{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2026,4,11]],"date-time":"2026-04-11T04:25:04Z","timestamp":1775881504898,"version":"3.50.1"},"reference-count":57,"publisher":"IOP Publishing","issue":"4","license":[{"start":{"date-parts":[[2021,7,15]],"date-time":"2021-07-15T00:00:00Z","timestamp":1626307200000},"content-version":"vor","delay-in-days":0,"URL":"http:\/\/creativecommons.org\/licenses\/by\/4.0"},{"start":{"date-parts":[[2021,7,15]],"date-time":"2021-07-15T00:00:00Z","timestamp":1626307200000},"content-version":"tdm","delay-in-days":0,"URL":"https:\/\/iopscience.iop.org\/info\/page\/text-and-data-mining"}],"funder":[{"name":"\u201cla Caixa\u201d Foundation","award":["LCF\/BQ\/ES15\/10360001"],"award-info":[{"award-number":["LCF\/BQ\/ES15\/10360001"]}]}],"content-domain":{"domain":["iopscience.iop.org"],"crossmark-restriction":false},"short-container-title":["Mach. Learn.: Sci. Technol."],"published-print":{"date-parts":[[2021,12,1]]},"abstract":"<jats:title>Abstract<\/jats:title>\n               <jats:p>We provide a robust defence to adversarial attacks on discriminative algorithms. Neural networks are naturally vulnerable to small, tailored perturbations in the input data that lead to wrong predictions. On the contrary, generative models attempt to learn the distribution underlying a dataset, making them inherently more robust to small perturbations. We use Boltzmann machines for discrimination purposes as attack-resistant classifiers, and compare them against standard state-of-the-art adversarial defences. We find improvements ranging from 5% to 72% against attacks with Boltzmann machines on the MNIST dataset. We furthermore complement the training with quantum-enhanced sampling from the D-Wave 2000Q annealer, finding results comparable with classical techniques and with marginal improvements in some cases. These results underline the relevance of probabilistic methods in constructing neural networks and highlight a novel scenario of practical relevance where quantum computers, even with limited hardware capabilities, could provide advantages over classical computers.<\/jats:p>","DOI":"10.1088\/2632-2153\/abf834","type":"journal-article","created":{"date-parts":[[2021,4,15]],"date-time":"2021-04-15T15:42:26Z","timestamp":1618501346000},"page":"045006","update-policy":"https:\/\/doi.org\/10.1088\/crossmark-policy","source":"Crossref","is-referenced-by-count":10,"title":["Defence against adversarial attacks using classical and quantum-enhanced Boltzmann machines\n                  <sup>\u2020<\/sup>"],"prefix":"10.1088","volume":"2","author":[{"given":"Aidan","family":"Kehoe","sequence":"first","affiliation":[],"role":[{"role":"author","vocabulary":"crossref"}]},{"given":"Peter","family":"Wittek","sequence":"additional","affiliation":[],"role":[{"role":"author","vocabulary":"crossref"}]},{"ORCID":"https:\/\/orcid.org\/0000-0001-5999-1521","authenticated-orcid":false,"given":"Yanbo","family":"Xue","sequence":"additional","affiliation":[],"role":[{"role":"author","vocabulary":"crossref"}]},{"ORCID":"https:\/\/orcid.org\/0000-0002-3853-3545","authenticated-orcid":false,"given":"Alejandro","family":"Pozas-Kerstjens","sequence":"additional","affiliation":[],"role":[{"role":"author","vocabulary":"crossref"}]}],"member":"266","published-online":{"date-parts":[[2021,7,15]]},"reference":[{"key":"mlstabf834bib1","doi-asserted-by":"publisher","first-page":"828","DOI":"10.1109\/TEVC.2019.2890858","article-title":"One pixel attack for fooling deep neural networks","volume":"23","author":"Su","year":"2019","journal-title":"IEEE Trans. Evol. Comput."