Skip to content

Backdoor Attacks against Hybrid Classical-Quantum Neural Networks #40

New issue
New issue
Open
Open
Backdoor Attacks against Hybrid Classical-Quantum Neural Networks#40
Assignees
ajcodingprojects
Labels
HQCNNHybrid Quantum-Classical Neural NetworksarticleAn article resource for the projectfuturesGood for the futures assignment
@ajcodingprojects

Description

@ajcodingprojects
ajcodingprojects
opened on Apr 21, 2025

Title

Backdoor Attacks against Hybrid Classical-Quantum Neural Networks

URL

https://arxiv.org/abs/2407.16273

Summary

This paper presents the first in-depth analysis of backdoor attacks on Hybrid Classical-Quantum Neural Networks (HQNNs), a novel and promising architecture in quantum machine learning. While HQNNs combine classical neural networks with quantum circuits to enhance computational power, their security vulnerabilities have not been thoroughly explored. This research introduces a new attack strategy, the Qcolor backdoor, which exploits color channel manipulations and uses the NSGA-II genetic algorithm to balance stealthiness and effectiveness. Experimental results show that HQNNs are inherently more robust than traditional CNNs against standard backdoor triggers, but the Qcolor method can still achieve high attack success rates—even at low poisoning levels—while evading top-tier defenses.

Key Points

  • First systematic analysis of backdoor attacks on HQNNs.
  • HQNNs demonstrate stronger robustness than classical CNNs against standard backdoor triggers such as patches and blending, requiring more noticeable changes for successful attacks.
  • The proposed Qcolor backdoor alters the color ratios (RGB channels) of images to create subtle triggers, using the NSGA-II optimization algorithm to find an effective tradeoff between attack strength and visual stealth.
  • Theoretical analysis establishes generalization bounds and minimum perturbation levels needed to manipulate HQNNs, considering Hilbert space concentration and loss function smoothness.
  • Experiments show Qcolor backdoor can achieve over 99% attack success rate even with just 1% poisoned data, significantly outperforming existing techniques like Badnet and Blend under low poisoning conditions.
  • The Qcolor attack maintains high structural similarity (SSIM ~99.9%) between clean and triggered images, making it visually undetectable.
  • Evaluation against defense mechanisms (Neural Cleanse, STRIP, and Fine-Pruning) shows that Qcolor backdoor evades detection, due to its subtle and dynamic nature rather than relying on static or easily recoverable triggers.

Citation

@misc{guo2024backdoorattackshybridclassicalquantum,
title={Backdoor Attacks against Hybrid Classical-Quantum Neural Networks},
author={Ji Guo and Wenbo Jiang and Rui Zhang and Wenshu Fan and Jiachen Li and Guoming Lu},
year={2024},
eprint={2407.16273},
archivePrefix={arXiv},
primaryClass={cs.CR},
url={https://arxiv.org/abs/2407.16273},
}

Repo link

Metadata

Metadata

Assignees

Labels

HQCNNHybrid Quantum-Classical Neural NetworksarticleAn article resource for the projectfuturesGood for the futures assignment

Projects

No projects

Milestone

No milestone

Relationships

None yet

Development

No branches or pull requests

Issue actions