One-Pixel Attack for Continuous-Variable Quantum Key Distribution Systems

One-Pixel Attack for Continuous-Variable Quantum Key Distribution Systems

Deep neural networks (DNNs) have been employed in continuous-variable quantum key distribution (CV-QKD) systems as attacking detection portions of defense countermeasures. However, the vulnerability of DNNs leaves security loopholes for hacking attacks, for example, adversarial attacks. In this pape...

Full description

Bibliographic Details
Main Authors: Yushen Guo, Pengzhi Yin, Duan Huang
Format: Article
Language:English
Published: MDPI AG 2023-01-01
Series:Photonics
Subjects:
CV-QKD
one-pixel attack
adversarial attack
Online Access:https://www.mdpi.com/2304-6732/10/2/129
Description
Summary:Deep neural networks (DNNs) have been employed in continuous-variable quantum key distribution (CV-QKD) systems as attacking detection portions of defense countermeasures. However, the vulnerability of DNNs leaves security loopholes for hacking attacks, for example, adversarial attacks. In this paper, we propose to implement the one-pixel attack in CV-QKD attack detection networks and accomplish the misclassification on a minimum perturbation. This approach is based on the differential evolution, which makes our attack algorithm fool multiple DNNs with the minimal inner information of target networks. The simulation and experimental results show that, in four different CV-QKD detection networks, <inline-formula><math xmlns="http://www.w3.org/1998/Math/MathML" display="inline"><semantics><mrow><mn>52.8</mn><mo>%</mo></mrow></semantics></math></inline-formula>, <inline-formula><math xmlns="http://www.w3.org/1998/Math/MathML" display="inline"><semantics><mrow><mn>26.4</mn><mo>%</mo></mrow></semantics></math></inline-formula>, <inline-formula><math xmlns="http://www.w3.org/1998/Math/MathML" display="inline"><semantics><mrow><mn>21.2</mn><mo>%</mo></mrow></semantics></math></inline-formula>, and <inline-formula><math xmlns="http://www.w3.org/1998/Math/MathML" display="inline"><semantics><mrow><mn>23.8</mn><mo>%</mo></mrow></semantics></math></inline-formula> of the input data can be perturbed to another class by modifying just one feature, the same as one pixel for an image. We carry out this success rate in the context of the original accuracy reaching up to nearly <inline-formula><math xmlns="http://www.w3.org/1998/Math/MathML" display="inline"><semantics><mrow><mn>99</mn><mo>%</mo></mrow></semantics></math></inline-formula> on average. Further, by enlarging the number of perturbed features, the success rate can be raised to a satisfactory higher level of about <inline-formula><math xmlns="http://www.w3.org/1998/Math/MathML" display="inline"><semantics><mrow><mn>80</mn><mo>%</mo></mrow></semantics></math></inline-formula>. According to our experimental results, most of the CV-QKD detection networks can be deceived by launching one-pixel attacks.
ISSN:2304-6732

Similar Items