Backdoor Attacks against Hybrid Classical-Quantum Neural Networks

TL;DR

This paper systematically studies backdoor attacks on Hybrid Quantum Neural Networks, proposing new attack frameworks, analyzing their robustness, and introducing a novel Qcolor backdoor that leverages color shifts.

Contribution

It is the first to analyze backdoor attacks on HQNNs, providing theoretical insights and proposing the Qcolor backdoor with optimized hyperparameters.

Findings

HQNNs are more robust than CNNs against backdoor attacks.

The Qcolor backdoor is effective, stealthy, and robust.

Backdoor attack requirements are higher for HQNNs.

Abstract

Hybrid Quantum Neural Networks (HQNNs) represent a promising advancement in Quantum Machine Learning (QML), yet their security has been rarely explored. In this paper, we present the first systematic study of backdoor attacks on HQNNs. We begin by proposing an attack framework and providing a theoretical analysis of the generalization bounds and minimum perturbation requirements for backdoor attacks on HQNNs. Next, we employ two classic backdoor attack methods on HQNNs and Convolutional Neural Networks (CNNs) to further investigate the robustness of HQNNs. Our experimental results demonstrate that HQNNs are more robust than CNNs, requiring more significant image modifications for successful attacks. Additionally, we introduce the Qcolor backdoor, which utilizes color shifts as triggers and employs the Non-dominated Sorting Genetic Algorithm II (NSGA-II) to optimize hyperparameters. Through extensive experiments, we demonstrate the effectiveness, stealthiness, and robustness of the Qcolor backdoor.