A black-box attack method of machine learning algorithms based on quantum autoencoders

Currently, researchers have conducted extensive studies on adversarial attacks in the field of machine learning. With the development of quantum computing technology, quantum computing has provided new ideas and methods for implementing machine learning algorithms. Meanwhile, the issue of adversaria...

Celý popis

Uloženo v:
Podrobná bibliografie
Vydáno v:Physica A Ročník 680; s. 131033
Hlavní autoři: Tan, Dong, Yan, Lili, Zhao, Jiayu, Chang, Yan, Zhang, Shibin
Médium: Journal Article
Jazyk:angličtina
Vydáno: Elsevier B.V 15.12.2025
Témata:
Adversarial samples
Few queries
Quantum autoencoders
Quantum machine learning
Quantum machine learning
Quantum autoencoders
Adversarial samples
Few queries
ISSN:0378-4371
On-line přístup:Získat plný text
Tagy: Přidat tag
Žádné tagy, Buďte první, kdo vytvoří štítek k tomuto záznamu!
Abstract Currently, researchers have conducted extensive studies on adversarial attacks in the field of machine learning. With the development of quantum computing technology, quantum computing has provided new ideas and methods for implementing machine learning algorithms. Meanwhile, the issue of adversarial attacks in quantum machine learning has increasingly become a research hotspot. This paper proposes a new black-box attack method against quantum machine learning models based on a quantum autoencoder (QAE). The method first obtains a basic dataset through a small number of queries to the model, then expands this basic dataset to obtain a training dataset. The training dataset is used to train a surrogate model to generate adversarial examples, and then the transferability of the adversarial examples is utilized to launch attacks, ultimately achieving a black-box attack on the target model. Experiments show that the proposed method only requires 20 queries to the target model. Based on the results of these queries, the quantum autoencoder can be used to expand the basic dataset, and the accuracy of the surrogate model for attacking the target model is improved by 8% on the generated test set. Moreover, compared with the deep convolutional generative adversarial network (DCGAN) model, this method can achieve faster fitting. After training, the effectiveness of transfer based attacks on the surrogate model only decreases by less than 20% under strong perturbation conditions, and under certain conditions, the attack effect on the target model is stronger than that on the surrogate model itself. In addition, using the surrogate model to attack another quantum neural network model also achieves similar effects to those on the target model, thereby further verifying the universality of the proposed attack method. •Proposes a quantum autoencoder-based black-box attack method effective with minimal queries.•Achieves high attack success with only a few queries by enhancing decision boundary similarity.•Quantum-generated data improves attack stealth and effectiveness over traditional methods.•Adversarial examples show strong transferability between quantum models under interference.•Attack method demonstrates broad applicability across diverse quantum neural networks.
AbstractList Currently, researchers have conducted extensive studies on adversarial attacks in the field of machine learning. With the development of quantum computing technology, quantum computing has provided new ideas and methods for implementing machine learning algorithms. Meanwhile, the issue of adversarial attacks in quantum machine learning has increasingly become a research hotspot. This paper proposes a new black-box attack method against quantum machine learning models based on a quantum autoencoder (QAE). The method first obtains a basic dataset through a small number of queries to the model, then expands this basic dataset to obtain a training dataset. The training dataset is used to train a surrogate model to generate adversarial examples, and then the transferability of the adversarial examples is utilized to launch attacks, ultimately achieving a black-box attack on the target model. Experiments show that the proposed method only requires 20 queries to the target model. Based on the results of these queries, the quantum autoencoder can be used to expand the basic dataset, and the accuracy of the surrogate model for attacking the target model is improved by 8% on the generated test set. Moreover, compared with the deep convolutional generative adversarial network (DCGAN) model, this method can achieve faster fitting. After training, the effectiveness of transfer based attacks on the surrogate model only decreases by less than 20% under strong perturbation conditions, and under certain conditions, the attack effect on the target model is stronger than that on the surrogate model itself. In addition, using the surrogate model to attack another quantum neural network model also achieves similar effects to those on the target model, thereby further verifying the universality of the proposed attack method. •Proposes a quantum autoencoder-based black-box attack method effective with minimal queries.•Achieves high attack success with only a few queries by enhancing decision boundary similarity.•Quantum-generated data improves attack stealth and effectiveness over traditional methods.•Adversarial examples show strong transferability between quantum models under interference.•Attack method demonstrates broad applicability across diverse quantum neural networks.
