Publication: A quantum active learning algorithm for sampling against adversarial attacks
Full text at PDC
Advisors (or tutors)
IOP publishing ltd
Adversarial attacks represent a serious menace for learning algorithms and may compromise the security of future autonomous systems. A theorem by Khoury and Hadfield-Menell (KH), provides sufficient conditions to guarantee the robustness of active learning algorithms, but comes with a caveat: it is crucial to know the smallest distance among the classes of the corresponding classification problem. We propose a theoretical framework that allows us to think of active learning as sampling the most promising new points to be classified, so that the minimum distance between classes can be found and the theorem KH used. Additionally, we introduce a quantum active learning algorithm that makes use of such framework and whose complexity is polylogarithmic in the dimension of the space, m, and the size of the initial training data n, provided the use of qRAMs; and polynomial in the precision, achieving an exponential speedup over the equivalent classical algorithm in n and m.
© 2020 The Author(s). We would like to thank Santiago Varona for useful comments on the manuscript, as well to Jaime Sevilla, Nikolas Bernaola and Javier Prieto for pointing us to useful statistic results for appendix C. We acknowledge financial support from the Spanish MINECO grants MINECO/FEDER Projects FIS 2017-91460-EXP, PGC2018-099169-B-I00 FIS-2018 and from CAM/FEDER Project No. S2018/TCS-4342 (QUITEMAD-CM). The research of MAM-D has been partially supported by the US Army Research Office through Grant No.W911NF-14-1-0103. PAMC thanks the support of an FPU MECD Grant.