Quantum Computing Supported Adversarial Attack-Resilient Autonomous Vehicle Perception Module for Traffic Sign Classification
Reek Majumder, Mashrur Chowdhury, Sakib Mahmud Khan, Zadid Khan, Fahim Ahmad, Frank Ngeni, Gurcan Comert, Judith Mwakalonge, Dimitra Michalaka
TL;DR
This paper tackles the vulnerability of autonomous vehicle perception to adversarial attacks by introducing hybrid classical-quantum deep learning (HCQ-DL) models that embed low-depth variational quantum circuits within a conventional DL pipeline. By using alexnet and vgg-16 as frozen feature extractors, the authors evaluate over 1000 quantum circuit configurations against untargeted attacks including PGD, FGSA, and GA, comparing against classical DL (C-DL) baselines. Results show HCQ-DL achieves superior resilience, maintaining accuracy above 95% in no-attack scenarios and above 91% under certain attacks, with alexnet-based HCQ-DL reaching 85% accuracy under the strong PGD attack where C-DL falls below 21%. The work demonstrates that quantum components can enhance traffic sign recognition robustness without reliance on input preprocessing or adversarial retraining, highlighting a viable route toward more secure AV perception modules.
Abstract
Deep learning (DL)-based image classification models are essential for autonomous vehicle (AV) perception modules since incorrect categorization might have severe repercussions. Adversarial attacks are widely studied cyberattacks that can lead DL models to predict inaccurate output, such as incorrectly classified traffic signs by the perception module of an autonomous vehicle. In this study, we create and compare hybrid classical-quantum deep learning (HCQ-DL) models with classical deep learning (C-DL) models to demonstrate robustness against adversarial attacks for perception modules. Before feeding them into the quantum system, we used transfer learning models, alexnet and vgg-16, as feature extractors. We tested over 1000 quantum circuits in our HCQ-DL models for projected gradient descent (PGD), fast gradient sign attack (FGSA), and gradient attack (GA), which are three well-known untargeted adversarial approaches. We evaluated the performance of all models during adversarial attacks and no-attack scenarios. Our HCQ-DL models maintain accuracy above 95\% during a no-attack scenario and above 91\% for GA and FGSA attacks, which is higher than C-DL models. During the PGD attack, our alexnet-based HCQ-DL model maintained an accuracy of 85\% compared to C-DL models that achieved accuracies below 21\%. Our results highlight that the HCQ-DL models provide improved accuracy for traffic sign classification under adversarial settings compared to their classical counterparts.