基于随机量子层的变分量子卷积神经网络鲁棒性研究

doi:10.3969/j.issn.1671-1122.2024.03.003

摘要/Abstract

摘要：

近年来，量子机器学习被证明与经典机器学习一样会被一个精心设计的微小扰动干扰从而造成识别准确率严重下降。目前增加模型对抗鲁棒性的方法主要有模型优化、数据优化和对抗训练。文章从模型优化角度出发，提出了一种新的方法，旨在通过将随机量子层与变分量子神经网络连接组成新的量子全连接层，与量子卷积层和量子池化层组成变分量子卷积神经网络（Variational Quantum Convolutional Neural Networks，VQCNN），来增强模型的对抗鲁棒性。文章在KDD CUP99数据集上对基于VQCNN的量子分类器进行了验证。实验结果表明，在快速梯度符号法（Fast Gradient Sign Method，FGSM）、零阶优化法（Zeroth-Order Optimization，ZOO）以及基于遗传算法的生成对抗样本的攻击下，文章提出的VQCNN模型准确率下降值分别为11.18%、15.21%和33.64%，与其它4种模型相比准确率下降值最小。证明该模型在对抗性攻击下具有更高的稳定性，其对抗鲁棒性更优秀。同时在面对基于梯度的攻击方法（FGSM和ZOO）时的准确率下降值更小，证明文章提出的VQCNN模型在面对此类攻击时更有效。

关键词: 随机量子电路, 量子机器学习, 对抗性攻击, 变分量子线路

Abstract:

In recent years, quantum machine learning has been shown to be susceptible to small disturbances, leading to a significant decline in recognition accuracy. Currently, increasing the adversarial robustness of models mainly involves model optimization, data optimization, and adversarial training. This article proposed a new method from the perspective of model optimization, aiming to enhance the adversarial robustness of the model by connecting random quantum layers with variational quantum neural networks to form a new quantum fully connected layer, and combining it with quantum convolutional layers and quantum pooling layers to form a variational quantum convolutional neural network (Variational Quantum Convolutional Neural Networks, VQCNN). The quantum classifier based on VQCNN is validated on the KDD Cup 99 dataset. The results show that under the attacks of Fast Gradient Sign Method (Fast Gradient Sign Method, FGSM), Zeroth-Order Optimization Method (Zeroth-Order Optimization, ZOO), and genetic algorithm-based adversarial sample generation, the proposed VQCNN model has the smallest accuracy drop compared with other four models, which are 11.18%, 15.21%, and 33.64% respectively. This demonstrates that the model has higher stability under adversarial attacks and its adversarial robustness is better. At the same time, the accuracy drop is lower when facing gradient-based attack methods (FGSM and ZOO), indicating that the proposed random quantum layer is more effective in facing such attacks.

Key words: random quantum circuits, quantum machine learning, adversarial attacks, variational quantum circuits

中图分类号:

TP309

戚晗, 王敬童, 拱长青. 基于随机量子层的变分量子卷积神经网络鲁棒性研究[J]. 信息网络安全, 2024, 24(3): 363-373.

QI Han, WANG Jingtong, ABDULLAH Gani, GONG Changqing. Robustness of Variational Quantum Convolutional Neural Networks Based on Random Quantum Layers[J]. Netinfo Security, 2024, 24(3): 363-373.

