Quantum Patches: Enhancing Robustness of Quantum Machine Learning Models

TL;DR

This paper introduces a quantum-based pseudo-noise method using random quantum circuits to improve the robustness of quantum machine learning models against adversarial attacks, significantly reducing attack success rates.

Contribution

It proposes leveraging quantum circuit properties to generate adversarial-like data, enhancing QML model robustness against attacks on datasets like CIFAR-10 and CINIC-10.

Findings

Attack success rate on CIFAR-10 reduced from 89.8% to 68.45%.

Attack success rate on CINIC-10 reduced from 94.23% to 78.68%.

Quantum pseudo-noise mimics adversarial data effectively.

Abstract

Machine learning models and their applications, such as autonomous driving systems, are becoming increasingly common and are essential components of human daily life. However, due to their sensitivity to perturbed noise, these models are easily susceptible to adversarial attacks. Not only are classical machine learning models affected, but quantum machine learning (QML) models have also been proven to be vulnerable to adversarial attacks, which degrade their performance. To defend against these types of attacks, several classical methods have been proposed. Among these, a prominent approach uses various types of pseudo-noise during training to enhance the model's robustness against real-world attacks. One of the recently emerging solutions is to leverage the unique properties of quantum circuits to create quantum-based pseudo-noise similar to real perturbed noise to counter adversarial attacks. This paper proposes a solution that utilizes random quantum circuits (RQCs) as adversarial data to help QML models overcome these adversarial attacks. The results reported in this paper show that the data generated by RQC actually provides a similar effect to models trained with adversarial data on high-feature datasets. This quantum-based pseudo-noise resulted in a significant reduction in the attack rate in the CIFAR-10 data set, from \textbf{89. 8\%} to \textbf{68.45\%}. For the CINIC-10 dataset, the successful attack rate decreased from \textbf{94.23\%} to \textbf{78.68\%}. This research opens up avenues for applying unique quantum properties, such as superposition, entanglement, and even decoherence, to enhance the quality of machine learning models.