ArticleNumber 131033
Author Zhao, Jiayu
Zhang, Shibin
Chang, Yan
Yan, Lili
Tan, Dong
Author_xml – sequence: 1
  givenname: Dong
  surname: Tan
  fullname: Tan, Dong
– sequence: 2
  givenname: Lili
  surname: Yan
  fullname: Yan, Lili
  email: yanlili@cuit.edu.cn
– sequence: 3
  givenname: Jiayu
  surname: Zhao
  fullname: Zhao, Jiayu
– sequence: 4
  givenname: Yan
  surname: Chang
  fullname: Chang, Yan
– sequence: 5
  givenname: Shibin
  surname: Zhang
  fullname: Zhang, Shibin
BookMark eNp9kL1OwzAUhT0UibbwBCx-gQT_JHEyMFQVf1IlFmC1HPumcUnsYruIvj0pZWY6dzjf1dG3QDPnHSB0Q0lOCa1ud_m-P0aVM8LKnHJKOJ-hOeGizgou6CVaxLgjhFDB2Ry9r3A7KP2Rtf4bq5SmE4-Qem-w7_CodG8d4AFUcNZtsRq2PtjUjxG3KsJUcvjzoFw6jFgdkgenvYEQr9BFp4YI13-5RG8P96_rp2zz8vi8Xm0yzcoyZVAbUVFRG9pUXctVxbuOmQbKAoAVrDSiKduWm1Zw2lHDtIC6JKZQomiEKihfIn7-q4OPMUAn98GOKhwlJfKkQ-7krw550iHPOibq7kzBNO3LQpBR22k6GBtAJ2m8_Zf_AVEsbr4
Cites_doi 10.1103/PhysRevLett.117.130501
10.1103/PhysRevApplied.16.024051
10.1007/s10489-022-04175-y
10.1016/j.media.2019.101552
10.1145/3052973.3053009
10.1088/1367-2630/ab976f
10.1109/COMST.2020.2975048
10.1109/ICTC49870.2020.9289439
10.1007/s42484-021-00061-x
10.1109/TIFS.2020.3021899
10.1016/j.neucom.2019.08.083
10.1103/PhysRevA.101.062331
10.1038/s42254-021-00348-9
10.1103/PhysRevResearch.6.023020
10.1063/PT.3.4164
10.1109/SP.2017.49
10.3390/a18030156
10.1103/PhysRevLett.124.130502
10.1007/s10462-022-10188-3
10.1088/2058-9565/aa8072
10.1038/nature23474
10.1109/ICCV.2017.153
10.1007/s10462-021-10072-6
10.1145/3422622
10.1088/2058-9565/aada1f
10.1016/j.patcog.2018.07.023
10.1103/PhysRevResearch.2.033212
10.1103/PhysRevA.101.032308
10.1038/s41567-019-0648-8
10.1109/TIFS.2023.3307908
ContentType Journal Article
Copyright 2025 Elsevier B.V.
Copyright_xml – notice: 2025 Elsevier B.V.
DBID AAYXX
CITATION
DOI 10.1016/j.physa.2025.131033
DatabaseName CrossRef
DatabaseTitle CrossRef
DatabaseTitleList
DeliveryMethod fulltext_linktorsrc
Discipline Physics
ExternalDocumentID 10_1016_j_physa_2025_131033
S0378437125006855
GroupedDBID --K
--M
-DZ
-~X
.~1
0R~
1B1
1RT
1~.
1~5
4.4
457
4G.
7-5
71M
8P~
9JN
9JO
AABNK
AAEDT
AAEDW
AAIKJ
AAKOC
AALRI
AAOAW
AAPFB
AAQFI
AATTM
AAXKI
AAXUO
AAYWO
ABAOU
ABJNI
ABMAC
ABNEU
ACDAQ
ACFVG
ACGFS
ACLOT
ACNCT
ACRLP
ADBBV
ADEZE
ADFHU
ADGUI
AEBSH
AEIPS
AEKER
AEYQN
AFFNX
AFJKZ
AFTJW
AGHFR
AGTHC
AGUBO
AGYEJ
AHHHB
AIEXJ
AIGVJ
AIIAU
AIIUN
AIKHN
AITUG
AIVDX
ALMA_UNASSIGNED_HOLDINGS
AMRAJ
ANKPU
APXCP
ARUGR
AXJTR
AXLSJ
BKOJK
BLXMC
EBS
EFJIC
EFKBS
EFLBG
EO8
EO9
EP2
EP3
F5P
FDB
FIRID
FNPLU
FYGXN
G-Q
GBLVA
IHE
J1W
K-O
KOM
M38
M41
MHUIS
MO0
N9A
O-L
O9-
OAUVE
OGIMB
OZT
P-8
P-9
P2P
PC.
Q38
RNS
ROL
RPZ
SDF
SDG
SDP
SES
SEW
SPC
SPCBC
SPD
SSB
SSF
SSQ
SSW
SSZ
T5K
TN5
TWZ
WH7
XPP
YNT
ZMT
~02
~G-
~HD
29O
5VS
6TJ
9DU
AAFFL
AAQXK
AAYXX
ABFNM
ABWVN
ABXDB
ACNNM
ACROA
ACRPL
ADMUD
ADNMO
ADVLN
AFODL
AGQPQ
AJWLA
ASPBG
AVWKF
AZFZN
BBWZM
BEHZQ
BEZPJ
BGSCR
BNTGB
BPUDD
BULVW
BZJEE
CITATION
EJD
FEDTE
FGOYB
HMV
HVGLF
HZ~
MVM
NDZJH
R2-
SPG
VOH
WUQ
XOL
YYP
ZY4
ID FETCH-LOGICAL-c255t-e8d76178d196fb3a63ff2d9e54ee2425d795bb3db731f1d2c7e850d4a7497a413
ISICitedReferencesCount 0
ISICitedReferencesURI http://www.webofscience.com/api/gateway?GWVersion=2&SrcApp=Summon&SrcAuth=ProQuest&DestLinkType=CitingArticles&DestApp=WOS_CPL&KeyUT=001598760300002&url=https%3A%2F%2Fcvtisr.summon.serialssolutions.com%2F%23%21%2Fsearch%3Fho%3Df%26include.ft.matches%3Dt%26l%3Dnull%26q%3D
ISSN 0378-4371
IngestDate Sat Nov 29 06:51:27 EST 2025
Sat Nov 29 17:06:35 EST 2025
IsPeerReviewed true
IsScholarly true
Keywords Quantum machine learning
Quantum autoencoders
Adversarial samples
Few queries
Language English
LinkModel OpenURL
MergedId FETCHMERGED-LOGICAL-c255t-e8d76178d196fb3a63ff2d9e54ee2425d795bb3db731f1d2c7e850d4a7497a413
ParticipantIDs crossref_primary_10_1016_j_physa_2025_131033
elsevier_sciencedirect_doi_10_1016_j_physa_2025_131033
PublicationCentury 2000
PublicationDate 2025-12-15
PublicationDateYYYYMMDD 2025-12-15
PublicationDate_xml – month: 12
  year: 2025
  text: 2025-12-15
  day: 15
PublicationDecade 2020
PublicationTitle Physica A
PublicationYear 2025
Publisher Elsevier B.V
Publisher_xml – name: Elsevier B.V
References Schuld, Bocharov, Svore, Wiebe (b45) 2020; 101
C. Szegedy, W. Zaremba, I. Sutskever, J. Bruna, D. Erhan, I. Goodfellow, R. Fergus, Intriguing properties of neural networks, in: 2nd International Conference on Learning Representations, ICLR 2014 - Conference Track Proceedings, 2014.
