Dqas Achieves Robust Quantum Computer Vision Against Adversarial Attacks and Noise

Researchers are tackling the critical challenge of vulnerability in quantum networks to both adversarial attacks and inherent hardware noise. Mohamed Afane, Quanjiang Long, and Haoting Shen, from Fordham University and Zhejiang University respectively, alongside Ying Mao, Junaid Farooq, and Ying Wang et al., present a novel framework , Differentiable Architecture Search for Adversarially Robust Quantum Computer Vision , that promises to bridge the gap between robustness and performance. Their work is significant because it introduces a hybrid quantum-classical approach, optimising circuit design and robustness simultaneously using gradient-based methods, unlike existing techniques which often trade accuracy for defence. By incorporating a lightweight Classical Noise Layer, the team demonstrates consistent improvements in both standard and adversarial accuracy across benchmark datasets like MNIST and CIFAR, and crucially, validates the practicality of their findings on real quantum hardware.

Under various attack scenarios, Fast Gradient Sign Method (FGSM), Projected Gradient Descent (PGD), Basic Iterative Method (BIM), and Momentum Iterative Method (MIM), and realistic quantum noise conditions, the hybrid framework consistently maintained superior performance compared to existing techniques. Testing on actual quantum hardware confirmed the practical viability of the discovered architectures, demonstrating a crucial step towards scalable quantum computer vision.

This research establishes that strategic classical preprocessing, combined with differentiable quantum architecture optimisation, can significantly enhance quantum neural network robustness while maintaining computational efficiency. The work opens new avenues for developing quantum machine learning models resilient to real-world imperfections, a critical requirement for practical applications. Specifically, the team’s method consistently improved both clean and adversarial accuracy, offering a favourable trade-off between performance and robustness across diverse architectures. This research pioneers a method for jointly optimising circuit structure and robustness using gradient-based techniques, addressing the trade-off between clean accuracy and computational resources often seen in existing approaches. The team enhanced traditional DQAS by integrating a lightweight Classical Noise Layer (CNL) prior to quantum processing, enabling simultaneous optimisation of gate selection and noise parameters, a key innovation in the study. Experiments employed the MNIST, FashionMNIST, and CIFAR datasets to validate the framework’s performance, consistently demonstrating improvements in both clean and adversarial accuracy when compared to existing quantum methods.
The study meticulously tested the system under a range of attack scenarios, including Fast Gradient Sign Method (FGSM), Projected Gradient Descent (PGD), Basic Iterative Method (BIM), and Momentum Iterative Method (MIM), alongside realistic quantum noise conditions, revealing the framework’s superior performance across diverse challenges. Researchers engineered the CNL to selectively inject mild, trainable perturbations into input data, preserving accuracy on clean examples while effectively mitigating adversarial and stochastic fluctuations, a crucial step towards practical deployment. The methodology involved a unique joint optimisation process, where the quantum neural network (QNN) architecture and the parameters of the CNL were simultaneously refined using gradient descent. This approach enables the discovery of robust, high-performance models tailored for challenging vision tasks, avoiding the computational overhead associated with traditional circuit-level quantum defences.

Furthermore, the team validated the discovered architectures on actual quantum hardware, confirming the practical viability of the proposed framework and demonstrating its potential for real-world applications. This work details a precise measurement approach, evaluating performance under varying attack strengths and noise levels to quantify the robustness gains achieved by the hybrid framework. The system delivers consistent improvements, as evidenced by comparative results against baseline QNNs and classical convolutional neural networks (CNNs) on the benchmark datasets. The team measured consistent improvements in both clean and adversarial accuracy across MNIST, FashionMNIST, and CIFAR datasets, demonstrating a breakthrough in quantum machine learning resilience. Experiments revealed that this approach surpasses existing quantum methods in maintaining performance under challenging conditions, paving the way for more reliable quantum applications. The core of this work lies in the introduction of a lightweight Classical Noise Layer (CNL) applied before quantum processing, enabling simultaneous optimization of gate selection and noise parameters.

This CNL selectively injects mild, trainable perturbations into input data, preserving accuracy on clean examples while effectively mitigating the impact of both adversarial and stochastic fluctuations. Results demonstrate that the framework maintains superior performance under various attack scenarios, including Fast Gradient Sign Method (FGSM), Projected Gradient Descent (PGD), Basic Iterative Method (BIM), and Momentum Iterative Method (MIM). The team meticulously recorded performance metrics across these attacks, confirming the framework’s adaptability and resilience. Tests prove the practical viability of the discovered architectures through implementation on actual quantum hardware.

The research details how strategic classical preprocessing, combined with differentiable quantum architecture optimization, significantly enhances quantum neural network robustness while maintaining computational efficiency. Specifically, the study showcases a favorable tradeoff between accuracy and robustness for diverse architectures, as illustrated by comparisons on the MNIST dataset under an ε = 0.3 attack. The framework’s ability to jointly optimize circuit structure and robustness through gradient-based methods represents a substantial advancement in the field. Measurements confirm that this approach avoids the overhead commonly associated with circuit-level quantum defenses, offering a streamlined and efficient solution.

The team’s work builds upon existing differentiable methods for quantum circuit design, but distinguishes itself by directly addressing the critical issue of robustness against real-world noise and adversarial manipulation. Data shows that this hybrid approach offers a compelling alternative to computationally expensive methods like evolutionary algorithms and reinforcement learning, providing a more efficient pathway to discovering effective quantum circuit architectures. This breakthrough delivers a promising step towards deploying robust.