Quantum Neural Networks under Depolarization Noise: Exploring White-Box Attacks and Defenses

TL;DR

This paper investigates how depolarization noise affects the robustness of quantum neural networks against adversarial attacks, revealing that noise does not always enhance security and can sometimes diminish it.

Contribution

It provides new insights into the complex relationship between depolarization noise and adversarial robustness in quantum machine learning, challenging previous assumptions.

Findings

Depolarization noise does not always improve adversarial robustness.

Adding noise can diminish robustness in multi-class quantum classifiers.

Experimental validation on gate-based quantum simulators supports the findings.

Abstract

Leveraging the unique properties of quantum mechanics, Quantum Machine Learning (QML) promises computational breakthroughs and enriched perspectives where traditional systems reach their boundaries. However, similarly to classical machine learning, QML is not immune to adversarial attacks. Quantum adversarial machine learning has become instrumental in highlighting the weak points of QML models when faced with adversarial crafted feature vectors. Diving deep into this domain, our exploration shines light on the interplay between depolarization noise and adversarial robustness. While previous results enhanced robustness from adversarial threats through depolarization noise, our findings paint a different picture. Interestingly, adding depolarization noise discontinued the effect of providing further robustness for a multi-class classification scenario. Consolidating our findings, we conducted experiments with a multi-class classifier adversarially trained on gate-based quantum simulators, further elucidating this unexpected behavior.