Biggio, Roli (b8) 2018; 84
A. Radford, L. Metz, S. Chintala, Unsupervised representation learning with deep convolutional generative adversarial networks, in: 4th International Conference on Learning Representations, ICLR 2016 - Conference Track Proceedings, 2016.
Q. Niyaz, W. Sun, A. Y. Javaid, M. Alam, A deep learning approach for network intrusion detection system, in: EAI International Conference on Bio-Inspired Information and Communications Technologies, BICT, 2015.
S. Oh, J. Choi, J. Kim, A Tutorial on Quantum Convolutional Neural Networks (QCNN), in: International Conference on ICT Convergence, 2020, pp. 236–239.
Chakraborty, Alam, Dey, Chattopadhyay, Mukhopadhyay (b7) 2018
N. Papernot, P. McDaniel, I. Goodfellow, S. Jha, Z. B. Celik, A. Swami, Practical black-box attacks against machine learning, in: Proceedings of the 2017 ACM on Asia Conference on Computer and Communications Security, 2017.
Gong, Yuan, Li, Deng (b29) 2024; 6
Zhang, Avrithis, Furon, Amsaleg (b16) 2021; 16
Rebentrost, Mohseni, Lloyd (b47) 2014; 113
Li, Lu, Deng (b6) 2022
Biamonte, Wittek, Pancotti, Rebentrost, Wiebe, Lloyd (b1) 2017; 549
Cerezo, Arrasmith, Babbush, Benjamin, Endo, Fujii, McClean, Mitarai, Yuan, Cincio, Coles (b53) 2021; 3
Li, Ji, Han, Ji, Ren, Liu, Wu (b20) 2021; 18
Solorio-Fernández, Carrasco-Ochoa, Martínez-Trinidad (b37) 2022; 55
C. Xie, J. Wang, Z. Zhang, Y. Zhou, L. Xie, A. Yuille, Adversarial examples for semantic segmentation and object detection, in: Proceedings of the IEEE Conference on Computer Vision and Pattern Recognition, CVPR, 2017, pp. 1378–1387.
N. Carlini, D. Wagner, Towards Evaluating the Robustness of Neural Networks, in: Proceedings - IEEE Symposium on Security and Privacy, 2017, pp. 39–57.
Cong, Choi, Lukin (b32) 2019; 15
Li, Ma, Jiao (b39) 2015; 9
Qayyum, Usama, Qadir, Al-Fuqaha (b11) 2020; 22
Garcia-Cuesta, Aler, del Pozo-Vazquez, Galvan (b50) 2023; 53
Hur, Kim, Park (b33) 2022; 4
Liu, Wittek (b22) 2020; 101
Lu, Duan, Deng (b23) 2020; 2
Du, Hsieh, Liu, Tao, Liu (b26) 2020
Goodfellow, Pouget-Abadie, Mirza, Xu, Warde-Farley, Ozair, Courville, Bengio (b30) 2020; 63
A. Madry, A. Makelov, L. Schmidt, D. Tsipras, A. Vladu, Towards deep learning models resistant to adversarial attacks, in: Proceedings of the International Conference on Learning Representations, ICLR, 2018.
A. Kurakin, I. J. Goodfellow, S. Bengio, Adversarial examples in the physical world, in: 5th International Conference on Learning Representations, ICLR 2017 - Workshop Track Proceedings, 2017.
Deng, Li, Das Sarma (b46) 2017; 7
Liu, Wang, Yang (b38) 2019; 369
Li, Wooldridge, Wang (b28) 2023; vol. 448
Kerenidis, Prakash (b48) 2016
Miller, Xiang, Kesidis (b9) 2019
Huang, Du, Gong, Zhao, Wu, Wang, Li, Liang, Lin, Xu, Yang, Liu, Hsieh, Deng, Rong, Peng, Lu, Chen, Tao, Zhu, Pan (b49) 2021; 16
Silver, Patel, Tiwari (b51) 2022; vol. 36
Eyas, Engstrom, Athalye, Lin (b18) 2018; vol. 5
Talpur, Abdulkadir, Alhussian, Hasan, Aziz, Bamhdi (b36) 2023; 56
D.P. Kingma, M. Welling, Auto-encoding variational bayes, in: 2nd International Conference on Learning Representations, ICLR 2014 - Conference Track Proceedings, 2014.
