Related papers: Quantum Data Breach: Reusing Training Dataset by Untrusted Quantum Clouds

Quantum Data Breach: Reusing Training Dataset by Untrusted Quantum Clouds

URL: http://arxiv.org/abs/2407.14687v1
Date: Fri, 19 Jul 2024 22:06:34 GMT
Title: Quantum Data Breach: Reusing Training Dataset by Untrusted Quantum Clouds
Authors: Suryansh Upadhyay, Swaroop Ghosh,
Abstract summary: We show that adversaries in quantum clouds can use white-box access of the QML model during training to extract the labels. The extracted training data can be reused for training a clone model or sold for profit. We propose a suite of techniques to prune and fix the incorrect labels.
Score: 2.348041867134616
License: http://creativecommons.org/licenses/by-nc-nd/4.0/
Abstract: Quantum computing (QC) has the potential to revolutionize fields like machine learning, security, and healthcare. Quantum machine learning (QML) has emerged as a promising area, enhancing learning algorithms using quantum computers. However, QML models are lucrative targets due to their high training costs and extensive training times. The scarcity of quantum resources and long wait times further exacerbate the challenge. Additionally, QML providers may rely on a third-party quantum cloud for hosting the model, exposing the models and training data. As QML-as-a-Service (QMLaaS) becomes more prevalent, reliance on third party quantum clouds can pose a significant threat. This paper shows that adversaries in quantum clouds can use white-box access of the QML model during training to extract the state preparation circuit (containing training data) along with the labels. The extracted training data can be reused for training a clone model or sold for profit. We propose a suite of techniques to prune and fix the incorrect labels. Results show that $\approx$90\% labels can be extracted correctly. The same model trained on the adversarially extracted data achieves approximately $\approx$90\% accuracy, closely matching the accuracy achieved when trained on the original data. To mitigate this threat, we propose masking labels/classes and modifying the cost function for label obfuscation, reducing adversarial label prediction accuracy by $\approx$70\%.

Related papers

Quantum Quandaries: Unraveling Encoding Vulnerabilities in Quantum Neural Networks [2.348041867134616]
This work demonstrates that adversaries in quantum cloud environments can exploit white box access to QML models. We report that 95% of the time, the encoding can be predicted correctly. To mitigate this threat, we propose a transient obfuscation layer that masks encoding fingerprints.
arXiv Detail & Related papers (2025-02-03T16:21:16Z)
Adversarial Poisoning Attack on Quantum Machine Learning Models [2.348041867134616]
We introduce a quantum indiscriminate data poisoning attack, QUID. QUID achieves up to $92%$ accuracy degradation in model performance compared to baseline models. We also tested QUID against state-of-the-art classical defenses, with accuracy degradation still exceeding $50%$.
arXiv Detail & Related papers (2024-11-21T18:46:45Z)
Training quantum machine learning models on cloud without uploading the data [0.0]
We propose a method that runs the parameterized quantum circuits before encoding the input data. This enables a dataset owner to train machine learning models on quantum cloud platforms. It is also capable of encoding a vast amount of data effectively at a later time using classical computations.
arXiv Detail & Related papers (2024-09-06T20:14:52Z)
Quantum Active Learning [3.3202982522589934]
Training a quantum neural network typically demands a substantial labeled training set for supervised learning. QAL effectively trains the model, achieving performance comparable to that on fully labeled datasets. We elucidate the negative result of QAL being overtaken by random sampling baseline through miscellaneous numerical experiments.
arXiv Detail & Related papers (2024-05-28T14:39:54Z)
QKSAN: A Quantum Kernel Self-Attention Network [53.96779043113156]
A Quantum Kernel Self-Attention Mechanism (QKSAM) is introduced to combine the data representation merit of Quantum Kernel Methods (QKM) with the efficient information extraction capability of SAM. A Quantum Kernel Self-Attention Network (QKSAN) framework is proposed based on QKSAM, which ingeniously incorporates the Deferred Measurement Principle (DMP) and conditional measurement techniques. Four QKSAN sub-models are deployed on PennyLane and IBM Qiskit platforms to perform binary classification on MNIST and Fashion MNIST.
arXiv Detail & Related papers (2023-08-25T15:08:19Z)
Machine Learning Force Fields with Data Cost Aware Training [94.78998399180519]
Machine learning force fields (MLFF) have been proposed to accelerate molecular dynamics (MD) simulation. Even for the most data-efficient MLFFs, reaching chemical accuracy can require hundreds of frames of force and energy labels. We propose a multi-stage computational framework -- ASTEROID, which lowers the data cost of MLFFs by leveraging a combination of cheap inaccurate data and expensive accurate data.
arXiv Detail & Related papers (2023-06-05T04:34:54Z)
AI Model Disgorgement: Methods and Choices [127.54319351058167]
We introduce a taxonomy of possible disgorgement methods that are applicable to modern machine learning systems. We investigate the meaning of "removing the effects" of data in the trained model in a way that does not require retraining from scratch.
arXiv Detail & Related papers (2023-04-07T08:50:18Z)
Quantum Imitation Learning [74.15588381240795]
We propose quantum imitation learning (QIL) with a hope to utilize quantum advantage to speed up IL. We develop two QIL algorithms, quantum behavioural cloning (Q-BC) and quantum generative adversarial imitation learning (Q-GAIL) Experiment results demonstrate that both Q-BC and Q-GAIL can achieve comparable performance compared to classical counterparts.
arXiv Detail & Related papers (2023-04-04T12:47:35Z)
Delegated variational quantum algorithms based on quantum homomorphic encryption [69.50567607858659]
Variational quantum algorithms (VQAs) are one of the most promising candidates for achieving quantum advantages on quantum devices. The private data of clients may be leaked to quantum servers in such a quantum cloud model. A novel quantum homomorphic encryption (QHE) scheme is constructed for quantum servers to calculate encrypted data.
arXiv Detail & Related papers (2023-01-25T07:00:13Z)
A didactic approach to quantum machine learning with a single qubit [68.8204255655161]
We focus on the case of learning with a single qubit, using data re-uploading techniques. We implement the different proposed formulations in toy and real-world datasets using the qiskit quantum computing SDK.
arXiv Detail & Related papers (2022-11-23T18:25:32Z)
Generalization in quantum machine learning from few training data [4.325561431427748]
Modern quantum machine learning (QML) methods involve variationally optimizing a parameterized quantum circuit on a training data set. We show that the generalization error of a quantum machine learning model with $T$ trainable gates at worst as $sqrtT/N$. We also show that classification of quantum states across a phase transition with a quantum convolutional neural network requires only a very small training data set.
arXiv Detail & Related papers (2021-11-09T17:49:46Z)

This list is automatically generated from the titles and abstracts of the papers in this site.