-latency and energy-efficient solutions. Although recent advances have been made in neuromorphic architectures and surrogate-gradient approaches, spike-domain modes remain the least explored from a security perspective. Adversarial defence strategies, many of which have been developed to defend against conventional artificial neural networks, have been largely adapted but do not account for temporal sparsity, membrane dynamics, and event-based encoding, which are unique properties of SNNs. However, from a practical point of view, it is possible to perform a backdoor trigger injection attack, a clean-label poisoning attack, and a temporal perturbation attack on spike-domain systems while maintaining their apparent clean performance. To overcome these shortcomings, we introduce a modality-aware unified framework, SpikeMimicAI, and the SpikeShieldNet architecture to model and defend against threats and attacks associated with spike-domain mimicry and poisoning. In the proposed framework, the modality-specific temporal encoders, modality-aware temporal attention fusion, the Leaky Integrate-and-Fire spiking feature-extraction core, and the dual-head output layer for classification and mimicry detection are included. Adversarial training and spike-domain regularisation are incorporated in the optimisation procedure to enhance the robustness. Several datasets representing event-driven sensing modalities, such as event vision, spiking audio, and independent eventized inertial sensing, were tested in experiments. Results demonstrate that, with a moderate level of poisoning, attack success rates in a system (denial-of-service (DoS) attacks) exceeding 80% can be achieved without defence. In contrast, when SpikeShieldNet is used, attack success rates drop below 15%, while maintaining a clean accuracy within 1–1.5% points of the normal attack (no poisoning). These results show the value of modality-aware, temporal defence modelling and underline a principled approach towards enhancing the security of neuromorphic artificial intelligence for safety-critical and edge computing applications.