Romero, Olson, Aspuru-Guzik (b43) 2017; 2
Bondarenko, Feldmann, Polina (b44) 2020; 124
Khoshaman, Vinci, Denis, Andriyash, Amin (b42) 2019; 4
Chow (b52) 2025; 18
Casares, Martin-Delgado (b27) 2020; 22
Na, Ji, Kim (b19) 2023; vol. 13801
Dunjko, Taylor, Briegel (b2) 2016; 117
Yi, Walia, Babyn (b12) 2019; 58
Chen, Li, Wu, Ding, Zhang (b21) 2023; 18
Sarma, Deng, Duan (b4) 2019; 72
Gong, Deng (b24) 2022; 9
Qiu (b25) 2023; 4
Bausch (b3) 2020; vol. 33
Khodr, Younes (b35) 2011; vol. 4
Bausch (10.1016/j.physa.2025.131033_b3) 2020; vol. 33
Goodfellow (10.1016/j.physa.2025.131033_b30) 2020; 63
Khodr (10.1016/j.physa.2025.131033_b35) 2011; vol. 4
Liu (10.1016/j.physa.2025.131033_b22) 2020; 101
Romero (10.1016/j.physa.2025.131033_b43) 2017; 2
Chakraborty (10.1016/j.physa.2025.131033_b7) 2018
Gong (10.1016/j.physa.2025.131033_b29) 2024; 6
Biggio (10.1016/j.physa.2025.131033_b8) 2018; 84
Na (10.1016/j.physa.2025.131033_b19) 2023; vol. 13801
Li (10.1016/j.physa.2025.131033_b39) 2015; 9
Zhang (10.1016/j.physa.2025.131033_b16) 2021; 16
Sarma (10.1016/j.physa.2025.131033_b4) 2019; 72
Miller (10.1016/j.physa.2025.131033_b9) 2019
Chen (10.1016/j.physa.2025.131033_b21) 2023; 18
Schuld (10.1016/j.physa.2025.131033_b45) 2020; 101
Solorio-Fernández (10.1016/j.physa.2025.131033_b37) 2022; 55
Li (10.1016/j.physa.2025.131033_b28) 2023; vol. 448
Kerenidis (10.1016/j.physa.2025.131033_b48) 2016
Qiu (10.1016/j.physa.2025.131033_b25) 2023; 4
Li (10.1016/j.physa.2025.131033_b6) 2022
Du (10.1016/j.physa.2025.131033_b26) 2020
Rebentrost (10.1016/j.physa.2025.131033_b47) 2014; 113
10.1016/j.physa.2025.131033_b5
10.1016/j.physa.2025.131033_b34
10.1016/j.physa.2025.131033_b31
10.1016/j.physa.2025.131033_b41
10.1016/j.physa.2025.131033_b40
Yi (10.1016/j.physa.2025.131033_b12) 2019; 58
Eyas (10.1016/j.physa.2025.131033_b18) 2018; vol. 5
Cong (10.1016/j.physa.2025.131033_b32) 2019; 15
Biamonte (10.1016/j.physa.2025.131033_b1) 2017; 549
Casares (10.1016/j.physa.2025.131033_b27) 2020; 22
Huang (10.1016/j.physa.2025.131033_b49) 2021; 16
Silver (10.1016/j.physa.2025.131033_b51) 2022; vol. 36
Qayyum (10.1016/j.physa.2025.131033_b11) 2020; 22
Deng (10.1016/j.physa.2025.131033_b46) 2017; 7
Dunjko (10.1016/j.physa.2025.131033_b2) 2016; 117
Talpur (10.1016/j.physa.2025.131033_b36) 2023; 56
Gong (10.1016/j.physa.2025.131033_b24) 2022; 9
Lu (10.1016/j.physa.2025.131033_b23) 2020; 2
Hur (10.1016/j.physa.2025.131033_b33) 2022; 4
Khoshaman (10.1016/j.physa.2025.131033_b42) 2019; 4
Garcia-Cuesta (10.1016/j.physa.2025.131033_b50) 2023; 53
Li (10.1016/j.physa.2025.131033_b20) 2021; 18
Chow (10.1016/j.physa.2025.131033_b52) 2025; 18
Liu (10.1016/j.physa.2025.131033_b38) 2019; 369
10.1016/j.physa.2025.131033_b17
10.1016/j.physa.2025.131033_b15
10.1016/j.physa.2025.131033_b14
10.1016/j.physa.2025.131033_b13
Bondarenko (10.1016/j.physa.2025.131033_b44) 2020; 124
10.1016/j.physa.2025.131033_b10
Cerezo (10.1016/j.physa.2025.131033_b53) 2021; 3
References_xml – volume: vol. 5
  start-page: 3392
  year: 2018
  end-page: 3401
  ident: b18
  article-title: Black-box adversarial attacks with limited queries and information
  publication-title: 35th International Conference on Machine Learning
– volume: 16
  start-page: 701
  year: 2021
  end-page: 713
  ident: b16
  article-title: Walking on the edge: Fast, low-distortion adversarial examples
  publication-title: IEEE Trans. Inf. Forensics Secur.
– reference: S. Oh, J. Choi, J. Kim, A Tutorial on Quantum Convolutional Neural Networks (QCNN), in: International Conference on ICT Convergence, 2020, pp. 236–239.
– volume: 113
  year: 2014
  ident: b47
  article-title: Quantum support vector machine for big data classification
  publication-title: Phys. Rev. Lett.
– volume: 4
  year: 2023
  ident: b25
  article-title: Universal adversarial perturbations for multiple classification tasks with quantum classifiers
  publication-title: Mach. Learn.: Sci. Technol.
– volume: 9
  year: 2022
  ident: b24
  article-title: Universal adversarial examples and perturbations for quantum classifiers
  publication-title: Natl. Sci. Rev.
– reference: C. Szegedy, W. Zaremba, I. Sutskever, J. Bruna, D. Erhan, I. Goodfellow, R. Fergus, Intriguing properties of neural networks, in: 2nd International Conference on Learning Representations, ICLR 2014 - Conference Track Proceedings, 2014.
– volume: 549
  start-page: 195
  year: 2017
  end-page: 202
  ident: b1
  article-title: Quantum machine learning
  publication-title: Nature
– volume: 6
  year: 2024
  ident: b29
  article-title: Enhancing quantum adversarial robustness by randomized encodings
  publication-title: Phys. Rev. Res.
– volume: vol. 36
  start-page: 8324
  year: 2022
  end-page: 8332
  ident: b51
  article-title: QUILT: Effective multi-class classification on quantum computers using an ensemble of diverse quantum classifiers
  publication-title: Proceedings of the 36th AAAI Conference on Artificial Intelligence
– volume: 22
  year: 2020
  ident: b27
  article-title: A quantum active learning algorithm for sampling against adversarial attacks
  publication-title: New J. Phys.
