Related papers: Adversarial Quantum Machine Learning: An Information-Theoretic Generalization Analysis

Adversarial Quantum Machine Learning: An Information-Theoretic Generalization Analysis

URL: http://arxiv.org/abs/2402.00176v2
Date: Thu, 15 Feb 2024 13:18:04 GMT
Title: Adversarial Quantum Machine Learning: An Information-Theoretic Generalization Analysis
Authors: Petros Georgiou, Sharu Theresa Jose and Osvaldo Simeone
Abstract summary: We study the generalization properties of quantum classifiers adversarially trained against bounded-norm white-box attacks. We derive novel information-theoretic upper bounds on the generalization error of adversarially trained quantum classifiers.
Score: 39.889087719322184
License: http://creativecommons.org/licenses/by/4.0/
Abstract: In a manner analogous to their classical counterparts, quantum classifiers are vulnerable to adversarial attacks that perturb their inputs. A promising countermeasure is to train the quantum classifier by adopting an attack-aware, or adversarial, loss function. This paper studies the generalization properties of quantum classifiers that are adversarially trained against bounded-norm white-box attacks. Specifically, a quantum adversary maximizes the classifier's loss by transforming an input state $\rho(x)$ into a state $\lambda$ that is $\epsilon$-close to the original state $\rho(x)$ in $p$-Schatten distance. Under suitable assumptions on the quantum embedding $\rho(x)$, we derive novel information-theoretic upper bounds on the generalization error of adversarially trained quantum classifiers for $p = 1$ and $p = \infty$. The derived upper bounds consist of two terms: the first is an exponential function of the 2-R\'enyi mutual information between classical data and quantum embedding, while the second term scales linearly with the adversarial perturbation size $\epsilon$. Both terms are shown to decrease as $1/\sqrt{T}$ over the training set size $T$ . An extension is also considered in which the adversary assumed during training has different parameters $p$ and $\epsilon$ as compared to the adversary affecting the test inputs. Finally, we validate our theoretical findings with numerical experiments for a synthetic setting.

Related papers

Universal scaling laws in quantum-probabilistic machine learning by tensor network towards interpreting representation and generalization powers [0.0]
This work contributes to uncovering the emergence of universal scaling laws in quantum-probabilistic ML. We take the generative tensor network (GTN) in the form of a matrix product state as an example. We show that with an untrained GTN, the negative logarithmic likelihood (NLL) $L$ generally increases linearly with the number of features.
arXiv Detail & Related papers (2024-10-13T02:48:08Z)
Rank lower bounds on non-local quantum computation [0.0]
A non-local quantum computation (NLQC) replaces an interaction between two quantum systems with a single round of communication and shared entanglement. We study two classes of NLQC, $f$-routing and $f$-BB84, which are of relevance to classical information theoretic cryptography and quantum position-verification.
arXiv Detail & Related papers (2024-02-28T19:00:09Z)
Towards large-scale quantum optimization solvers with few qubits [59.63282173947468]
We introduce a variational quantum solver for optimizations over $m=mathcalO(nk)$ binary variables using only $n$ qubits, with tunable $k>1$. We analytically prove that the specific qubit-efficient encoding brings in a super-polynomial mitigation of barren plateaus as a built-in feature.
arXiv Detail & Related papers (2024-01-17T18:59:38Z)
More Optimal Simulation of Universal Quantum Computers [0.0]
Worst-case sampling cost has plateaued at $le(2+sqrt2)xi_t delta-1$ in the limit that $t rightarrow infty$. We reduce this prefactor 68-fold by a leading-order reduction in $t$ through correlated sampling.
arXiv Detail & Related papers (2022-02-02T19:00:03Z)
F-Divergences and Cost Function Locality in Generative Modelling with Quantum Circuits [0.0]
We consider training a quantum circuit Born machine using $f$-divergences. We introduce two algorithms which demonstrably improve the training of the Born machine. We discuss the long-term implications of quantum devices for computing $f$-divergences.
arXiv Detail & Related papers (2021-10-08T17:04:18Z)
Understanding the Under-Coverage Bias in Uncertainty Estimation [58.03725169462616]
quantile regression tends to emphunder-cover than the desired coverage level in reality. We prove that quantile regression suffers from an inherent under-coverage bias. Our theory reveals that this under-coverage bias stems from a certain high-dimensional parameter estimation error.
arXiv Detail & Related papers (2021-06-10T06:11:55Z)
Towards an Understanding of Benign Overfitting in Neural Networks [104.2956323934544]
Modern machine learning models often employ a huge number of parameters and are typically optimized to have zero training loss. We examine how these benign overfitting phenomena occur in a two-layer neural network setting. We show that it is possible for the two-layer ReLU network interpolator to achieve a near minimax-optimal learning rate.
arXiv Detail & Related papers (2021-06-06T19:08:53Z)
Provable Robustness of Adversarial Training for Learning Halfspaces with Noise [95.84614821570283]
We analyze the properties of adversarial learning adversarially robust halfspaces in the presence of label noise. To the best of our knowledge, this is the first work to show that adversarial training prov yields classifiers in noise.
arXiv Detail & Related papers (2021-04-19T16:35:38Z)
Generalization in Quantum Machine Learning: a Quantum Information Perspective [0.0]
We show how different properties of $Q$ affect classification accuracy and generalization. We introduce a quantum version of the Information Bottleneck principle that allows us to explore the various tradeoffs between accuracy and generalization.
arXiv Detail & Related papers (2021-02-17T19:35:21Z)
Towards Defending Multiple $\ell_p$-norm Bounded Adversarial Perturbations via Gated Batch Normalization [120.99395850108422]
Existing adversarial defenses typically improve model robustness against individual specific perturbations. Some recent methods improve model robustness against adversarial attacks in multiple $ell_p$ balls, but their performance against each perturbation type is still far from satisfactory. We propose Gated Batch Normalization (GBN) to adversarially train a perturbation-invariant predictor for defending multiple $ell_p bounded adversarial perturbations.
arXiv Detail & Related papers (2020-12-03T02:26:01Z)

This list is automatically generated from the titles and abstracts of the papers in this site.