Abstract
Deep learning (DL)-based image classification models are essential for autonomous vehicle (AV) perception modules since incorrect categorization might have severe repercussions. Adversarial attacks are widely studied cyberattacks that can lead DL models to predict inaccurate output, such as incorrectly classified traffic signs by the perception module of an autonomous vehicle. In this study, we create and compare hybrid classical-quantum deep learning (HCQ-DL) models with classical deep learning (C-DL) models to demonstrate robustness against adversarial attacks for perception modules. Before feeding them into the quantum system, we used transfer learning models, alexnet and vgg-16, as feature extractors. We tested over 1000 quantum circuits in our HCQ-DL models for projected gradient descent (PGD), fast gradient sign attack (FGSA), and gradient attack (GA), which are three well-known untargeted adversarial approaches. We evaluated the performance of all models during adversarial attacks and no-attack scenarios. Our HCQ-DL models maintain accuracy above 95\% during a no-attack scenario and above 91\% for GA and FGSA attacks, which is higher than C-DL models. During the PGD attack, our alexnet-based HCQ-DL model maintained an accuracy of 85\% compared to C-DL models that achieved accuracies below 21\%. Our results highlight that the HCQ-DL models provide improved accuracy for traffic sign classification under adversarial settings compared to their classical counterparts.
Abstract (translated)
基于深度学习(DL)的图像分类模型对于自动驾驶汽车(AV)感知模块至关重要,因为错误的分类可能会导致严重后果。对抗性攻击是广泛研究的网络攻击之一,可以导致DL模型预测出不准确的结果,例如自动驾驶车辆感知模块中交通标志被误分类的情况。在这项研究中,我们创建并比较了混合经典-量子深度学习(HCQ-DL)模型与传统深度学习(C-DL)模型,以展示其在对抗性攻击下为感知模块提供的鲁棒性。为了将它们输入到量子系统之前,我们使用迁移学习模型alexnet和vgg-16作为特征提取器。我们在我们的HCQ-DL模型中测试了超过1000个量子电路,针对投影梯度下降(PGD)、快速梯度符号攻击(FGSA)和梯度攻击(GA),这三种著名的非目标对抗性方法进行了测试。我们评估了所有模型在遭遇对抗性和无攻击场景下的性能表现。我们的HCQ-DL模型在无攻击场景下保持超过95%的准确率,在面对GA和FGSA攻击时准确率维持在91%以上,这一数值高于传统DL模型的表现。在PGD攻击期间,我们基于alexnet的HCQ-DL模型能够保持85%的准确性,而C-DL模型的准确率则低于21%。我们的研究结果表明,在对抗性设置下,HCQ-DL模型为交通标志分类提供的精度优于其传统DL模型对应者。
URL
https://arxiv.org/abs/2504.12644