– volume: 15
  start-page: 1273
  year: 2019
  end-page: 1278
  ident: b32
  article-title: Quantum convolutional neural networks
  publication-title: Nat. Phys.
– volume: 7
  year: 2017
  ident: b46
  article-title: Quantum entanglement in neural network states
  publication-title: Phys. Rev. X
– volume: vol. 13801
  start-page: 467
  year: 2023
  end-page: 482
  ident: b19
  article-title: Unrestricted black-box adversarial attack using GAN with limited queries
  publication-title: Lecture Notes in Computer Science (Including Subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)
– volume: 101
  year: 2020
  ident: b22
  article-title: Vulnerability of quantum classification to adversarial perturbations
  publication-title: Phys. Rev. A
– volume: 4
  year: 2019
  ident: b42
  article-title: Quantum variational autoencoder
  publication-title: Quantum Sci. Technol.
– year: 2022
  ident: b6
  article-title: Quantum neural network classifiers: A tutorial
– volume: 56
  start-page: 865
  year: 2023
  end-page: 913
  ident: b36
  article-title: Deep neuro-fuzzy system application trends, challenges, and future perspectives: a systematic survey
  publication-title: Artif. Intell. Rev.
– volume: 55
  start-page: 2821
  year: 2022
  end-page: 2846
  ident: b37
  article-title: A survey on feature selection methods for mixed data
  publication-title: Artif. Intell. Rev.
– volume: 2
  year: 2017
  ident: b43
  article-title: Quantum autoencoders for efficient compression of quantum data
  publication-title: Quantum Sci. Technol.
– year: 2020
  ident: b26
  article-title: Quantum noise protects quantum classifiers against adversaries
– volume: vol. 33
  start-page: 1368
  year: 2020
  end-page: 1369
  ident: b3
  article-title: Recurrent quantum neural networks
  publication-title: Advances in Neural Information Processing Systems
– volume: vol. 4
  start-page: 1875
  year: 2011
  end-page: 1883
  ident: b35
  article-title: Dimensionality reduction on hyperspectral images: A comparative review based on artificial datas
  publication-title: Proceedings - 4th International Congress on Image and Signal Processing, CISP 2011
– volume: 16
  year: 2021
  ident: b49
  article-title: Experimental quantum generative adversarial networks for image generation
  publication-title: Phys. Rev. Appl.
– volume: 117
  year: 2016
  ident: b2
  article-title: Quantum-enhanced machine learning
  publication-title: Phys. Rev. Lett.
– volume: 58
  year: 2019
  ident: b12
  article-title: Generative adversarial network in medical imaging: A review
  publication-title: Med. Image Anal.
– reference: N. Carlini, D. Wagner, Towards Evaluating the Robustness of Neural Networks, in: Proceedings - IEEE Symposium on Security and Privacy, 2017, pp. 39–57.
– volume: 4
  year: 2022
  ident: b33
  article-title: Quantum convolutional neural network for classical data classification
  publication-title: Quantum Mach. Intell.
– year: 2018
  ident: b7
  article-title: Adversarial attacks and defences: A survey
– volume: 63
  start-page: 139
  year: 2020
  end-page: 144
  ident: b30
  article-title: Generative adversarial networks
  publication-title: Commun. ACM
– volume: 3
  start-page: 625
  year: 2021
  end-page: 644
  ident: b53
  article-title: Variational quantum algorithms
  publication-title: Nat. Rev. Phys.
– reference: Q. Niyaz, W. Sun, A. Y. Javaid, M. Alam, A deep learning approach for network intrusion detection system, in: EAI International Conference on Bio-Inspired Information and Communications Technologies, BICT, 2015.
– volume: 22
  start-page: 998
  year: 2020
  end-page: 1026
  ident: b11
  article-title: Securing connected & autonomous vehicles: Challenges posed by adversarial machine learning and the way forward
  publication-title: IEEE Commun. Surv. Tutorials
– volume: 101
  year: 2020
  ident: b45
  article-title: Circuit-centric quantum classifiers
  publication-title: Phys. Rev. A
– volume: 369
  start-page: 122
  year: 2019
  end-page: 133
  ident: b38
  article-title: Sparse autoencoder for social image understanding
  publication-title: Neurocomputing
– volume: 18
  start-page: 156
  year: 2025
  ident: b52
  article-title: Quantum computing and machine learning in medical decision-making: A comprehensive review
  publication-title: Algorithms
– reference: N. Papernot, P. McDaniel, I. Goodfellow, S. Jha, Z. B. Celik, A. Swami, Practical black-box attacks against machine learning, in: Proceedings of the 2017 ACM on Asia Conference on Computer and Communications Security, 2017.
– reference: A. Kurakin, I. J. Goodfellow, S. Bengio, Adversarial examples in the physical world, in: 5th International Conference on Learning Representations, ICLR 2017 - Workshop Track Proceedings, 2017.
– reference: A. Radford, L. Metz, S. Chintala, Unsupervised representation learning with deep convolutional generative adversarial networks, in: 4th International Conference on Learning Representations, ICLR 2016 - Conference Track Proceedings, 2016.
– volume: 9
  start-page: 205
  year: 2015
  end-page: 216
  ident: b39
  article-title: A hybrid malicious code detection method based on deep learning
  publication-title: Int. J. Secur. Appl.
– volume: 84
  start-page: 317
  year: 2018
  end-page: 331
  ident: b8
  article-title: Wild patterns: Ten years after the rise of adversarial machine learning
  publication-title: Pattern Recognit.
– reference: A. Madry, A. Makelov, L. Schmidt, D. Tsipras, A. Vladu, Towards deep learning models resistant to adversarial attacks, in: Proceedings of the International Conference on Learning Representations, ICLR, 2018.
