Defence against adversarial attacks using classical and quantum-enhanced Boltzmann machines
This work provides a more robust defense against adversarial attacks for users of discriminative algorithms, offering a notable improvement over existing state-of-the-art defenses.
This paper addresses the vulnerability of neural networks to adversarial attacks by employing Boltzmann machines as attack-resistant classifiers. They achieved improvements ranging from 5% to 72% against attacks on the MNIST dataset, and also explored quantum-enhanced sampling which yielded comparable or marginally better results.
We provide a robust defence to adversarial attacks on discriminative algorithms. Neural networks are naturally vulnerable to small, tailored perturbations in the input data that lead to wrong predictions. On the contrary, generative models attempt to learn the distribution underlying a dataset, making them inherently more robust to small perturbations. We use Boltzmann machines for discrimination purposes as attack-resistant classifiers, and compare them against standard state-of-the-art adversarial defences. We find improvements ranging from 5% to 72% against attacks with Boltzmann machines on the MNIST dataset. We furthermore complement the training with quantum-enhanced sampling from the D-Wave 2000Q annealer, finding results comparable with classical techniques and with marginal improvements in some cases. These results underline the relevance of probabilistic methods in constructing neural networks and highlight a novel scenario of practical relevance where quantum computers, even with limited hardware capabilites, could provide advantages over classical computers. This work is dedicated to the memory of Peter Wittek.