},{"key":"mlstabf834bib2","article-title":"Intriguing properties of neural networks","author":"Szegedy","year":"2014"},{"key":"mlstabf834bib3","article-title":"Explaining and harnessing adversarial examples","author":"Goodfellow","year":"2015"},{"key":"mlstabf834bib4","article-title":"Intriguing properties of adversarial examples","author":"Cubuk","year":"2018"},{"key":"mlstabf834bib5","doi-asserted-by":"publisher","first-page":"2574","DOI":"10.1109\/CVPR.2016.282","article-title":"DeepFool: a simple and accurate method to fool deep neural networks","author":"Moosavi-Dezfooli","year":"2016"},{"key":"mlstabf834bib6","doi-asserted-by":"publisher","first-page":"197","DOI":"10.1109\/sp.2014.20","article-title":"Practical evasion of a learning-based classifier: a case study","author":"\u0160rndi\u0107","year":"2014"},{"key":"mlstabf834bib7","doi-asserted-by":"publisher","first-page":"62","DOI":"10.1007\/978-3-319-66399-9_4","article-title":"Adversarial examples for malware detection","author":"Grosse","year":"2017"},{"key":"mlstabf834bib8","first-page":"6977","author":"Cisse","year":"2017"},{"key":"mlstabf834bib9","doi-asserted-by":"publisher","first-page":"39","DOI":"10.1109\/sp.2017.49","author":"Carlini","year":"2017"},{"key":"mlstabf834bib10","article-title":"Decision-based adversarial attacks: reliable attacks against black-box machine learning models","author":"Brendel","year":"2018"},{"key":"mlstabf834bib11","article-title":"Generating natural adversarial examples","author":"Zhao","year":"2018"},{"key":"mlstabf834bib12","article-title":"Transferability in machine learning: from phenomena to black-box attacks using adversarial samples","author":"Papernot","year":"2016"},{"key":"mlstabf834bib13","doi-asserted-by":"publisher","first-page":"3","DOI":"10.1145\/3128572.3140444","author":"Carlini","year":"2017b"},{"key":"mlstabf834bib14","article-title":"MagNet and \u201cEfficient defenses against adversarial attacks\u201d are not robust to adversarial examples","author":"Carlini","year":"2017c"},{"key":"mlstabf834bib15","article-title":"Towards deep learning models resistant to adversarial attacks","author":"Madry","year":"2018"},{"key":"mlstabf834bib16","first-page":"1186","author":"Fawzi","year":"2018"},{"key":"mlstabf834bib17","doi-asserted-by":"crossref","DOI":"10.1007\/978-3-319-94042-7_11","article-title":"Adversarial attacks and defences competition","author":"Kurakin","year":"2018"},{"key":"mlstabf834bib18","article-title":"Adversarial examples, uncertainty, and transfer testing robustness in Gaussian process hybrid deep networks","author":"Bradshaw","year":"2017"},{"key":"mlstabf834bib19","article-title":"How wrong am I? \u2014studying adversarial examples and their impact on uncertainty in Gaussian process machine learning models","author":"Grosse","year":"2017b"},{"key":"mlstabf834bib20","first-page":"2672","volume":"vol 27","author":"Goodfellow","year":"2014"},{"key":"mlstabf834bib21","doi-asserted-by":"publisher","first-page":"505","DOI":"10.1038\/s41586-019-1666-5","article-title":"Quantum supremacy using a programmable superconducting processor","volume":"574","author":"Arute","year":"2019","journal-title":"Nature"},{"key":"mlstabf834bib22","doi-asserted-by":"publisher","first-page":"1460","DOI":"10.1126\/science.abe8770","article-title":"Quantum computational advantage using photons","volume":"370","author":"Zhong","year":"2020","journal-title":"Science"},{"key":"mlstabf834bib23","doi-asserted-by":"publisher","first-page":"2805","DOI":"10.1109\/TNNLS.2018.2886017","article-title":"Adversarial examples: attacks and defenses for deep learning","volume":"30","author":"Yuan","year":"2019","journal-title":"IEEE Trans. Neural Netw. Learn. Syst."},{"key":"mlstabf834bib24","doi-asserted-by":"publisher","first-page":"1735","DOI":"10.1162\/neco.1997.9.8.1735","article-title":"Long short-term memory","volume":"9","author":"Hochreiter","year":"1997","journal-title":"Neural Comput."},{"key":"mlstabf834bib25","first-page":"1319","volume":"vol 28","author":"Goodfellow","year":"2013"},{"key":"mlstabf834bib26","doi-asserted-by":"publisher","first-page":"2146","DOI":"10.1109\/iccv.2009.5459469","article-title":"What is the best multi-stage architecture for object recognition?","author":"Jarrett","year":"2009"},{"key":"mlstabf834bib27","first-page":"2266","volume":"vol 30","author":"Hein","year":"2017"},{"key":"mlstabf834bib28","doi-asserted-by":"publisher","first-page":"399","DOI":"10.1109\/EuroSP.2018.00035","article-title":"SoK: security and privacy in machine learning","author":"Papernot","year":"2018"},{"key":"mlstabf834bib29","article-title":"On the (statistical) detection of adversarial