– volume: 18
  start-page: 1933
  year: 2021
  end-page: 1949
  ident: b20
  article-title: Adversarial examples versus cloud-based detectors: A black-box empirical study
  publication-title: IEEE Trans. Dependable Secur. Comput.
– year: 2019
  ident: b9
  article-title: Adversarial learning in statistical classification: A comprehensive review of defenses against attacks
– reference: D.P. Kingma, M. Welling, Auto-encoding variational bayes, in: 2nd International Conference on Learning Representations, ICLR 2014 - Conference Track Proceedings, 2014.
– volume: 18
  start-page: 5522
  year: 2023
  end-page: 5536
  ident: b21
  article-title: Query-efficient decision-based black-box patch attack
  publication-title: IEEE Trans. Inf. Forensics Secur.
– volume: 124
  year: 2020
  ident: b44
  article-title: Quantum autoencoders to denoise quantum data
  publication-title: Phys. Rev. Lett.
– volume: vol. 448
  year: 2023
  ident: b28
  article-title: Transferability of quantum adversarial machine learning
  publication-title: Proceedings of Seventh International Congress on Information and Communication Technology
– volume: 72
  start-page: 48
  year: 2019
  end-page: 54
  ident: b4
  article-title: Machine learning meets quantum physics
  publication-title: Phys. Today
– volume: 53
  start-page: 13053
  year: 2023
  end-page: 13066
  ident: b50
  article-title: A combination of supervised dimensionality reduction and learning methods to forecast solar radiation
  publication-title: Appl. Intell.
– reference: C. Xie, J. Wang, Z. Zhang, Y. Zhou, L. Xie, A. Yuille, Adversarial examples for semantic segmentation and object detection, in: Proceedings of the IEEE Conference on Computer Vision and Pattern Recognition, CVPR, 2017, pp. 1378–1387.
– volume: 2
  year: 2020
  ident: b23
  article-title: Quantum adversarial machine learning
  publication-title: Phys. Rev. Res.
– year: 2016
  ident: b48
  article-title: Quantum recommendation systems
  publication-title: Information Technology Convergence and Services
– volume: 117
  issue: 13
  year: 2016
  ident: 10.1016/j.physa.2025.131033_b2
  article-title: Quantum-enhanced machine learning
  publication-title: Phys. Rev. Lett.
  doi: 10.1103/PhysRevLett.117.130501
– volume: vol. 5
  start-page: 3392
  year: 2018
  ident: 10.1016/j.physa.2025.131033_b18
  article-title: Black-box adversarial attacks with limited queries and information
– volume: 4
  issue: 4
  year: 2023
  ident: 10.1016/j.physa.2025.131033_b25
  article-title: Universal adversarial perturbations for multiple classification tasks with quantum classifiers
  publication-title: Mach. Learn.: Sci. Technol.
– volume: 16
  issue: 2
  year: 2021
  ident: 10.1016/j.physa.2025.131033_b49
  article-title: Experimental quantum generative adversarial networks for image generation
  publication-title: Phys. Rev. Appl.
  doi: 10.1103/PhysRevApplied.16.024051
– year: 2020
  ident: 10.1016/j.physa.2025.131033_b26
– volume: 53
  start-page: 13053
  issue: 11
  year: 2023
  ident: 10.1016/j.physa.2025.131033_b50
  article-title: A combination of supervised dimensionality reduction and learning methods to forecast solar radiation
  publication-title: Appl. Intell.
  doi: 10.1007/s10489-022-04175-y
– ident: 10.1016/j.physa.2025.131033_b31
– volume: 7
  issue: 2
  year: 2017
  ident: 10.1016/j.physa.2025.131033_b46
  article-title: Quantum entanglement in neural network states
  publication-title: Phys. Rev. X
– volume: 58
  year: 2019
  ident: 10.1016/j.physa.2025.131033_b12
  article-title: Generative adversarial network in medical imaging: A review
  publication-title: Med. Image Anal.
  doi: 10.1016/j.media.2019.101552
– ident: 10.1016/j.physa.2025.131033_b17
  doi: 10.1145/3052973.3053009
– volume: 22
  issue: 7
  year: 2020
  ident: 10.1016/j.physa.2025.131033_b27
  article-title: A quantum active learning algorithm for sampling against adversarial attacks
  publication-title: New J. Phys.
  doi: 10.1088/1367-2630/ab976f
– volume: vol. 13801
  start-page: 467
  year: 2023
  ident: 10.1016/j.physa.2025.131033_b19
  article-title: Unrestricted black-box adversarial attack using GAN with limited queries
– ident: 10.1016/j.physa.2025.131033_b41
– volume: 22
  start-page: 998
  issue: 2
  year: 2020
  ident: 10.1016/j.physa.2025.131033_b11
  article-title: Securing connected & autonomous vehicles: Challenges posed by adversarial machine learning and the way forward
  publication-title: IEEE Commun. Surv. Tutorials
  doi: 10.1109/COMST.2020.2975048
– ident: 10.1016/j.physa.2025.131033_b5
  doi: 10.1109/ICTC49870.2020.9289439
– volume: 9
  issue: 6
  year: 2022
  ident: 10.1016/j.physa.2025.131033_b24
  article-title: Universal adversarial examples and perturbations for quantum classifiers
  publication-title: Natl. Sci. Rev.
