{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2026,4,22]],"date-time":"2026-04-22T04:28:15Z","timestamp":1776832095120,"version":"3.51.2"},"publisher-location":"New York, NY, USA","reference-count":26,"publisher":"ACM","license":[{"start":{"date-parts":[[2026,6,29]],"date-time":"2026-06-29T00:00:00Z","timestamp":1782691200000},"content-version":"vor","delay-in-days":365,"URL":"http:\/\/www.acm.org\/publications\/policies\/copyright_policy#Background"}],"funder":[{"DOI":"10.13039\/100000001","name":"National Science Foundation","doi-asserted-by":"publisher","award":["2129675, 2210963, 2040667, 1821766, 2113839"],"award-info":[{"award-number":["2129675, 2210963, 2040667, 1821766, 2113839"]}],"id":[{"id":"10.13039\/100000001","id-type":"DOI","asserted-by":"publisher"}]},{"DOI":"10.13039\/100002418","name":"Intel Corporation","doi-asserted-by":"publisher","id":[{"id":"10.13039\/100002418","id-type":"DOI","asserted-by":"publisher"}]}],"content-domain":{"domain":["dl.acm.org"],"crossmark-restriction":true},"short-container-title":[],"published-print":{"date-parts":[[2025,6,30]]},"DOI":"10.1145\/3716368.3735244","type":"proceedings-article","created":{"date-parts":[[2025,6,27]],"date-time":"2025-06-27T14:00:26Z","timestamp":1751032826000},"page":"976-981","update-policy":"https:\/\/doi.org\/10.1145\/crossmark-policy","source":"Crossref","is-referenced-by-count":7,"title":["Adversarial Data Poisoning Attack on Quantum Machine Learning in the NISQ Era"],"prefix":"10.1145","author":[{"ORCID":"https:\/\/orcid.org\/0000-0002-2140-6486","authenticated-orcid":false,"given":"Satwik","family":"Kundu","sequence":"first","affiliation":[{"name":"Computer Science and Engineering, Pennsylvania State University, State College, USA"}],"role":[{"role":"author","vocabulary":"crossref"}]},{"ORCID":"https:\/\/orcid.org\/0000-0001-8753-490X","authenticated-orcid":false,"given":"Swaroop","family":"Ghosh","sequence":"additional","affiliation":[{"name":"School of EECS, Pennsylvania State University, State College, USA"}],"role":[{"role":"author","vocabulary":"crossref"}]}],"member":"320","published-online":{"date-parts":[[2025,6,29]]},"reference":[{"key":"e_1_3_3_1_2_2","doi-asserted-by":"crossref","unstructured":"Amira Abbas et\u00a0al. 2021. The power of quantum neural networks. Nature Computational Science 1 6 (2021) 403\u2013409.","DOI":"10.1038\/s43588-021-00084-1"},{"key":"e_1_3_3_1_3_2","doi-asserted-by":"crossref","unstructured":"Shahnawaz Ahmed et\u00a0al. 2021. Quantum state tomography with conditional generative adversarial networks. Physical review letters 127 14 (2021) 140502.","DOI":"10.1103\/PhysRevLett.127.140502"},{"key":"e_1_3_3_1_4_2","doi-asserted-by":"publisher","DOI":"10.1109\/ICCAD51958.2021.9643516"},{"key":"e_1_3_3_1_5_2","unstructured":"Ville Bergholm et\u00a0al. 2018. Pennylane: Automatic differentiation of hybrid quantum-classical computations. arXiv preprint arXiv:https:\/\/arXiv.org\/abs\/1811.04968 (2018)."},{"key":"e_1_3_3_1_6_2","unstructured":"Battista Biggio Blaine Nelson and Pavel Laskov. 2012. Poisoning attacks against support vector machines. arXiv preprint arXiv:https:\/\/arXiv.org\/abs\/1206.6389 (2012)."},{"key":"e_1_3_3_1_7_2","doi-asserted-by":"publisher","DOI":"10.1109\/QCE57702.2023.00124"},{"key":"e_1_3_3_1_8_2","unstructured":"Atom Computing. 2023. Quantum startup Atom Computing first to exceed 1 000 qubits. Press Release. Accessed: Oct 28 (2023)."},{"key":"e_1_3_3_1_9_2","doi-asserted-by":"crossref","unstructured":"Yuxuan Du et\u00a0al. 2021. Quantum noise protects quantum classifiers against adversaries. Physical Review Research 3 2 (2021) 023153.","DOI":"10.1103\/PhysRevResearch.3.023153"},{"key":"e_1_3_3_1_10_2","doi-asserted-by":"crossref","unstructured":"Ferhat Erata et\u00a0al. 2024. Quantum Circuit Reconstruction from Power Side-Channel Attacks on Quantum Computer Controllers. arXiv preprint arXiv:https:\/\/arXiv.org\/abs\/2401.15869 (2024).","DOI":"10.46586\/tches.v2024.i2.735-768"},{"key":"e_1_3_3_1_11_2","unstructured":"Jay Gambetta. 2023. The hardware and software for the era of quantum utility is here."},{"key":"e_1_3_3_1_12_2","doi-asserted-by":"crossref","unstructured":"Kathrin Grosse Lukas Bieringer Tarek\u00a0R Besold Battista Biggio and Katharina Krombholz. 