Spiking Neural Networks (SNNs) have attracted increasing attention due to their energy efficiency and suitability for neuromorphic data processing. Despite these advantages, the security of SNNs—particularly their robustness against backdoor attacks—remains underexplored. This study revisits fine-pruning, a widely adopted backdoor defense technique in deep neural networks, and adapts it to the unique spatio-temporal characteristics of SNNs. We propose two SNN-specific fine-pruning methods: Hook–Surrogate Gradient-based fine-pruning (HS-FP) and Spike–STDP-based fine-pruning (SS-FP). HS-FP leverages hook-based activation analysis with surrogate gradient learning, while SS-FP integrates total spike activity with hybrid STDP and surrogate gradient fine-tuning. We evaluate both methods against static, moving, and smart backdoor attacks on two neuromorphic benchmarks, N-MNIST and DVS128-Gesture. Experimental results show that both approaches reduce the attack success rate down to approximately 10% while preserving model accuracy above 99% on N-MNIST and achieving substantial recovery on DVS128-Gesture. Moreover, our analysis reveals that several phenomena observed in fine-pruning-based defenses for deep neural networks—such as mixed-function neurons and backdoor reactivation during fine-tuning—also manifest in SNNs. These findings highlight both the effectiveness and limitations of fine-pruning in the SNN domain and suggest promising directions for extending existing DNN security methodologies to neuromorphic systems.
Kim et al. (Wed,) studied this question.