A quantum active learning algorithm for sampling against adversarial attacks

TL;DR

This paper introduces a quantum active learning algorithm designed to enhance robustness against adversarial attacks by efficiently sampling data points, leveraging quantum computing for exponential speedup over classical methods.

Contribution

It presents a novel quantum active learning framework that efficiently estimates class distances to improve adversarial robustness, with a complexity that offers exponential speedup over classical algorithms.

Findings

Quantum algorithm achieves polylogarithmic complexity in data dimension and size.

Provides a method to estimate class distances for robustness guarantees.

Potential for exponential speedup in adversarial machine learning tasks.

Abstract

Adversarial attacks represent a serious menace for learning algorithms and may compromise the security of future autonomous systems. A theorem by Khoury and Hadfield-Menell (KH), provides sufficient conditions to guarantee the robustness of machine learning algorithms, but comes with a caveat: it is crucial to know the smallest distance among the classes of the corresponding classification problem. We propose a theoretical framework that allows us to think of active learning as sampling the most promising new points to be classified, so that the minimum distance between classes can be found and the theorem KH used. Additionally, we introduce a quantum active learning algorithm that makes use of such framework and whose complexity is polylogarithmic in the dimension of the space, $m$, and the size of the initial training data $n$, provided the use of qRAMs; and polynomial in the precision, achieving an exponential speedup over the equivalent classical algorithm in $n$ and $m$. This algorithm may be nevertheless `dequantized' reducing the advantage to polynomial.