Related papers: On the Generalization of Adversarially Trained Quantum Classifiers

On the Generalization of Adversarially Trained Quantum Classifiers

URL: http://arxiv.org/abs/2504.17690v1
Date: Thu, 24 Apr 2025 15:59:55 GMT
Title: On the Generalization of Adversarially Trained Quantum Classifiers
Authors: Petros Georgiou, Aaron Mark Thomas, Sharu Theresa Jose, Osvaldo Simeone,
Abstract summary: In adversarial training, quantum classifiers are trained by using an attack-aware, adversarial loss function.<n>This work establishes novel bounds on the generalization error of adversarially trained quantum classifiers when tested in the presence of perturbations.
Score: 32.48879688084909
License: http://creativecommons.org/licenses/by/4.0/
Abstract: Quantum classifiers are vulnerable to adversarial attacks that manipulate their input classical or quantum data. A promising countermeasure is adversarial training, where quantum classifiers are trained by using an attack-aware, adversarial loss function. This work establishes novel bounds on the generalization error of adversarially trained quantum classifiers when tested in the presence of perturbation-constrained adversaries. The bounds quantify the excess generalization error incurred to ensure robustness to adversarial attacks as scaling with the training sample size $m$ as $1/\sqrt{m}$, while yielding insights into the impact of the quantum embedding. For quantum binary classifiers employing \textit{rotation embedding}, we find that, in the presence of adversarial attacks on classical inputs $\mathbf{x}$, the increase in sample complexity due to adversarial training over conventional training vanishes in the limit of high dimensional inputs $\mathbf{x}$. In contrast, when the adversary can directly attack the quantum state $\rho(\mathbf{x})$ encoding the input $\mathbf{x}$, the excess generalization error depends on the choice of embedding only through its Hilbert space dimension. The results are also extended to multi-class classifiers. We validate our theoretical findings with numerical experiments.

Related papers

Classical Autoencoder Distillation of Quantum Adversarial Manipulations [1.4598877063396687]
We report a new technique for the distillation of quantum manipulated image datasets by using classical autoencoders. Our work highlights a promising pathway to achieve fully robust quantum machine learning in both classical and quantum adversarial scenarios.
arXiv Detail & Related papers (2025-04-12T13:51:08Z)
Generalization Properties of Adversarial Training for $\ell_0$-Bounded Adversarial Attacks [47.22918498465056]
In this paper, we aim to theoretically characterize the performance of adversarial training for an important class of neural networks. Deriving a generalization in this setting has two main challenges.
arXiv Detail & Related papers (2024-02-05T22:57:33Z)
Adversarial Quantum Machine Learning: An Information-Theoretic Generalization Analysis [39.889087719322184]
We study the generalization properties of quantum classifiers adversarially trained against bounded-norm white-box attacks. We derive novel information-theoretic upper bounds on the generalization error of adversarially trained quantum classifiers.
arXiv Detail & Related papers (2024-01-31T21:07:43Z)
Enhancing Quantum Adversarial Robustness by Randomized Encodings [10.059889429655582]
We propose a scheme to protect quantum learning systems from adversarial attacks by randomly encoding the legitimate data samples. We prove that both global and local random unitary encoders lead to exponentially vanishing gradients. We show that random black-box quantum error correction encoders can protect quantum classifiers against local adversarial noises.
arXiv Detail & Related papers (2022-12-05T19:00:08Z)
Certified Robustness of Quantum Classifiers against Adversarial Examples through Quantum Noise [68.1992787416233]
We show that adding quantum random rotation noise can improve robustness in quantum classifiers against adversarial attacks. We derive a certified robustness bound to enable quantum classifiers to defend against adversarial examples.
arXiv Detail & Related papers (2022-11-02T05:17:04Z)
Benign Overfitting in Adversarially Robust Linear Classification [91.42259226639837]
"Benign overfitting", where classifiers memorize noisy training data yet still achieve a good generalization performance, has drawn great attention in the machine learning community. We show that benign overfitting indeed occurs in adversarial training, a principled approach to defend against adversarial examples.
arXiv Detail & Related papers (2021-12-31T00:27:31Z)
Qu-ANTI-zation: Exploiting Quantization Artifacts for Achieving Adversarial Outcomes [5.865029600972316]
Quantization is a technique that transforms the parameter representation of a neural network from floating-point numbers into lower-precision ones. We propose a new training framework to implement adversarial quantization outcomes. We show that a single compromised model defeats multiple quantization schemes.
arXiv Detail & Related papers (2021-10-26T10:09:49Z)
Universal Adversarial Examples and Perturbations for Quantum Classifiers [0.0]
We study the universality of adversarial examples and perturbations for quantum classifiers. We prove that for a set of $k$ classifiers with each receiving input data of $n$ qubits, an $O(frac k 2n)$ increase of the perturbation strength is enough to ensure a moderate universal adversarial risk.
arXiv Detail & Related papers (2021-02-15T19:00:09Z)
Robustness, Privacy, and Generalization of Adversarial Training [84.38148845727446]
This paper establishes and quantifies the privacy-robustness trade-off and generalization-robustness trade-off in adversarial training. We show that adversarial training is $(varepsilon, delta)$-differentially private, where the magnitude of the differential privacy has a positive correlation with the robustified intensity. Our generalization bounds do not explicitly rely on the parameter size which would be large in deep learning.
arXiv Detail & Related papers (2020-12-25T13:35:02Z)
Defence against adversarial attacks using classical and quantum-enhanced Boltzmann machines [64.62510681492994]
generative models attempt to learn the distribution underlying a dataset, making them inherently more robust to small perturbations. We find improvements ranging from 5% to 72% against attacks with Boltzmann machines on the MNIST dataset.
arXiv Detail & Related papers (2020-12-21T19:00:03Z)

This list is automatically generated from the titles and abstracts of the papers in this site.