Quantum Leap in Cybersecurity: Enhancing Botnet Detection with Hybrid Quantum Machine Learning

By Muhammad OsamaReviewed by Susha Cheriyedath, M.Sc.Jan 26 2024

In an article published in the journal Scientific Reports, researchers from the UK, Germany, USA, and Canada developed a quantum-enhanced cybersecurity analytics framework using hybrid quantum machine learning (ML) algorithms for botnet detection. Their technique leverages quantum computing to identify malicious domain names generated by domain generation algorithms (DGAs), thereby enhancing cybersecurity. The research also introduced a novel quantum-enhanced Hoeffding tree classifier (QHTC), which outperformed existing quantum binary classifiers in terms of speed, accuracy, and stability.

Background

ML is a field of artificial intelligence that enables automated data analysis and pattern recognition. Quantum ML is a field that combines quantum computing and ML to devise innovative algorithms that can potentially outperform their classical counterparts in several tasks such as malware classification, intrusion detection, and anomaly detection. Quantum computing relies on the distinctive properties of quantum systems, such as superposition and entanglement. They can perform complex computations at an exponentially faster speed compared to traditional computers.

Cybersecurity is a field that involves the protection of information systems and networks from cyber threats. One of the applications of ML in cybersecurity is botnet detection. A botnet is a network of compromised or hijacked devices controlled by malicious actors to launch cyberattacks, such as distributed denial-of-service (DDoS) attacks, spamming, phishing, and stealing sensitive information. They often use DGAs to generate random and dynamic domain names for their command-and-control servers, making them hard to detect and block by traditional cybersecurity methods. Therefore, there is a need for more advanced and proactive cybersecurity analytics techniques that can identify and mitigate botnet threats.

About the Research

In the present paper, the authors proposed an innovative approach to improve the efficiency and effectiveness of botnet detection methods by using quantum ML algorithms. They designed a stable quantum architecture that enables the execution of hybrid quantum ML (HQML) algorithms on real quantum devices and real-device-based simulations. Moreover, they introduced new hybrid quantum binary classifiers (HQBCs) based on Hoeffding decision tree algorithms, which speed up the process.

The Hoeffding tree algorithm is a generation algorithm for incremental decision trees that applies the Hoeffding bound, which guarantees the generation of an asymptotically arbitrarily similar incremental version of a decision tree compared to its non-incremental version. The authors presented a quantum-modified version of this algorithm, called the QHTC, which applies a quantum feature map to the input data and reduces the number of shots required on real quantum devices compared to conventional loop-based optimizers.

The researchers conducted experiments using the Qiskit library with the Aer quantum simulator and three quantum devices from Azure Quantum: IonQ, Rigetti, and Quantinuum. They used the Institute of Electrical and Electronics Engineers (IEEE) botnet DGA dataset, which consists of domain names generated by 10 botnet families and Alexa, a popular website ranking service.

Additionally, they extracted seven features from the domain names, such as character length, entropy value, relative entropy, information radius, tree new feature, and reputation. Moreover, various HQBCs have been applied to classify the domain names as benign or malicious and compare their performance with classical ML methods, such as support vector machines (SVMs), k-nearest neighbors (KNNs), and decision trees.

Research Findings

The outcomes showed that the newly introduced method was able to process a maximum of 5000 data samples on real-device-based simulations, achieving an average accuracy of 91.2% and a final-round accuracy of 100%, all within a total computation time of 1687 s. This is a significant improvement over past research. The technique also managed to process 100 data samples on real quantum devices with an accuracy of 59.0%.

The authors compared the performance of their quantum ML method with the classical ML technique on the same dataset. They found that their method outperformed the classical methods in terms of accuracy, precision, recall, and F1 score. The quantum method also highlighted better scalability and robustness, as it was able to handle larger data samples and different quantum devices without compromising the quality of the results.

The study suggested that the proposed method could be extended to other cybersecurity applications, such as intrusion detection, malware classification, and anomaly detection. This technique can also be applied to other domains that involve large-scale data streaming and classification, such as natural language processing, computer vision, and bioinformatics.

Conclusion

In summary, the novel algorithm is effective, efficient, and scalable for botnet detection and preventing cyberattacks. It achieved superior accuracy and execution time on real device-based simulations compared to the previously used algorithms.

The authors demonstrated that the designed methodology is a stable quantum architecture and new HQBCs based on Hoeffding decision tree algorithms. They represented that their approach can be integrated with a robust security information and event management (SIEM) system like Azure Sentinel to monitor network activity, promptly identify resource use or network traffic changes, and address threats.

The researchers acknowledged limitations and challenges such as sample size, time constraints, selection bias, and ethical issues. They suggested that future research should use larger and more diverse datasets and more reliable and accessible quantum platforms and conduct a thorough ethical analysis of their framework.