What problem does this paper attempt to address?

The problem that this paper attempts to solve is the security and robustness of hybrid classical - quantum neural networks (HQNNs) in the face of back - door attacks. Specifically, the researchers hope to explore the following aspects: 1. **Robustness evaluation of HQNNs**: - By introducing two classical back - door attack methods (i.e., patch - trigger attack and hybrid - trigger attack), study the robustness of HQNNs under different trigger settings. - The experimental results show that HQNNs are more robust than traditional convolutional neural networks (CNNs), and more significant image modifications are required to successfully launch an attack. 2. **Proposal of Qcolor back - door attack**: - A new back - door attack method - Qcolor back - door attack is proposed, which uses color shift as a trigger and uses the non - dominated sorting genetic algorithm II (NSGA - II) to optimize hyper - parameters to ensure the effectiveness and stealth of the attack. - The Qcolor back - door attack generates trigger images by adjusting the ratios of the three RGB color channels, making the trigger images visually similar to clean images but can be recognized as a specific category by HQNN. 3. **Theoretical analysis and experimental verification**: - Provide theoretical analysis on HQNNs back - door attacks, including the derivation of generalization lower bounds and minimum perturbation requirements. - Through extensive experiments, verify the robustness of HQNNs against back - door attacks, and demonstrate the effectiveness, stealth, and robustness of the Qcolor back - door attack. ### Main contributions - **Framework and theoretical analysis**: Provide the framework and theoretical analysis of HQNNs back - door attacks, and systematically explore the robustness of HQNNs against back - door attacks. - **Qcolor back - door attack**: Propose a new back - door attack method - Qcolor back - door attack. By adjusting the color channel ratios and using NSGA - II to optimize hyper - parameters, ensure the effectiveness and stealth of the attack. - **Defense evaluation**: Evaluate the robustness of the Qcolor back - door attack against three state - of - the - art back - door defense methods (STRIP, Neural Cleanse, and Fine - Pruning). ### Formula summary 1. **Training objective function**: \[ \min_{\theta_C, \theta_Q} \left( \sum_{(x,y) \in D} L_c(f_{HQ}(x; \theta_C, \theta_Q), y) + \lambda \sum_{(x', y_t) \in D_t} L_t(f_{HQ}(x'; \theta_C, \theta_Q), y_t) \right) \] 2. **Gradient update**: \[ \theta \leftarrow \theta - \eta (\nabla_\theta L_c + \lambda \nabla_\theta L_t) \] 3. **Generalization error lower bound**: \[ R_t(f_{HQ}) \geq \hat{R}_t(f_{HQ}) - B \sqrt{\frac{2m}{r} \ln \frac{2}{\delta}} + L_t \delta \|z\| \] 4. **Minimum perturbation intensity**: \[ \|\delta\| \geq c^{-1}(\epsilon) \] Through these formulas and experiments, the researchers not only reveal the robustness of HQNNs in the face of back - door attacks, but also propose effective attack methods and defense strategies, providing an important reference for the security research of quantum machine learning.