examples","author":"Grosse","year":"2017c"},{"key":"mlstabf834bib30","article-title":"Deep neural networks as Gaussian processes","author":"Lee","year":"2018"},{"key":"mlstabf834bib31","author":"Murphy","year":"2012"},{"key":"mlstabf834bib32","first-page":"789","article-title":"On the convergence properties of contrastive divergence","author":"Sutskever","year":"2010"},{"key":"mlstabf834bib33","doi-asserted-by":"publisher","first-page":"1064","DOI":"10.1145\/1390156.1390290","article-title":"Training restricted Boltzmann machines using approximations to the likelihood gradient","author":"Tieleman","year":"2008"},{"key":"mlstabf834bib34","doi-asserted-by":"publisher","first-page":"1033","DOI":"10.1145\/1553374.1553506","article-title":"Using fast weights to improve persistent contrastive divergence","author":"Tieleman","year":"2009"},{"key":"mlstabf834bib35","doi-asserted-by":"publisher","first-page":"3241","DOI":"10.1088\/0305-4470\/15\/10\/028","article-title":"On the computational complexity of Ising spin glass models","volume":"15","author":"Barahona","year":"1982","journal-title":"J. Phys. A: Math. Gen."},{"key":"mlstabf834bib36","doi-asserted-by":"publisher","DOI":"10.1088\/2632-2153\/abe807","article-title":"Efficient training of energy-based models via spin-glass control","volume":"2","author":"Pozas-Kerstjens","year":"2021","journal-title":"Mach. Learn.: Sci. Technol."},{"key":"mlstabf834bib37","doi-asserted-by":"publisher","first-page":"451","DOI":"10.1209\/0295-5075\/19\/6\/002","article-title":"Simulated tempering: a new Monte Carlo scheme","volume":"19","author":"Marinari","year":"1992","journal-title":"EPL"},{"key":"mlstabf834bib38","first-page":"145","volume":"vol 9","author":"Desjardins","year":"2010"},{"key":"mlstabf834bib39","doi-asserted-by":"publisher","first-page":"1967","DOI":"10.1162\/NECO_a_00311","article-title":"An efficient learning procedure for deep Boltzmann machines","volume":"24","author":"Salakhutdinov","year":"2012","journal-title":"Neural Comput."},{"key":"mlstabf834bib40","doi-asserted-by":"publisher","DOI":"10.1103\/PhysRevX.4.021041","article-title":"Entanglement in a quantum annealing processor","volume":"4","author":"Lanting","year":"2014","journal-title":"Phys. Rev. X"},{"key":"mlstabf834bib41","doi-asserted-by":"publisher","DOI":"10.1103\/PhysRevX.6.031015","article-title":"What is the computational value of finite range tunneling?","volume":"6","author":"Denchev","year":"2016","journal-title":"Phys. Rev. X"},{"key":"mlstabf834bib42","article-title":"Benchmarking quantum hardware for training of fully visible Boltzmann machines","author":"Korenkevych","year":"2016"},{"key":"mlstabf834bib43","article-title":"Boltzmann encoded adversarial machines","author":"Fisher","year":"2018"},{"key":"mlstabf834bib44","doi-asserted-by":"publisher","DOI":"10.1103\/PhysRevX.7.041052","article-title":"Quantum-assisted learning of hardware-embedded probabilistic graphical models","volume":"7","author":"Benedetti","year":"2017","journal-title":"Phys. Rev. X"},{"key":"mlstabf834bib45","doi-asserted-by":"publisher","DOI":"10.1088\/2058-9565\/aabd98","article-title":"Quantum-assisted Helmholtz machines: a quantum\u2014classical deep learning framework for industrial datasets in near-term devices","volume":"3","author":"Benedetti","year":"2018","journal-title":"Quantum Sci. Technol."},{"key":"mlstabf834bib46","doi-asserted-by":"publisher","DOI":"10.1103\/PhysRevX.8.021050","article-title":"Quantum Boltzmann machine","volume":"8","author":"Amin","year":"2018","journal-title":"Phys. Rev. X"},{"key":"mlstabf834bib47","article-title":"A practical heuristic for finding graph minors","author":"Cai","year":"2014"},{"key":"mlstabf834bib48","article-title":"Mitigating adversarial effects through randomization","author":"Xie","year":"2018"},{"key":"mlstabf834bib49","doi-asserted-by":"publisher","first-page":"18","DOI":"10.14722\/ndss.2018.23198","article-title":"Feature squeezing: detecting adversarial examples in deep neural networks","author":"Xu","year":"2018"},{"key":"mlstabf834bib50","author":"Pozas-Kerstjens","year":"2018"},{"key":"mlstabf834bib51","article-title":"Ensemble adversarial training: attacks and defenses","author":"Tram\u00e8r","year":"2018"},{"key":"mlstabf834bib52","article-title":"Foolbox: APython toolbox to benchmark the robustness of machine learning models","author":"Rauber","year":"2017"},{"key":"mlstabf834bib53","doi-asserted-by":"publisher","first-page":"41","DOI":"10.1007\/s42484-019-00004-7","article-title":"Bayesian deep learning on a quantum computer","author":"Zhao","year":"2019","journal-title":"Quantum Mach. Intell."