IDEAS home Printed from https://ideas.repec.org/a/eee/phsmap/v680y2025ics0378437125006855.html

A black-box attack method of machine learning algorithms based on quantum autoencoders

Author

Listed:
  • Tan, Dong
  • Yan, Lili
  • Zhao, Jiayu
  • Chang, Yan
  • Zhang, Shibin

Abstract

Currently, researchers have conducted extensive studies on adversarial attacks in the field of machine learning. With the development of quantum computing technology, quantum computing has provided new ideas and methods for implementing machine learning algorithms. Meanwhile, the issue of adversarial attacks in quantum machine learning has increasingly become a research hotspot. This paper proposes a new black-box attack method against quantum machine learning models based on a quantum autoencoder (QAE). The method first obtains a basic dataset through a small number of queries to the model, then expands this basic dataset to obtain a training dataset. The training dataset is used to train a surrogate model to generate adversarial examples, and then the transferability of the adversarial examples is utilized to launch attacks, ultimately achieving a black-box attack on the target model. Experiments show that the proposed method only requires 20 queries to the target model. Based on the results of these queries, the quantum autoencoder can be used to expand the basic dataset, and the accuracy of the surrogate model for attacking the target model is improved by 8% on the generated test set. Moreover, compared with the deep convolutional generative adversarial network (DCGAN) model, this method can achieve faster fitting. After training, the effectiveness of transfer based attacks on the surrogate model only decreases by less than 20% under strong perturbation conditions, and under certain conditions, the attack effect on the target model is stronger than that on the surrogate model itself. In addition, using the surrogate model to attack another quantum neural network model also achieves similar effects to those on the target model, thereby further verifying the universality of the proposed attack method.

Suggested Citation

  • Tan, Dong & Yan, Lili & Zhao, Jiayu & Chang, Yan & Zhang, Shibin, 2025. "A black-box attack method of machine learning algorithms based on quantum autoencoders," Physica A: Statistical Mechanics and its Applications, Elsevier, vol. 680(C).
    • Handle: RePEc:eee:phsmap:v:680:y:2025:i:c:s0378437125006855
    DOI: 10.1016/j.physa.2025.131033
    as

    Download full text from publisher

    File URL: http://www.sciencedirect.com/science/article/pii/S0378437125006855
    Download Restriction: Full text for ScienceDirect subscribers only. Journal offers the option of making the article available online on Science direct for a fee of $3,000
    File URL: https://libkey.io/10.1016/j.physa.2025.131033?utm_source=ideas
    LibKey link: if access is restricted and if your library uses this service, LibKey will redirect you to where you can use your library subscription to access this item
    ---><---

    As the access to this document is restricted, you may want to

    for a different version of it.

    References listed on IDEAS

    as
    1. Jacob Biamonte & Peter Wittek & Nicola Pancotti & Patrick Rebentrost & Nathan Wiebe & Seth Lloyd, 2017. "Quantum machine learning," Nature, Nature, vol. 549(7671), pages 195-202, September.
    2. Anil Bhujel & Na-Eun Kim & Elanchezhian Arulmozhi & Jayanta Kumar Basak & Hyeon-Tae Kim, 2022. "A Lightweight Attention-Based Convolutional Neural Networks for Tomato Leaf Disease Classification," Agriculture, MDPI, vol. 12(2), pages 1-18, February.
    3. Samson Wang & Enrico Fontana & M. Cerezo & Kunal Sharma & Akira Sone & Lukasz Cincio & Patrick J. Coles, 2021. "Noise-induced barren plateaus in variational quantum algorithms," Nature Communications, Nature, vol. 12(1), pages 1-11, December.
    Full references (including those not matched with items on IDEAS)

