A black-box attack method of machine learning algorithms based on quantum autoencoders

Currently, researchers have conducted extensive studies on adversarial attacks in the field of machine learning. With the development of quantum computing technology, quantum computing has provided new ideas and methods for implementing machine learning algorithms. Meanwhile, the issue of adversaria...

Full description

Saved in:
Bibliographic Details
Published in:Physica A Vol. 680; p. 131033
Main Authors: Tan, Dong, Yan, Lili, Zhao, Jiayu, Chang, Yan, Zhang, Shibin
Format: Journal Article
Language:English
Published: Elsevier B.V 15.12.2025
Subjects:
Adversarial samples
Few queries
Quantum autoencoders
Quantum machine learning
Quantum machine learning
Quantum autoencoders
Adversarial samples
Few queries
ISSN:0378-4371
Online Access:Get full text
Tags: Add Tag
No Tags, Be the first to tag this record!
Description
Summary:Currently, researchers have conducted extensive studies on adversarial attacks in the field of machine learning. With the development of quantum computing technology, quantum computing has provided new ideas and methods for implementing machine learning algorithms. Meanwhile, the issue of adversarial attacks in quantum machine learning has increasingly become a research hotspot. This paper proposes a new black-box attack method against quantum machine learning models based on a quantum autoencoder (QAE). The method first obtains a basic dataset through a small number of queries to the model, then expands this basic dataset to obtain a training dataset. The training dataset is used to train a surrogate model to generate adversarial examples, and then the transferability of the adversarial examples is utilized to launch attacks, ultimately achieving a black-box attack on the target model. Experiments show that the proposed method only requires 20 queries to the target model. Based on the results of these queries, the quantum autoencoder can be used to expand the basic dataset, and the accuracy of the surrogate model for attacking the target model is improved by 8% on the generated test set. Moreover, compared with the deep convolutional generative adversarial network (DCGAN) model, this method can achieve faster fitting. After training, the effectiveness of transfer based attacks on the surrogate model only decreases by less than 20% under strong perturbation conditions, and under certain conditions, the attack effect on the target model is stronger than that on the surrogate model itself. In addition, using the surrogate model to attack another quantum neural network model also achieves similar effects to those on the target model, thereby further verifying the universality of the proposed attack method. •Proposes a quantum autoencoder-based black-box attack method effective with minimal queries.•Achieves high attack success with only a few queries by enhancing decision boundary similarity.•Quantum-generated data improves attack stealth and effectiveness over traditional methods.•Adversarial examples show strong transferability between quantum models under interference.•Attack method demonstrates broad applicability across diverse quantum neural networks.
ISSN:0378-4371
DOI:10.1016/j.physa.2025.131033