Controlled Steering-Based State Preparation for Adversarial-Robust Quantum Machine Learning
For QML practitioners, this provides a defense against adversarial perturbations, though it is an incremental improvement over existing encoding methods.
The paper addresses adversarial vulnerability in quantum machine learning by replacing standard quantum encoding with passive steering-based controlled state preparation. The method improves adversarial accuracy by up to 40.19% across models and datasets.
Quantum machine learning (QML) provides a promising framework for leveraging quantum-mechanical effects in learning tasks. However, its vulnerability to adversarial perturbations remains a major challenge for practical deployment. In QML systems, small perturbations applied to classical inputs can propagate through the quantum encoding stage and distort the resulting quantum state, thereby degrading model performance. In this work, we propose a defense mechanism that replaces the conventional quantum encoding stage of a QML model with passive steering-based controlled state preparation, which guides the encoded state toward a controlled intermediate state. By tuning the steering strength and the number of steering iterations, the proposed method suppresses the influence of adversarial perturbations while maintaining high clean accuracy and improving adversarial accuracy. Experimental results demonstrate that the passive steering-based defense consistently improves adversarial accuracy across different QML models and datasets under gradient-based adversarial attacks, achieving adversarial accuracy improvements of up to 40.19%.