Deep neural networks remain highly vulnerable to adversarial perturbations, limiting their reliability in security- and safety-critical applications. To address this challenge, we introduce QShield, a modular hybrid quantum-classical neural network (HQCNN) architecture designed to enhance the adversarial robustness of classical deep learning models. QShield integrates a conventional convolutional neural network (CNN) backbone for feature extraction with a quantum processing module that encodes the extracted features into quantum states, applies structured entanglement operations under realistic noise models, and outputs a hybrid prediction through a dynamically weighted fusion mechanism implemented via a lightweight multilayer perceptron (MLP). We systematically evaluate both classical and hybrid quantum-classical models on the MNIST, OrganAMNIST, and CIFAR-10 datasets, using a comprehensive set of robustness, efficiency, and computational performance metrics. Our results demonstrate that classical models are highly vulnerable to adversarial attacks, whereas the proposed hybrid models with entanglement patterns maintain high predictive accuracy while substantially reducing attack success rates across a wide range of adversarial attacks. Furthermore, the proposed hybrid architecture significantly increased the computational cost required to generate adversarial examples, thereby introducing an additional layer of defense. These findings indicate that the proposed modular hybrid architecture achieves a practical balance between predictive accuracy and adversarial robustness, positioning it as a promising approach for secure and reliable machine learning in sensitive and safety-critical applications.

翻译：深度神经网络仍然极易受到对抗性扰动的影响，这限制了它们在安全和安保关键应用中的可靠性。为应对这一挑战，我们引入了QShield，一种模块化的混合量子-经典神经网络（HQCNN）架构，旨在增强经典深度学习模型的对抗鲁棒性。QShield集成了一种传统的卷积神经网络（CNN）主干用于特征提取，以及一个量子处理模块，该模块将提取的特征编码为量子态，在现实噪声模型下应用结构化纠缠操作，并通过一个轻量级多层感知器（MLP）实现的动态加权融合机制输出混合预测。我们在MNIST、OrganAMNIST和CIFAR-10数据集上系统评估了经典模型和混合量子-经典模型，使用了全面的鲁棒性、效率和计算性能指标。结果表明，经典模型极易受到对抗性攻击，而所提出的具有纠缠模式的混合模型在保持高预测精度的同时，显著降低了广泛对抗性攻击的成功率。此外，所提出的混合架构大幅增加了生成对抗示例所需的计算成本，从而引入了额外的防御层。这些发现表明，所提出的模块化混合架构在预测精度和对抗鲁棒性之间实现了实际平衡，使其成为在敏感和安全关键应用中实现安全可靠机器学习的一种有前景的方法。