A black-box backdoor attack against quantum neural networks

被引:0
作者
Zhao, Jiayu [1 ,2 ,3 ]
Yan, Lili [1 ,2 ,3 ]
Tan, Dong [1 ,2 ,3 ]
Chang, Yan [1 ,2 ,3 ]
Zhang, Shibin [1 ,2 ,3 ]
机构
[1] Chengdu Univ Informat Technol, Xin Gu Ind Coll, Sch Cybersecur, Chengdu 610225, Peoples R China
[2] Adv Cryptog & Syst Secur Key Lab Sichuan Prov, Chengdu 610225, Peoples R China
[3] SUGON Ind Control & Secur Ctr, Chengdu 610225, Peoples R China
基金
中国国家自然科学基金;
关键词
quantum neural networks; variational quantum circuits; quantum artificial intelligence security; backdoor attacks; black-box attacks;
D O I
10.1088/2058-9565/addf74
中图分类号
O4 [物理学];
学科分类号
0702 ;
摘要
Quantum neural networks (QNNs), as a novel model that combines the advantages of quantum computing and classical neural networks, are similarly vulnerable to backdoor attacks like classical neural networks. Current research on backdoor attacks against QNNs is limited by model structure or poisoning rate, resulting in poor attack performance in black-box scenarios. This paper proposes a black-box attack method that uses a quantum-classical hybrid generative model to generate transferable backdoor triggers for QNNs with unknown structures. The method generates universal adversarial perturbations as triggers based on generative models, and designs a QNN pool by utilizing the idea of ensemble models. It combines the min-max framework and non-target Kullback-Leibler divergence technique to improve the transferability of triggers to achieve a black-box attack. Experiments demonstrate that with a poisoning rate of only 5%, the attack success rate exceeds 98% for three different structured QNNs, proving the effectiveness of this backdoor attack. In addition, we also prove that the existing detection methods such as strip and spectral signatures are unable to defend against the backdoor attack proposed in this paper.
引用
收藏
页数:14
相关论文
共 46 条
[1]  
Anil G, 2024, AAAI CONF ARTIF INTE, P10891
[2]  
Bergholm V, 2022, Arxiv, DOI arXiv:1811.04968
[3]  
Brylinski JL, 2002, COMP MATH SERIES, P101
[4]   Machine learning for quantum matter [J].
Carrasquilla, Juan .
ADVANCES IN PHYSICS-X, 2020, 5 (01)
[5]   Variational quantum algorithms [J].
Cerezo, M. ;
Arrasmith, Andrew ;
Babbush, Ryan ;
Benjamin, Simon C. ;
Endo, Suguru ;
Fujii, Keisuke ;
McClean, Jarrod R. ;
Mitarai, Kosuke ;
Yuan, Xiao ;
Cincio, Lukasz ;
Coles, Patrick J. .
NATURE REVIEWS PHYSICS, 2021, 3 (09) :625-644
[6]   Variational Quantum Circuits for Deep Reinforcement Learning [J].
Chen, Samuel Yen-Chi ;
Yang, Chao-Han Huck ;
Qi, Jun ;
Chen, Pin-Yu ;
Ma, Xiaoli ;
Goan, Hsi-Sheng .
IEEE ACCESS, 2020, 8 :141007-141024
[7]  
Chen XY, 2017, Arxiv, DOI arXiv:1712.05526
[8]  
Chu Cheng, 2023, 2023 IEEE International Conference on Quantum Computing and Engineering (QCE), P1098, DOI 10.1109/QCE57702.2023.00124
[9]  
Chu C., 2023, ICASSP 2023 2023 IEE, P1
[10]  
Demontis A, 2019, PROCEEDINGS OF THE 28TH USENIX SECURITY SYMPOSIUM, P321