},{"key":"mlstabf834bib54","doi-asserted-by":"publisher","first-page":"3770","DOI":"10.1038\/s41467-019-11786-6","article-title":"A critique of pure learning and what artificial neural networks can learn from animal brains","volume":"10","author":"Zador","year":"2019","journal-title":"Nat. Commun."},{"key":"mlstabf834bib55","article-title":"Optimal provable robustness of quantum classification via quantum hypothesis testing","author":"Weber","year":"2020"},{"key":"mlstabf834bib56","article-title":"Quantum neural network: optical neural networks operating at the quantum limit","author":"","year":"2017"},{"key":"mlstabf834bib57","article-title":"Quantum computing and AI start a new era","author":"","year":"2017"}],"container-title":["Machine Learning: Science and Technology"],"original-title":[],"link":[{"URL":"https:\/\/iopscience.iop.org\/article\/10.1088\/2632-2153\/abf834","content-type":"text\/html","content-version":"am","intended-application":"text-mining"},{"URL":"https:\/\/iopscience.iop.org\/article\/10.1088\/2632-2153\/abf834\/pdf","content-type":"application\/pdf","content-version":"am","intended-application":"text-mining"},{"URL":"https:\/\/iopscience.iop.org\/article\/10.1088\/2632-2153\/abf834","content-type":"text\/html","content-version":"vor","intended-application":"text-mining"},{"URL":"https:\/\/iopscience.iop.org\/article\/10.1088\/2632-2153\/abf834\/pdf","content-type":"application\/pdf","content-version":"vor","intended-application":"text-mining"},{"URL":"https:\/\/iopscience.iop.org\/article\/10.1088\/2632-2153\/abf834\/pdf","content-type":"application\/pdf","content-version":"am","intended-application":"syndication"},{"URL":"https:\/\/iopscience.iop.org\/article\/10.1088\/2632-2153\/abf834\/pdf","content-type":"application\/pdf","content-version":"vor","intended-application":"syndication"},{"URL":"https:\/\/iopscience.iop.org\/article\/10.1088\/2632-2153\/abf834\/pdf","content-type":"application\/pdf","content-version":"am","intended-application":"similarity-checking"},{"URL":"https:\/\/iopscience.iop.org\/article\/10.1088\/2632-2153\/abf834\/pdf","content-type":"application\/pdf","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2021,12,12]],"date-time":"2021-12-12T17:49:18Z","timestamp":1639331358000},"score":1,"resource":{"primary":{"URL":"https:\/\/iopscience.iop.org\/article\/10.1088\/2632-2153\/abf834"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2021,7,15]]},"references-count":57,"journal-issue":{"issue":"4","published-online":{"date-parts":[[2021,7,15]]},"published-print":{"date-parts":[[2021,12,1]]}},"URL":"https:\/\/doi.org\/10.1088\/2632-2153\/abf834","relation":{},"ISSN":["2632-2153"],"issn-type":[{"value":"2632-2153","type":"electronic"}],"subject":[],"published":{"date-parts":[[2021,7,15]]},"assertion":[{"value":"Defence against adversarial attacks using classical and quantum-enhanced Boltzmann machines\n                  \u2020","name":"article_title","label":"Article Title"},{"value":"Machine Learning: Science and Technology","name":"journal_title","label":"Journal Title"},{"value":"paper","name":"article_type","label":"Article Type"},{"value":"\u00a9 2021 The Author(s). Published by IOP Publishing Ltd","name":"copyright_information","label":"Copyright Information"},{"value":"2020-12-21","name":"date_received","label":"Date Received","group":{"name":"publication_dates","label":"Publication dates"}},{"value":"2021-03-30","name":"date_accepted","label":"Date Accepted","group":{"name":"publication_dates","label":"Publication dates"}},{"value":"2021-07-15","name":"date_epub","label":"Online publication date","group":{"name":"publication_dates","label":"Publication dates"}}]}}