A Hybrid Quantum-Classical AI-Based Detection Strategy for Generative Adversarial Network-Based Deepfake Attacks on an Autonomous Vehicle Traffic Sign Classification System

View on arXiv ← Back to list

Authors: M Sabbir Salek, Shaozhi Li, Mashrur Chowdhury

Published: 2024-09-25 19:44:56+00:00

AI Summary

This research proposes a hybrid quantum-classical neural network (NN) for detecting deepfake traffic sign images, aiming to improve the security of autonomous vehicle (AV) systems. The hybrid approach uses amplitude encoding to reduce memory requirements compared to classical convolutional NNs, achieving comparable or better deepfake detection performance.

Abstract

The perception module in autonomous vehicles (AVs) relies heavily on deep learning-based models to detect and identify various objects in their surrounding environment. An AV traffic sign classification system is integral to this module, which helps AVs recognize roadway traffic signs. However, adversarial attacks, in which an attacker modifies or alters the image captured for traffic sign recognition, could lead an AV to misrecognize the traffic signs and cause hazardous consequences. Deepfake presents itself as a promising technology to be used for such adversarial attacks, in which a deepfake traffic sign would replace a real-world traffic sign image before the image is fed to the AV traffic sign classification system. In this study, the authors present how a generative adversarial network-based deepfake attack can be crafted to fool the AV traffic sign classification systems. The authors developed a deepfake traffic sign image detection strategy leveraging hybrid quantum-classical neural networks (NNs). This hybrid approach utilizes amplitude encoding to represent the features of an input traffic sign image using quantum states, which substantially reduces the memory requirement compared to its classical counterparts. The authors evaluated this hybrid deepfake detection approach along with several baseline classical convolutional NNs on real-world and deepfake traffic sign images. The results indicate that the hybrid quantum-classical NNs for deepfake detection could achieve similar or higher performance than the baseline classical convolutional NNs in most cases while requiring less than one-third of the memory required by the shallowest classical convolutional NN considered in this study.

Key findings
The hybrid quantum-classical NN achieved similar or better deepfake detection performance compared to baseline classical CNNs. Significantly, the quantum-classical model required substantially less memory (less than one-third) than even the shallowest classical CNN.
Approach
The authors develop a deepfake attack model using a Generative Adversarial Network (GAN) to create fake traffic sign images. They then propose a deepfake detection strategy using a hybrid quantum-classical NN. This model uses amplitude encoding for image representation and combines quantum neural networks with classical fully connected layers for classification.
Datasets
LISA traffic sign dataset and Mapillary traffic sign dataset (combined), with a generated deepfake dataset.
Model(s)
Hybrid quantum-classical neural network, classical convolutional neural networks (CNN-1 to CNN-5), ResNet9 (traffic sign classifier), WGAN-GP (for deepfake generation)
Author countries
USA
← Previous
Next →