Backdoor Attacks against Hybrid Classical-Quantum Neural Networks

• URL: http://arxiv.org/abs/2407.16273v1
• Date: Tue, 23 Jul 2024 08:25:34 GMT
• Title: Backdoor Attacks against Hybrid Classical-Quantum Neural Networks
• Authors: Ji Guo, Wenbo Jiang, Rui Zhang, Wenshu Fan, Jiachen Li, Guoming Lu,
• Abstract summary: Hybrid Quantum Neural Networks (HQNNs) represent a promising advancement in Quantum Machine Learning (QML) We present the first systematic study of backdoor attacks on HQNNs.
• Score: 11.581538622210896
• License: http://arxiv.org/licenses/nonexclusive-distrib/1.0/
• Abstract: Hybrid Quantum Neural Networks (HQNNs) represent a promising advancement in Quantum Machine Learning (QML), yet their security has been rarely explored. In this paper, we present the first systematic study of backdoor attacks on HQNNs. We begin by proposing an attack framework and providing a theoretical analysis of the generalization bounds and minimum perturbation requirements for backdoor attacks on HQNNs. Next, we employ two classic backdoor attack methods on HQNNs and Convolutional Neural Networks (CNNs) to further investigate the robustness of HQNNs. Our experimental results demonstrate that HQNNs are more robust than CNNs, requiring more significant image modifications for successful attacks. Additionally, we introduce the Qcolor backdoor, which utilizes color shifts as triggers and employs the Non-dominated Sorting Genetic Algorithm II (NSGA-II) to optimize hyperparameters. Through extensive experiments, we demonstrate the effectiveness, stealthiness, and robustness of the Qcolor backdoor.

Related papers

• Data Poisoning-based Backdoor Attack Framework against Supervised Learning Rules of Spiking Neural Networks [3.9444202574850755]
  Spiking Neural Networks (SNNs) are known for their low energy consumption and high robustness. This paper explores the robustness performance of SNNs trained by supervised learning rules under backdoor attacks.
  arXiv  Detail & Related papers  (2024-09-24T02:15:19Z)
• Rethinking Pruning for Backdoor Mitigation: An Optimization Perspective [19.564985801521814]
  We propose an optimized Neuron Pruning (ONP) method combined with Graph Neural Network (GNN) and Reinforcement Learning (RL) to repair backdoor models. With a small amount of clean data, ONP can effectively prune the backdoor neurons implanted by a set of backdoor attacks at the cost of negligible performance degradation.
  arXiv  Detail & Related papers  (2024-05-28T01:59:06Z)
• AdvQuNN: A Methodology for Analyzing the Adversarial Robustness of Quanvolutional Neural Networks [3.9554540293311864]
  This study aims to rigorously assess the influence of quantum circuit architecture on the resilience of QuNN models. Our results show that, compared to classical convolutional networks, QuNNs achieve up to 60% higher robustness for the MNIST and 40% for FMNIST datasets.
  arXiv  Detail & Related papers  (2024-03-07T12:30:40Z)
• Securing Graph Neural Networks in MLaaS: A Comprehensive Realization of Query-based Integrity Verification [68.86863899919358]
  We introduce a groundbreaking approach to protect GNN models in Machine Learning from model-centric attacks. Our approach includes a comprehensive verification schema for GNN's integrity, taking into account both transductive and inductive GNNs. We propose a query-based verification technique, fortified with innovative node fingerprint generation algorithms.
  arXiv  Detail & Related papers  (2023-12-13T03:17:05Z)
• QDoor: Exploiting Approximate Synthesis for Backdoor Attacks in Quantum Neural Networks [7.191064733894878]
  Quantum neural networks (QNNs) succeed in object recognition, natural language processing, and financial analysis. approximate synthesis modifies the QNN circuit by reducing error-prone 2-qubit quantum gates. We propose a novel and stealthy backdoor attack, QDoor, to achieve high attack success rate in approximately-synthesized QNN circuits.
  arXiv  Detail & Related papers  (2023-07-13T18:26:19Z)
• Quantization Aware Attack: Enhancing Transferable Adversarial Attacks by Model Quantization [57.87950229651958]
  Quantized neural networks (QNNs) have received increasing attention in resource-constrained scenarios due to their exceptional generalizability. Previous studies claim that transferability is difficult to achieve across QNNs with different bitwidths. We propose textitquantization aware attack (QAA) which fine-tunes a QNN substitute model with a multiple-bitwidth training objective.
  arXiv  Detail & Related papers  (2023-05-10T03:46:53Z)
• Robustness of Bayesian Neural Networks to White-Box Adversarial Attacks [55.531896312724555]
  Bayesian Networks (BNNs) are robust and adept at handling adversarial attacks by incorporating randomness. We create our BNN model, called BNN-DenseNet, by fusing Bayesian inference (i.e., variational Bayes) to the DenseNet architecture. An adversarially-trained BNN outperforms its non-Bayesian, adversarially-trained counterpart in most experiments.
  arXiv  Detail & Related papers  (2021-11-16T16:14:44Z)
• Explainability-based Backdoor Attacks Against Graph Neural Networks [9.179577599489559]
  There are numerous works on backdoor attacks on neural networks, but only a few works consider graph neural networks (GNNs) We apply two powerful GNN explainability approaches to select the optimal trigger injecting position to achieve two attacker objectives -- high attack success rate and low clean accuracy drop. Our empirical results on benchmark datasets and state-of-the-art neural network models demonstrate the proposed method's effectiveness.
  arXiv  Detail & Related papers  (2021-04-08T10:43:40Z)
• BreakingBED -- Breaking Binary and Efficient Deep Neural Networks by Adversarial Attacks [65.2021953284622]
  We study robustness of CNNs against white-box and black-box adversarial attacks. Results are shown for distilled CNNs, agent-based state-of-the-art pruned models, and binarized neural networks.
  arXiv  Detail & Related papers  (2021-03-14T20:43:19Z)
• Toward Trainability of Quantum Neural Networks [87.04438831673063]
  Quantum Neural Networks (QNNs) have been proposed as generalizations of classical neural networks to achieve the quantum speed-up. Serious bottlenecks exist for training QNNs due to the vanishing with gradient rate exponential to the input qubit number. We show that QNNs with tree tensor and step controlled structures for the application of binary classification. Simulations show faster convergent rates and better accuracy compared to QNNs with random structures.
  arXiv  Detail & Related papers  (2020-11-12T08:32:04Z)
• Defending against Backdoor Attack on Deep Neural Networks [98.45955746226106]
  We study the so-called textitbackdoor attack, which injects a backdoor trigger to a small portion of training data. Experiments show that our method could effectively decrease the attack success rate, and also hold a high classification accuracy for clean images.
  arXiv  Detail & Related papers  (2020-02-26T02:03:00Z)

This list is automatically generated from the titles and abstracts of the papers in this site.

This site does not guarantee the quality of this site (including all information) and is not responsible for any consequences.