Controlled Steering-Based State Preparation for Adversarial-Robust Quantum Machine Learning

TL;DR

This paper introduces a passive steering-based state preparation method to enhance adversarial robustness in quantum machine learning models, significantly improving their resistance to gradient-based attacks.

Contribution

It proposes a novel passive steering technique for quantum state encoding that suppresses adversarial perturbations without sacrificing accuracy.

Findings

Improves adversarial accuracy by up to 40.19% across models and datasets.

Maintains high clean accuracy while enhancing robustness.

Demonstrates effectiveness against gradient-based adversarial attacks.

Abstract

Quantum machine learning (QML) provides a promising framework for leveraging quantum-mechanical effects in learning tasks. However, its vulnerability to adversarial perturbations remains a major challenge for practical deployment. In QML systems, small perturbations applied to classical inputs can propagate through the quantum encoding stage and distort the resulting quantum state, thereby degrading model performance. In this work, we propose a defense mechanism that replaces the conventional quantum encoding stage of a QML model with passive steering-based controlled state preparation, which guides the encoded state toward a controlled intermediate state. By tuning the steering strength and the number of steering iterations, the proposed method suppresses the influence of adversarial perturbations while maintaining high clean accuracy and improving adversarial accuracy. Experimental results demonstrate that the passive steering-based defense consistently improves adversarial accuracy across different QML models and datasets under gradient-based adversarial attacks, achieving adversarial accuracy improvements of up to 40.19%.