图/表 13

图1

图2

图3

图4

图5

表1

表2

图6

图7

图8

表3

图9

表4

参考文献 36

[1]	ARUTE F, ARYA K, BABBUSH R, et al. Quantum Supremacy Using a Programmable Superconducting Processor[J]. Nature, 2019, 574: 505-510. doi: 10.1038/s41586-019-1666-5
[2]	JORDAN M I, MITCHELL T M. Machine Learning: Trends, Machine Learning: Trends, Perspectives, and Prospects[J]. Science, 2015, 349(6245): 255-260. doi: 10.1126/science.aaa8415 pmid: 26185243
[3]	ZHOU L, WANG Shengtao, CHOI S, et al. Quantum Approximate Optimization Algorithm: Performance, Mechanism, and Implementation on Near-Term Devices[EB/OL]. (2020-06-24)[2023-12-05]. https://doi.org/10.1103/PhysRevX.10.021067.
[4]	LI Ya, TIAN Xinmei, SONG Mingli, et al. Multi-Task Proximal Support Vector Machine[J]. Pattern Recognition, 2015, 48(10): 3249-3257. doi: 10.1016/j.patcog.2015.01.014 URL
[5]	ZHOU Shangnan. Quantum Data Compression and Quantum Cross Entropy[EB/OL]. (2021-06-25)[2023-12-05]. https://ui.adsabs.harvard.edu/abs/2021arXiv210613823S.
[6]	CHEN Yiwei, PAN Yu, DONG Daoyi, et al. Quantum Language Model with Entanglement Embedding for Question Answering[J]. IEEE Transactions on Cybernetics, 2023, 53(6): 3467-3478. doi: 10.1109/TCYB.2021.3131252 URL
[7]	BIAMONTE J, WITTEK P, PANCOTTI N. Quantum Machine Learning[J]. Nature, 2017, 549: 195-202. doi: 10.1038/nature23474 URL
[8]	AVRAMOULI M, SAVVAS I K, VASILAKI A, et al. Unlocking the Potential of Quantum Machine Learning to Advance Drug Discovery[EB/OL]. (2023-05-25)[2023-12-05]. https://doi.org/10.3390/electronics12112402.
[9]	SCHUHMACHER J, MAZZOLA G, TACCHINO F, et al. Extending the Reach of Quantum Computing for Materials Science with Machine Learning Potentials[EB/OL]. (2022-11-17)[2023-12-05]. https://doi.org/10.1063/5.0099469.
[10]	CONG I, CHOI S, LUKIN M D. Quantum Convolutional Neural Networks[J]. NATURE PHYSICS, 2019, 15: 1273-1278. doi: 10.1038/s41567-019-0648-8
[11]	HE Rui, DING Zeqing. Recognition of Micro Parts Based on Quantum Convolution Neural Network Algorithm[J]. Food & Machinery, 2021, 37(6): 120-125.
	何瑞, 丁泽庆. 基于量子卷积神经网络算法的微小零件识别[J]. 食品与机械, 2021, 37(6): 120-125.
[12]	PESAH A, CEREZO M, WANG S, et al. Absence of Barren Plateaus in Quantum Convolutional Neural Networks[EB/OL]. (2022-10-15)[2023-12-05]. https://link.aps.org/doi/10.1103/PhysRevX.11.041011.
[13]	FAN Xingkui, LIU Guangzhe, WANG Haowen, et al. A New Model of Image Recognition Based on Quantum Convolutional Neural Network[J]. Journal of University of Electronic Science and Technology of China, 2022, 5: 642-650.
	范兴奎, 刘广哲, 王浩文, 等. 基于量子卷积神经网络的图像识别新模型[J]. 电子科技大学学报, 2022, 5: 642-650.
[14]	PRESKILL J. Quantum Computing in the NISQ Era and Beyond[EB/OL]. (2018-08-06)[2023-12-05]. http://dx.doi.org/10.22331/q-2018-08-06-79.
[15]	XIA Rongxin, KAIS S. Hybrid Quantum-Classical Neural Network for Calculating Ground State Energies of Molecules[J]. Entropy, 2020, 22(8): 828-840. doi: 10.3390/e22080828 URL
[16]	LIU Junhua, LIM K H, WOOD K L, et al. Hybrid Quantum-Classical Convolutional Neural Networks[EB/OL]. (2023-09-25)[2023-12-05]. https://doi.org/10.3389/fmars.2023.1158548.
[17]	HUANG Fangyu, TAN Xiaoqing, HUANG Rui, et al. Variational Convolutional Neural Networks Classifiers[EB/OL]. (2022-08-13)[2023-12-05]. https://doi.org/10.1016/j.physa.2022.128067.
[18]	WANG Aijuan, HU Jianglong, ZHANG Shiyue, et al. Shallow Hybrid Quantum-Classical Convolutional Neural Network Model for Image Classification[EB/OL]. (2023-05-09)[2023-12-05]. https://doi.org/10.1007/s11128-023-04217-5.
[19]	JEONG S G, DO Q V, HWANG H J, et al. Hybrid Quantum Convolutional Neural Networks for UWB Signal Classification[J]. IEEE ACCESS, 2023, 11: 113726-113739. doi: 10.1109/ACCESS.2023.3323019 URL
[20]	BOKHAN D, MASTIUKOVA A S, BOEV A S, et al. Multiclass Classification Using Quantum Convolutional Neural Networks with Hybrid Quantum-Classical Learning[EB/OL]. (2022-11-23)[2023-12-05]. http://dx.doi.org/10.3389/fphy.2022.1069985.
[21]	YANG C H, QI Jun, CHEN S Y, et al. Decentralizing Feature Extraction with Quantum Convolutional Neural Network for Automatic Speech Recognition[EB/OL]. (2021-02-12)[2023-12-05]. https://doi.org/10.1109/ICASSP39728.2021.9413453.
[22]	OVALLE-MAGALLANES M, AVINA-CERVANTES J, CRUZ-ACEVES I, et al. Hybrid Classical-Quantum Convolutional Neural Network for Stenosis Detection in X-Ray Coronary Angiography[EB/OL]. (2022-03-01)[2023-12-05]. https://doi.org/10.1016/j.eswa.2021.116112.
[23]	LU Sirui, DUAN Luming, DENG Dongling, et al. Quantum Adversarial Machine Learning[EB/OL]. (2020-08-06)[2023-12-05]. http://dx.doi.org/10.1103/PhysRevResearch.2.033212.
[24]	HUANG Chenyi, ZHANG Shibin. Enhancing Adversarial Robustness of Quantum Neural Networks by Adding Noise Layers[EB/OL]. (2023-08-10)[2023-12-05]. https://dx.doi.org/10.1088/1367-2630/ace8b4.
[25]	DU Yuxuan, HSIEH M H, LIU Tongliang, et al. Quantum Noise Protects Quantum Classi-Fiers against Adversaries[EB/OL]. (2021-05-27)[2023-12-05]. https://doi.org/10.1103/PhysRevResearch.3.023153.
[26]	HU Ling, WU Shuhan, CAI Weizhou, et al. Quantum Generative Adversarial Learning in a Superconducting Quantum Circuit[EB/OL]. (2019-01-25)[2023-12-05]. https://www.science.org/doi/abs/10.1126/sciadv.aav2761.
[27]	TSIPRAS D, SANTURKAR S, ENGSTROM L, et al. Robustness May Be at Odds with Accuracy[EB/OL]. (2019-09-09)[2023-12-05]. https://doi.org/10.48550/arXiv.1805.12152.
[28]	ZHANG Chaoyun, XAVIER C P, PAUL P. Tiki-Taka: Attacking and Defending Deep Learning-Based Intrusion Detection Systems[J]. Association for Computing Machinery, 2020, 13: 27-39.
[29]	WU Jiansheng, ZHANG Wenpeng, MA Yuan. Data Analysis And Study on KDD CUP99 Data Set[J]. Computer Applications and Software, 2014, 11: 321-325.
	吴建胜, 张文鹏, 马垣. KDD CUP99数据集的数据分析研究[J]. 计算机应用与软件, 2014, 11: 321-325.
[30]	GOODFELLOW L J, SCHLENS J, SZEGEDY C, et al. Explaining and Harnessing Adversarial Examples[EB/OL]. (2015-03-20)[2023-12-05]. https://doi.org/10.48550/arXiv.1412.6572.
[31]	CHEN Pinyu, ZHANG Huan, SHARMA Y, et al. Zoo: Zeroth Order Optimization Based Black-Box Attacks to Deep Neural Networks without Training Substitute Models[EB/OL]. (2017-08-14)[2023-12-05]. https://doi.org/10.1145/3128572.3140448.
[32]	BAI Zhixu, WANG Hengjun. Adversarial Example Generation Method Based on Improved Genetic Algorithm[J]. Computer Engineering, 2023, 49(5): 139-149. doi: 10.19678/j.issn.1000-3428.0065260
	白祉旭, 王衡军. 基于改进遗传算法的对抗样本生成方法[J]. 计算机工程, 2023, 49(5): 139-149. doi: 10.19678/j.issn.1000-3428.0065260
[33]	PAWLICKI M, CHORAS M, KOZIK R. Defending Network Intrusion Detection Systems against Adversarial Evasion Attacks[J]. Future Generation Computer Systems, 2020, 110: 148-154. doi: 10.1016/j.future.2020.04.013 URL
[34]	HUANG Shuiyuan, AN Wanjia, ZHANG Deshun, et al. Image Classification and Adversarial Robustness Analysis Based on Hybrid Quantum-Classical Convolutional Neural Network[EB/OL]. (2023-04-15)[2023-12-05]. https://doi.org/10.1016/j.optcom.2023.129287.
[35]	SIM S, JOHNSON P D, ASPURU-GUZIK A. Expressibility and Entangling Capability of Parameterized Quantum Circuits for Hybrid Quantum-Classical Algorithms[EB/OL]. (2019-10-14)[2023-12-05]. https://doi.org/10.1002/qute.201900070.
[36]	MOUSTAFA N, SLAY J. The Evaluation of Network Anomaly Detection Systems: Statistical Analysis of the UNSW-NB15 Data Set and the Comparison with the KDD99 Data Set[J]. Information Security Journal: A Global Perspective, 2016, 25(1): 18-31. doi: 10.1080/19393555.2015.1125974 URL

