基于随机量子层的变分量子卷积神经网络鲁棒性研究  被引量：1

作　　者：戚晗 王敬童 ABDULLAH Gani 拱长青 QI Han;WANG Jingtong;ABDULLAH Gani;GONG Changqing(School of Computer Science,Shenyang Aerospace University,Shenyang 110136,China,2.Faculty of Computer Science and Information Technology,University of Malaya,Kuala Lumpur 50603,Malaysia)

机构地区：[1]沈阳航空航天大学计算机学院,沈阳110136 [2]马来亚大学计算机学院,吉隆坡50603

出　　处：《信息网络安全》2024年第3期363-373,共11页Netinfo Security

基　　金：辽宁省教育厅科研基金[LJKZ0208];沈阳航空航天大学高级人才科研基金[18YB06]。

摘　　要：近年来,量子机器学习被证明与经典机器学习一样会被一个精心设计的微小扰动干扰从而造成识别准确率严重下降。目前增加模型对抗鲁棒性的方法主要有模型优化、数据优化和对抗训练。文章从模型优化角度出发,提出了一种新的方法,旨在通过将随机量子层与变分量子神经网络连接组成新的量子全连接层,与量子卷积层和量子池化层组成变分量子卷积神经网络(Variational Quantum Convolutional Neural Networks,VQCNN),来增强模型的对抗鲁棒性。文章在KDD CUP99数据集上对基于VQCNN的量子分类器进行了验证。实验结果表明,在快速梯度符号法(Fast Gradient Sign Method,FGSM)、零阶优化法(Zeroth-Order Optimization,ZOO)以及基于遗传算法的生成对抗样本的攻击下,文章提出的VQCNN模型准确率下降值分别为11.18%、15.21%和33.64%,与其它4种模型相比准确率下降值最小。证明该模型在对抗性攻击下具有更高的稳定性,其对抗鲁棒性更优秀。同时在面对基于梯度的攻击方法(FGSM和ZOO)时的准确率下降值更小,证明文章提出的VQCNN模型在面对此类攻击时更有效。In recent years,quantum machine learning has been shown to be susceptible to small disturbances,leading to a significant decline in recognition accuracy.Currently,increasing the adversarial robustness of models mainly involves model optimization,data optimization,and adversarial training.This article proposed a new method from the perspective of model optimization,aiming to enhance the adversarial robustness of the model by connecting random quantum layers with variational quantum neural networks to form a new quantum fully connected layer,and combining it with quantum convolutional layers and quantum pooling layers to form a variational quantum convolutional neural network(Variational Quantum Convolutional Neural Networks,VQCNN).The quantum classifier based on VQCNN is validated on the KDD Cup 99 dataset.The results show that under the attacks of Fast Gradient Sign Method(Fast Gradient Sign Method,FGSM),Zeroth-Order Optimization Method(Zeroth-Order Optimization,ZOO),and genetic algorithm-based adversarial sample generation,the proposed VQCNN model has the smallest accuracy drop compared with other four models,which are 11.18%,15.21%,and 33.64%respectively.This demonstrates that the model has higher stability under adversarial attacks and its adversarial robustness is better.At the same time,the accuracy drop is lower when facing gradient-based attack methods(FGSM and ZOO),indicating that the proposed random quantum layer is more effective in facing such attacks.

关 键 词：随机量子电路 量子机器学习 对抗性攻击 变分量子线路 

分 类 号：TP309[自动化与计算机技术—计算机系统结构]