    Most related items

    These are the items that most often cite the same works as this one and are cited by the same works as this one.
    1. Abraham Itzhak Weinberg, 2025. "Hybrid Quantum-Classical Ensemble Learning for S\&P 500 Directional Prediction," Papers 2512.15738, arXiv.org.
    2. Elies Gil-Fuster & Jens Eisert & Carlos Bravo-Prieto, 2024. "Understanding quantum machine learning also requires rethinking generalization," Nature Communications, Nature, vol. 15(1), pages 1-12, December.
    3. Isaiah Hull & Or Sattath & Eleni Diamanti & Göran Wendin, 2024. "Quantum Algorithms," Contributions to Economics, in: Quantum Technology for Economists, chapter 0, pages 37-103, Springer.
    4. Yunsoo Ha & Sara Shashaani & Matt Menickelly, 2025. "Two-Stage Estimation and Variance Modeling for Latency-Constrained Variational Quantum Algorithms," INFORMS Journal on Computing, INFORMS, vol. 37(1), pages 125-145, January.
    5. Junyu Liu & Minzhao Liu & Jin-Peng Liu & Ziyu Ye & Yunfei Wang & Yuri Alexeev & Jens Eisert & Liang Jiang, 2024. "Towards provably efficient quantum algorithms for large-scale machine-learning models," Nature Communications, Nature, vol. 15(1), pages 1-6, December.
    6. Alen Senanian & Sridhar Prabhu & Vladimir Kremenetski & Saswata Roy & Yingkang Cao & Jeremy Kline & Tatsuhiro Onodera & Logan G. Wright & Xiaodi Wu & Valla Fatemi & Peter L. McMahon, 2024. "Microwave signal processing using an analog quantum reservoir computer," Nature Communications, Nature, vol. 15(1), pages 1-9, December.
    7. Matthias C. Caro & Hsin-Yuan Huang & M. Cerezo & Kunal Sharma & Andrew Sornborger & Lukasz Cincio & Patrick J. Coles, 2022. "Generalization in quantum machine learning from few training data," Nature Communications, Nature, vol. 13(1), pages 1-11, December.
    8. Taofeek Adeshina Yusuff & Kenechukwu Francis Iloeje & Sylviastella Favour Peteranaba & Victoria Sharon Akinlolu & Nimotalai Olusola Kassim & Zuraifa Hamidu, 2025. "Creating Quantum-Powered Epidemiological Models Enabling Proactive Responses to Pandemics and Emerging Health Threats," International Journal of Scientific Research and Modern Technology, Prasu Publications, vol. 4(10), pages 39-58.
    9. Wang, Shaoxuan & Shen, Yingtong & Liu, Xinjian & Zhang, Haoying & Wang, Yukun, 2024. "Variational quantum entanglement classification discrimination," Physica A: Statistical Mechanics and its Applications, Elsevier, vol. 637(C).
    10. Sofiene Jerbi & Lukas J. Fiderer & Hendrik Poulsen Nautrup & Jonas M. Kübler & Hans J. Briegel & Vedran Dunjko, 2023. "Quantum machine learning beyond kernel methods," Nature Communications, Nature, vol. 14(1), pages 1-8, December.
    11. Zhang, Cai & Zheng, Lingzhou & Situ, Haozhen, 2026. "Hybrid quantum convolutional neural network for multi-channel image classification," Physica A: Statistical Mechanics and its Applications, Elsevier, vol. 682(C).
    12. Manuel S. Rudolph & Jacob Miller & Danial Motlagh & Jing Chen & Atithi Acharya & Alejandro Perdomo-Ortiz, 2023. "Synergistic pretraining of parametrized quantum circuits via tensor networks," Nature Communications, Nature, vol. 14(1), pages 1-10, December.
    13. Bingzhi Zhang & Junyu Liu & Xiao-Chuan Wu & Liang Jiang & Quntao Zhuang, 2024. "Dynamical transition in controllable quantum neural networks with large depth," Nature Communications, Nature, vol. 15(1), pages 1-12, December.
    14. Matthias C. Caro & Hsin-Yuan Huang & Nicholas Ezzell & Joe Gibbs & Andrew T. Sornborger & Lukasz Cincio & Patrick J. Coles & Zoë Holmes, 2023. "Out-of-distribution generalization for learning quantum dynamics," Nature Communications, Nature, vol. 14(1), pages 1-9, December.
    15. Accardi, Luigi & Souissi, Abdessatar & Soueidi, El Gheteb & Rhaima, Mohamed, 2025. "Degree of entanglement in Entangled Hidden Markov Models," Chaos, Solitons & Fractals, Elsevier, vol. 196(C).
    16. Michael Ragone & Bojko N. Bakalov & Frédéric Sauvage & Alexander F. Kemper & Carlos Ortiz Marrero & Martín Larocca & M. Cerezo, 2024. "A Lie algebraic theory of barren plateaus for deep parameterized quantum circuits," Nature Communications, Nature, vol. 15(1), pages 1-10, December.
    17. M. Cerezo & Martin Larocca & Diego García-Martín & N. L. Diaz & Paolo Braccia & Enrico Fontana & Manuel S. Rudolph & Pablo Bermejo & Aroosa Ijaz & Supanut Thanasilp & Eric R. Anschuetz & Zoë Holmes, 2025. "Does provable absence of barren plateaus imply classical simulability?," Nature Communications, Nature, vol. 16(1), pages 1-15, December.
    18. Sofiene Jerbi & Casper Gyurik & Simon C. Marshall & Riccardo Molteni & Vedran Dunjko, 2024. "Shadows of quantum machine learning," Nature Communications, Nature, vol. 15(1), pages 1-7, December.
    19. Huang, Chenyi & Zhang, Shibin & Chang, Yan & Yan, Lily, 2024. "Quantum metric learning with fuzzy-informed learning," Physica A: Statistical Mechanics and its Applications, Elsevier, vol. 643(C).
    20. Wu, Jiang & Ou, Guiyan & Liu, Xiaohui & Dong, Ke, 2022. "How does academic education background affect top researchers’ performance? Evidence from the field of artificial intelligence," Journal of Informetrics, Elsevier, vol. 16(2).

    More about this item

    Keywords

    ;
    ;
    ;
    ;

    Statistics

    Access and download statistics

    Corrections

    All material on this site has been provided by the respective publishers and authors. You can help correct errors and omissions. When requesting a correction, please mention this item's handle: RePEc:eee:phsmap:v:680:y:2025:i:c:s0378437125006855. See general information about how to correct material in RePEc.

    If you have authored this item and are not yet registered with RePEc, we encourage you to do it here. This allows to link your profile to this item. It also allows you to accept potential citations to this item that we are uncertain about.

    If CitEc recognized a bibliographic reference but did not link an item in RePEc to it, you can help with this form .

    If you know of missing items citing this one, you can help us creating those links by adding the relevant references in the same way as above, for each refering item. If you are a registered author of this item, you may also want to check the "citations" tab in your RePEc Author Service profile, as there may be some citations waiting for confirmation.

    For technical questions regarding this item, or to correct its authors, title, abstract, bibliographic or download information, contact: Catherine Liu (email available below). General contact details of provider: http://www.journals.elsevier.com/physica-a-statistical-mechpplications/ .

    Please note that corrections may take a couple of weeks to filter through the various RePEc services.

    IDEAS is a RePEc service. RePEc uses bibliographic data supplied by the respective publishers.