TY - GEN
T1 - Evaluating Efficacy of Model Stealing Attacks and Defenses on Quantum Neural Networks
AU - Kundu, Satwik
AU - Kundu, Debarshi
AU - Ghosh, Swaroop
N1 - Publisher Copyright:
© 2024 ACM.
PY - 2024/6/12
Y1 - 2024/6/12
N2 - Cloud hosting of quantum machine learning (QML) models exposes them to a range of vulnerabilities, the most significant of which is the model stealing attack. In this study, we assess the efficacy of such attacks in the realm of quantum computing. Our findings revealed that model stealing attacks can produce clone models achieving up to 0.9 × and 0.99 × clone test accuracy when trained using Top-1 and Top-k labels, respectively (k: num_classes). To defend against these attacks, we propose: 1) hardware variation-induced perturbation (HVIP) and 2) hardware and architecture variation-induced perturbation (HAVIP). Despite limited success with our defense techniques, it has led to an important discovery: QML models trained on noisy hardwares are naturally resistant to perturbation or obfuscation-based defenses or attacks.
AB - Cloud hosting of quantum machine learning (QML) models exposes them to a range of vulnerabilities, the most significant of which is the model stealing attack. In this study, we assess the efficacy of such attacks in the realm of quantum computing. Our findings revealed that model stealing attacks can produce clone models achieving up to 0.9 × and 0.99 × clone test accuracy when trained using Top-1 and Top-k labels, respectively (k: num_classes). To defend against these attacks, we propose: 1) hardware variation-induced perturbation (HVIP) and 2) hardware and architecture variation-induced perturbation (HAVIP). Despite limited success with our defense techniques, it has led to an important discovery: QML models trained on noisy hardwares are naturally resistant to perturbation or obfuscation-based defenses or attacks.
UR - http://www.scopus.com/inward/record.url?scp=85197903865&partnerID=8YFLogxK
UR - http://www.scopus.com/inward/citedby.url?scp=85197903865&partnerID=8YFLogxK
U2 - 10.1145/3649476.3658806
DO - 10.1145/3649476.3658806
M3 - Conference contribution
AN - SCOPUS:85197903865
T3 - Proceedings of the ACM Great Lakes Symposium on VLSI, GLSVLSI
SP - 556
EP - 559
BT - GLSVLSI 2024 - Proceedings of the Great Lakes Symposium on VLSI 2024
PB - Association for Computing Machinery
T2 - 34th Great Lakes Symposium on VLSI 2024, GLSVLSI 2024
Y2 - 12 June 2024 through 14 June 2024
ER -