– volume: 4
  issue: 1
  year: 2022
  ident: 10.1016/j.physa.2025.131033_b33
  article-title: Quantum convolutional neural network for classical data classification
  publication-title: Quantum Mach. Intell.
  doi: 10.1007/s42484-021-00061-x
– volume: 16
  start-page: 701
  year: 2021
  ident: 10.1016/j.physa.2025.131033_b16
  article-title: Walking on the edge: Fast, low-distortion adversarial examples
  publication-title: IEEE Trans. Inf. Forensics Secur.
  doi: 10.1109/TIFS.2020.3021899
– volume: 369
  start-page: 122
  year: 2019
  ident: 10.1016/j.physa.2025.131033_b38
  article-title: Sparse autoencoder for social image understanding
  publication-title: Neurocomputing
  doi: 10.1016/j.neucom.2019.08.083
– volume: 101
  issue: 6
  year: 2020
  ident: 10.1016/j.physa.2025.131033_b22
  article-title: Vulnerability of quantum classification to adversarial perturbations
  publication-title: Phys. Rev. A
  doi: 10.1103/PhysRevA.101.062331
– ident: 10.1016/j.physa.2025.131033_b34
– volume: 3
  start-page: 625
  issue: 9
  year: 2021
  ident: 10.1016/j.physa.2025.131033_b53
  article-title: Variational quantum algorithms
  publication-title: Nat. Rev. Phys.
  doi: 10.1038/s42254-021-00348-9
– year: 2019
  ident: 10.1016/j.physa.2025.131033_b9
– volume: 6
  issue: 2
  year: 2024
  ident: 10.1016/j.physa.2025.131033_b29
  article-title: Enhancing quantum adversarial robustness by randomized encodings
  publication-title: Phys. Rev. Res.
  doi: 10.1103/PhysRevResearch.6.023020
– ident: 10.1016/j.physa.2025.131033_b40
– volume: 72
  start-page: 48
  issue: 3
  year: 2019
  ident: 10.1016/j.physa.2025.131033_b4
  article-title: Machine learning meets quantum physics
  publication-title: Phys. Today
  doi: 10.1063/PT.3.4164
– ident: 10.1016/j.physa.2025.131033_b15
  doi: 10.1109/SP.2017.49
– volume: 18
  start-page: 156
  issue: 3
  year: 2025
  ident: 10.1016/j.physa.2025.131033_b52
  article-title: Quantum computing and machine learning in medical decision-making: A comprehensive review
  publication-title: Algorithms
  doi: 10.3390/a18030156
– year: 2022
  ident: 10.1016/j.physa.2025.131033_b6
– ident: 10.1016/j.physa.2025.131033_b10
– volume: 113
  issue: 3
  year: 2014
  ident: 10.1016/j.physa.2025.131033_b47
  article-title: Quantum support vector machine for big data classification
  publication-title: Phys. Rev. Lett.
– volume: vol. 36
  start-page: 8324
  year: 2022
  ident: 10.1016/j.physa.2025.131033_b51
  article-title: QUILT: Effective multi-class classification on quantum computers using an ensemble of diverse quantum classifiers
– volume: 124
  issue: 13
  year: 2020
  ident: 10.1016/j.physa.2025.131033_b44
  article-title: Quantum autoencoders to denoise quantum data
  publication-title: Phys. Rev. Lett.
  doi: 10.1103/PhysRevLett.124.130502
– volume: vol. 33
  start-page: 1368
  year: 2020
  ident: 10.1016/j.physa.2025.131033_b3
  article-title: Recurrent quantum neural networks
– ident: 10.1016/j.physa.2025.131033_b14
– volume: 18
  start-page: 1933
  issue: 4
  year: 2021
  ident: 10.1016/j.physa.2025.131033_b20
  article-title: Adversarial examples versus cloud-based detectors: A black-box empirical study
  publication-title: IEEE Trans. Dependable Secur. Comput.
– volume: 56
  start-page: 865
  issue: 2
  year: 2023
  ident: 10.1016/j.physa.2025.131033_b36
  article-title: Deep neuro-fuzzy system application trends, challenges, and future perspectives: a systematic survey
  publication-title: Artif. Intell. Rev.
  doi: 10.1007/s10462-022-10188-3
– volume: 2
  issue: 4
  year: 2017
  ident: 10.1016/j.physa.2025.131033_b43
  article-title: Quantum autoencoders for efficient compression of quantum data
  publication-title: Quantum Sci. Technol.
  doi: 10.1088/2058-9565/aa8072
– volume: 549
  start-page: 195
  issue: 7671
  year: 2017
  ident: 10.1016/j.physa.2025.131033_b1
  article-title: Quantum machine learning
  publication-title: Nature
  doi: 10.1038/nature23474
– volume: vol. 448
  year: 2023
  ident: 10.1016/j.physa.2025.131033_b28
  article-title: Transferability of quantum adversarial machine learning
– ident: 10.1016/j.physa.2025.131033_b13
  doi: 10.1109/ICCV.2017.153
– volume: vol. 4
  start-page: 1875
  year: 2011
  ident: 10.1016/j.physa.2025.131033_b35
  article-title: Dimensionality reduction on hyperspectral images: A comparative review based on artificial datas
– year: 2018
  ident: 10.1016/j.physa.2025.131033_b7
– volume: 55
  start-page: 2821
  issue: 4
  year: 2022
  ident: 10.1016/j.physa.2025.131033_b37
  article-title: A survey on feature selection methods for mixed data
  publication-title: Artif. Intell. Rev.
  doi: 10.1007/s10462-021-10072-6
– volume: 9
  start-page: 205
  issue: 5
  year: 2015
  ident: 10.1016/j.physa.2025.131033_b39
  article-title: A hybrid malicious code detection method based on deep learning
  publication-title: Int. J. Secur. Appl.
