Defence against adversarial attacks using classical and quantum-enhanced Boltzmann machines

TL;DR

This paper demonstrates that Boltzmann machines, especially when quantum-enhanced, can serve as robust classifiers against adversarial attacks, outperforming traditional methods on MNIST with potential quantum advantages.

Contribution

The study introduces Boltzmann machines as attack-resistant classifiers and explores quantum-enhanced sampling, showing improved robustness and highlighting quantum computing's practical benefits.

Findings

Boltzmann machines improve adversarial robustness by 5-72% on MNIST.

Quantum-enhanced sampling yields comparable or marginally better results than classical methods.

Probabilistic models and quantum computing can enhance neural network robustness.

Abstract

We provide a robust defence to adversarial attacks on discriminative algorithms. Neural networks are naturally vulnerable to small, tailored perturbations in the input data that lead to wrong predictions. On the contrary, generative models attempt to learn the distribution underlying a dataset, making them inherently more robust to small perturbations. We use Boltzmann machines for discrimination purposes as attack-resistant classifiers, and compare them against standard state-of-the-art adversarial defences. We find improvements ranging from 5% to 72% against attacks with Boltzmann machines on the MNIST dataset. We furthermore complement the training with quantum-enhanced sampling from the D-Wave 2000Q annealer, finding results comparable with classical techniques and with marginal improvements in some cases. These results underline the relevance of probabilistic methods in constructing neural networks and highlight a novel scenario of practical relevance where quantum computers, even with limited hardware capabilites, could provide advantages over classical computers. This work is dedicated to the memory of Peter Wittek.