Quantum Adversarial Machine Learning

TL;DR

This paper investigates the vulnerability of quantum machine learning systems to adversarial attacks, demonstrating that quantum classifiers can be deceived by imperceptible perturbations across various data types and proposing defense strategies.

Contribution

It is the first comprehensive study showing quantum classifiers are susceptible to adversarial examples and offers practical defense methods for quantum machine learning security.

Findings

Quantum classifiers are vulnerable to adversarial examples.

Adversarial attacks affect classical and quantum data alike.

Defense strategies can mitigate adversarial threats in quantum systems.

Abstract

Adversarial machine learning is an emerging field that focuses on studying vulnerabilities of machine learning approaches in adversarial settings and developing techniques accordingly to make learning robust to adversarial manipulations. It plays a vital role in various machine learning applications and has attracted tremendous attention across different communities recently. In this paper, we explore different adversarial scenarios in the context of quantum machine learning. We find that, similar to traditional classifiers based on classical neural networks, quantum learning systems are likewise vulnerable to crafted adversarial examples, independent of whether the input data is classical or quantum. In particular, we find that a quantum classifier that achieves nearly the state-of-the-art accuracy can be conclusively deceived by adversarial examples obtained via adding imperceptible perturbations to the original legitimate samples. This is explicitly demonstrated with quantum adversarial learning in different scenarios, including classifying real-life images (e.g., handwritten digit images in the dataset MNIST), learning phases of matter (such as, ferromagnetic/paramagnetic orders and symmetry protected topological phases), and classifying quantum data. Furthermore, we show that based on the information of the adversarial examples at hand, practical defense strategies can be designed to fight against a number of different attacks. Our results uncover the notable vulnerability of quantum machine learning systems to adversarial perturbations, which not only reveals a novel perspective in bridging machine learning and quantum physics in theory but also provides valuable guidance for practical applications of quantum classifiers based on both near-term and future quantum technologies.