– volume: 63
  start-page: 139
  issue: 11
  year: 2020
  ident: 10.1016/j.physa.2025.131033_b30
  article-title: Generative adversarial networks
  publication-title: Commun. ACM
  doi: 10.1145/3422622
– volume: 4
  issue: 1
  year: 2019
  ident: 10.1016/j.physa.2025.131033_b42
  article-title: Quantum variational autoencoder
  publication-title: Quantum Sci. Technol.
  doi: 10.1088/2058-9565/aada1f
– volume: 84
  start-page: 317
  year: 2018
  ident: 10.1016/j.physa.2025.131033_b8
  article-title: Wild patterns: Ten years after the rise of adversarial machine learning
  publication-title: Pattern Recognit.
  doi: 10.1016/j.patcog.2018.07.023
– volume: 2
  issue: 3
  year: 2020
  ident: 10.1016/j.physa.2025.131033_b23
  article-title: Quantum adversarial machine learning
  publication-title: Phys. Rev. Res.
  doi: 10.1103/PhysRevResearch.2.033212
– volume: 101
  issue: 3
  year: 2020
  ident: 10.1016/j.physa.2025.131033_b45
  article-title: Circuit-centric quantum classifiers
  publication-title: Phys. Rev. A
  doi: 10.1103/PhysRevA.101.032308
– volume: 15
  start-page: 1273
  issue: 12
  year: 2019
  ident: 10.1016/j.physa.2025.131033_b32
  article-title: Quantum convolutional neural networks
  publication-title: Nat. Phys.
  doi: 10.1038/s41567-019-0648-8
– volume: 18
  start-page: 5522
  year: 2023
  ident: 10.1016/j.physa.2025.131033_b21
  article-title: Query-efficient decision-based black-box patch attack
  publication-title: IEEE Trans. Inf. Forensics Secur.
  doi: 10.1109/TIFS.2023.3307908
– year: 2016
  ident: 10.1016/j.physa.2025.131033_b48
  article-title: Quantum recommendation systems
SSID ssj0001732
Score 2.477687
Snippet Currently, researchers have conducted extensive studies on adversarial attacks in the field of machine learning. With the development of quantum computing...
SourceID crossref
elsevier
SourceType Index Database
Publisher
StartPage 131033
SubjectTerms Adversarial samples
Few queries
Quantum autoencoders
Quantum machine learning
Title A black-box attack method of machine learning algorithms based on quantum autoencoders
URI https://dx.doi.org/10.1016/j.physa.2025.131033
Volume 680
WOSCitedRecordID wos001598760300002&url=https%3A%2F%2Fcvtisr.summon.serialssolutions.com%2F%23%21%2Fsearch%3Fho%3Df%26include.ft.matches%3Dt%26l%3Dnull%26q%3D
hasFullText 1
inHoldings 1
isFullTextHit
isPrint
journalDatabaseRights – providerCode: PRVESC
  databaseName: Elsevier SD Freedom Collection Journals 2021
  issn: 0378-4371
  databaseCode: AIEXJ
  dateStart: 19950101
  customDbUrl:
  isFulltext: true
  dateEnd: 99991231
  titleUrlDefault: https://www.sciencedirect.com
  omitProxy: false
  ssIdentifier: ssj0001732
  providerName: Elsevier
link http://cvtisr.summon.serialssolutions.com/2.0.0/link/0/eLvHCXMwtV3da9RAEF-0VeiL-In1i33w7Uy5bHazyeOhldaHUvCU8ynsZjc1pSbtXU7O_96ZzObu4ERU8CWEQDZhfst87cz8GHs99hD3OFVGlTAqksJnkZE2jkprnC1VDhba9mQT-uwsm83y80Bzt-jpBHTTZKtVfv1foYZnADa2zv4F3OtF4QHcA-hwBdjh-kfAT0YWk3KRbVcj03VwG2ii-6P0vnbSD2QRFyNzddHO6-7rt8UIDZrDw4ObJYgbi5aXXYtzLl2okh-c2HPCdpMGnVIW9V0bzCBqkdDTUF_VW7lpOuapzY_lVlkBaZsvYZuGDIRQWM1BPZiUFttpjaF2LAhPZUL8KoOqTYm1aUdtUwbh8gizOTgMSqijGAnQko2VWtcOfsSVcWFw3sZpptRtti-0ykGl7U9Oj2cf1oY41gkdIoU_GYZO9eV9O5_6tWOy5WxM77N7IUrgE0L3Abvlm4fsLsl98Yh9nvA1xpww5oQxbyseMOYDxnyDMe8x5m3DA8Z8G-PH7NP74-nbkygQZEQlRIJd5DOnscXTgRqtbGLSpKqEy72S3mMo6XSurMUJ2klcxU6U2mdq7KTRMtcG3JcnbK9pG_-UcS18aqWojJC2Z50XcSlBfiZ1zonEH7I3g3SKa5qDUgwFgpdFL8wChVmQMA9ZOkiwCK4cuWgFQP67F5_964vP2cFmb75ge9186V-yO-X3rl7MX4Wt8RN4aG6o
linkProvider Elsevier
openUrl ctx_ver=Z39.88-2004&ctx_enc=info%3Aofi%2Fenc%3AUTF-8&rfr_id=info%3Asid%2Fsummon.serialssolutions.com&rft_val_fmt=info%3Aofi%2Ffmt%3Akev%3Amtx%3Ajournal&rft.genre=article&rft.atitle=A+black-box+attack+method+of+machine+learning+algorithms+based+on+quantum+autoencoders&rft.jtitle=Physica+A&rft.au=Tan%2C+Dong&rft.au=Yan%2C+Lili&rft.au=Zhao%2C+Jiayu&rft.au=Chang%2C+Yan&rft.date=2025-12-15&rft.pub=Elsevier+B.V&rft.issn=0378-4371&rft.volume=680&rft_id=info:doi/10.1016%2Fj.physa.2025.131033&rft.externalDocID=S0378437125006855
thumbnail_l http://covers-cdn.summon.serialssolutions.com/index.aspx?isbn=/lc.gif&issn=0378-4371&client=summon
thumbnail_m http://covers-cdn.summon.serialssolutions.com/index.aspx?isbn=/mc.gif&issn=0378-4371&client=summon
thumbnail_s http://covers-cdn.summon.serialssolutions.com/index.aspx?isbn=/sc.gif&issn=0378-4371&client=summon