Resumen
Machine learning has been applied in continuous-variable quantum key distribution (CVQKD) systems to address the growing threat of quantum hacking attacks. However, the use of machine learning algorithms for detecting these attacks has uncovered a vulnerability to adversarial disturbances that can compromise security. By subtly perturbing the detection networks used in CVQKD, significant misclassifications can occur. To address this issue, we utilize an adversarial sample defense method based on non-negative matrix factorization (NMF), considering the nonlinearity and high-dimensional nature of CVQKD data. Specifically, we employ the Kernel Robust Manifold Non-negative Matrix Factorization (KRMNMF) algorithm to reconstruct input samples, reducing the impact of adversarial perturbations. Firstly, we extract attack features against CVQKD by considering the adversary known as Eve. Then, we design an Artificial Neural Network (ANN) detection model to identify these attacks. Next, we introduce adversarial perturbations into the data generated by Eve. Finally, we use the KRMNMF decomposition to extract features from CVQKD data and mitigate the influence of adversarial perturbations through reconstruction. Experimental results demonstrate that the application of KRMNMF can effectively defend against adversarial attacks to a certain extent. The accuracy of KRMNMF surpasses the commonly used Comdefend method by 32.2% and the JPEG method by 30.8%. Moreover, it exhibits an improvement of 20.8% compared to NMF and outperforms other NMF-related algorithms in terms of classification accuracy. Moreover, it can complement other defense strategies, thus enhancing the overall defensive capabilities of CVQKD systems.