Defending Quantum Classifiers against Adversarial Perturbations through Quantum Autoencoders

Problem
This paper addresses the vulnerability of quantum classifiers to adversarial perturbations, a gap in the literature concerning the robustness of quantum machine learning models. While existing defenses, such as adversarial training, have shown promise, they are limited in scenarios where adversarial samples cannot be incorporated into the training process or where overfitting to specific attack types occurs. This work is presented as a preprint and has not yet undergone peer review.

Method
The authors propose a novel defense framework that leverages quantum autoencoders to purify adversarial samples through a reconstruction process. The architecture consists of a quantum autoencoder that encodes input data into a latent space and subsequently reconstructs it, aiming to mitigate the effects of adversarial noise. The framework also includes a confidence metric to assess the likelihood of a sample being adversarial, which aids in identifying samples that cannot be effectively purified. The training compute details are not disclosed, but the approach is designed to operate without the need for adversarial training, thus circumventing the limitations of existing methods.

Results
The proposed framework demonstrates significant improvements in prediction accuracy when evaluated against state-of-the-art defenses on adversarially perturbed datasets. Specifically, the authors report an increase in accuracy of up to 68% under adversarial attacks, compared to baseline models that do not utilize the quantum autoencoder. The paper provides quantitative comparisons against named baselines, although specific baseline models and datasets are not detailed in the summary.

Limitations
The authors acknowledge that their approach may not generalize to all types of adversarial attacks, particularly those that are highly sophisticated or tailored to exploit specific weaknesses in the quantum autoencoder. Additionally, the reliance on quantum computing infrastructure may limit the accessibility and scalability of the proposed method. The paper does not address the computational overhead associated with the quantum autoencoder’s training and inference processes, which could be a significant factor in practical applications.

Why it matters
This work has implications for the development of robust quantum machine learning systems, particularly in fields where adversarial attacks pose a significant risk, such as image classification and security-sensitive applications. By providing a defense mechanism that does not rely on adversarial training, the framework opens avenues for further research into quantum resilience against adversarial perturbations. It also highlights the potential of quantum autoencoders as a tool for enhancing the robustness of quantum classifiers, paving the way for future explorations into hybrid classical-quantum defense strategies.

Authors: Emma Andrews, Sahan Sanjaya, Prabhat Mishra
Source: arXiv:2604.28176
URL: https://arxiv.org/abs/2604.28176v1