模型	准确率	精确率	召回率	F1值	FPR	FNR	FAR	训练时间/s
QNN	97.20％	97.21％	99.55％	98.35％	6.85％	1.36％	4.11％	1568
QCNN	98.52％	98.35％	99.76％	99.03％	3.73％	0.24％	1.99％	2110
VQNN	95.94％	98.30％	96.27％	97.26％	4.63％	0.82％	2.73％	2349
HQCNN	97.50％	99.64％	97.30％	98.41％	5.68％	1.27％	3.48％	1236
VQCNN	98.68％	100％	93.33％	96.55％	5.34％	0.67％	3.33％	2893

数据集	准确率	精确率	召回率	F1值
KDD CUP99	98.68%	100%	93.33%	96.55%
UNSW-NB15	94.41%	96.06%	95.83%	95.86%

数据集	准确率下降值	精确率下降值	召回率下降值	F1值下降值
UNSW-NB15（ZOO）	13.96%	8.27%	18.04%	13.23%
KDD CUP99（ZOO）	15.21%	9.63%	16.34%	13.41%
UNSW-NB15 （基于遗传算法的对抗性攻击）	32.81%	25.89%	32.67%	29.13%
KDD CUP99 （基于遗传算法的对抗性攻击）	33.64%	26.96%	33.64%	29.35%