2023. Machine learning security in industry: A quantitative survey. IEEE Transactions on Information Forensics and Security 18 (2023) 1749\u20131762.","DOI":"10.1109\/TIFS.2023.3251842"},{"key":"e_1_3_3_1_13_2","doi-asserted-by":"crossref","unstructured":"Youngseok Kim et\u00a0al. 2023. Evidence for the utility of quantum computing before fault tolerance. Nature 618 7965 (2023) 500\u2013505.","DOI":"10.1038\/s41586-023-06096-3"},{"key":"e_1_3_3_1_14_2","unstructured":"Pang\u00a0Wei Koh et\u00a0al. 2022. Stronger data poisoning attacks break data sanitization defenses. Machine Learning (2022) 1\u201347."},{"key":"e_1_3_3_1_15_2","unstructured":"Satwik Kundu and Swaroop Ghosh. 2024. STIQ: Safeguarding Training and Inferencing of Quantum Neural Networks from Untrusted Cloud. arXiv preprint arXiv:https:\/\/arXiv.org\/abs\/2405.18746 (2024)."},{"key":"e_1_3_3_1_16_2","doi-asserted-by":"publisher","DOI":"10.1145\/3649476.3658806"},{"key":"e_1_3_3_1_17_2","doi-asserted-by":"crossref","unstructured":"Hannah Lange et\u00a0al. 2023. Adaptive quantum state tomography with active learning. Quantum 7 (2023) 1129.","DOI":"10.22331\/q-2023-10-09-1129"},{"key":"e_1_3_3_1_18_2","unstructured":"Alexander Levine and Soheil Feizi. 2021. Deep partition aggregation: Provable defense against general poisoning attacks. International Conference on Learning Representations (ICLR) (2021)."},{"key":"e_1_3_3_1_19_2","unstructured":"Yiwei Lu Gautam Kamath and Yaoliang Yu. 2022. Indiscriminate data poisoning attacks on neural networks. Transactions on Machine Learning Research (2022)."},{"key":"e_1_3_3_1_20_2","first-page":"22856","volume-title":"International Conference on Machine Learning","author":"Lu Yiwei","year":"2023","unstructured":"Yiwei Lu, Gautam Kamath, and Yaoliang Yu. 2023. Exploring the limits of model-targeted indiscriminate data poisoning attacks. In International Conference on Machine Learning. PMLR, 22856\u201322879."},{"key":"e_1_3_3_1_21_2","doi-asserted-by":"publisher","DOI":"10.1007\/978-3-030-13453-2_1"},{"key":"e_1_3_3_1_22_2","doi-asserted-by":"crossref","unstructured":"Maria Schuld Alex Bocharov Krysta\u00a0M Svore and Nathan Wiebe. 2020. Circuit-centric quantum classifiers. Physical Review A 101 3 (2020) 032308.","DOI":"10.1103\/PhysRevA.101.032308"},{"key":"e_1_3_3_1_23_2","doi-asserted-by":"crossref","unstructured":"Sukin Sim et\u00a0al. 2019. Expressibility and entangling capability of parameterized quantum circuits for hybrid quantum-classical algorithms. Advanced Quantum Technologies (2019).","DOI":"10.1002\/qute.201900070"},{"key":"e_1_3_3_1_24_2","unstructured":"Jacob Steinhardt et\u00a0al. 2017. Certified defenses for data poisoning attacks. Advances in neural information processing systems 30 (2017)."},{"key":"e_1_3_3_1_25_2","doi-asserted-by":"crossref","unstructured":"Rahim Taheri et\u00a0al. 2020. On defending against label flipping attacks on malware detection systems. Neural Computing and Applications 32 (2020) 14781\u201314800.","DOI":"10.1007\/s00521-020-04831-9"},{"key":"e_1_3_3_1_26_2","doi-asserted-by":"publisher","DOI":"10.1145\/3489517.3530495"},{"key":"e_1_3_3_1_27_2","doi-asserted-by":"publisher","DOI":"10.1109\/HPCA53966.2022.00057"}],"event":{"name":"GLSVLSI '25: Great Lakes Symposium on VLSI 2025","location":"New Orleans LA USA","acronym":"GLSVLSI '25","sponsor":["SIGDA ACM Special Interest Group on Design Automation"]},"container-title":["Proceedings of the Great Lakes Symposium on VLSI 2025"],"original-title":[],"link":[{"URL":"https:\/\/dl.acm.org\/doi\/abs\/10.1145\/3716368.3735244","content-type":"text\/html","content-version":"vor","intended-application":"syndication"}],"deposited":{"date-parts":[[2025,6,27]],"date-time":"2025-06-27T14:38:34Z","timestamp":1751035114000},"score":1,"resource":{"primary":{"URL":"https:\/\/dl.acm.org\/doi\/10.1145\/3716368.3735244"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2025,6,29]]},"references-count":26,"alternative-id":["10.1145\/3716368.3735244","10.1145\/3716368"],"URL":"https:\/\/doi.org\/10.1145\/3716368.3735244","relation":{},"subject":[],"published":{"date-parts":[[2025,6,29]]},"assertion":[{"value":"2025-06-29","order":3,"name":"published","label":"Published","group":{"name":"publication_history","label":"Publication History"}}]}}