Logo
ScienceStack
Table of Contents
Fetching ...
Sign In

Deep Anomaly Detection for Active Attacks on the Receiver in Quantum Key Distribution

Junxuan Liu, Bingcheng Huang, Jialei Su, Qingquan Peng, Anqi Huang

TL;DR

This work tackles active receiver-side attacks in quantum key distribution by introducing an unsupervised anomaly detection framework based on Deep SVDD. An MLP backbone learns a compact latent representation and minimizes the data-enclosing hypersphere to distinguish normal QKD operation from anomalies, enabling detection without knowledge of specific attack types. The model is trained exclusively on normal data and evaluated against two active attacks (calibration and muted) using two data streams: configuration/post-processing parameters and SPD timestamps, achieving AUCs around $99\%$ in balanced testing. The approach offers generality, low deployment cost, and compatibility with existing QKD infrastructures, reducing risk without adding hardware-induced side channels, and it holds promise for detecting previously unknown attacks in real-world deployments.

Abstract

Traditional countermeasures against attacks targeting the receiver in quantum key distribution (QKD) systems often suffer from poor compatibility with deployed infrastructure, the risk of introducing new vulnerabilities, and limited applicability to specific types of active attacks. In this work, we propose an anomaly detection (AD) model based on one-class machine learning to address active attacks targeting the receiver. By constructing a dataset from the QKD system's operational states, the AD model learns the characteristics of normal behavior under secure conditions. When an active attack occurs, the system's state deviates from the learned normal patterns and is identified as anomalous by the model. Experimental results show that the AD model achieves an area under the curve (AUC) exceeding 99%, effectively safeguarding the receiver of the QKD system. Compared to traditional approaches, our model can be deployed with minimal cost in existing QKD networks without requiring additional optical or electrical components, thus avoiding the introduction of new side channels. Furthermore, unlike multi-class machine learning algorithms, our approach does not rely on prior knowledge of specific attack types and is potentially able to detect unknown active attacks. These advantages-generality, ease of deployment, low cost, and high accuracy-make our model a practical and effective tool for protecting the receiver of QKD systems against active attacks.

Deep Anomaly Detection for Active Attacks on the Receiver in Quantum Key Distribution

TL;DR

This work tackles active receiver-side attacks in quantum key distribution by introducing an unsupervised anomaly detection framework based on Deep SVDD. An MLP backbone learns a compact latent representation and minimizes the data-enclosing hypersphere to distinguish normal QKD operation from anomalies, enabling detection without knowledge of specific attack types. The model is trained exclusively on normal data and evaluated against two active attacks (calibration and muted) using two data streams: configuration/post-processing parameters and SPD timestamps, achieving AUCs around in balanced testing. The approach offers generality, low deployment cost, and compatibility with existing QKD infrastructures, reducing risk without adding hardware-induced side channels, and it holds promise for detecting previously unknown attacks in real-world deployments.

Abstract

Traditional countermeasures against attacks targeting the receiver in quantum key distribution (QKD) systems often suffer from poor compatibility with deployed infrastructure, the risk of introducing new vulnerabilities, and limited applicability to specific types of active attacks. In this work, we propose an anomaly detection (AD) model based on one-class machine learning to address active attacks targeting the receiver. By constructing a dataset from the QKD system's operational states, the AD model learns the characteristics of normal behavior under secure conditions. When an active attack occurs, the system's state deviates from the learned normal patterns and is identified as anomalous by the model. Experimental results show that the AD model achieves an area under the curve (AUC) exceeding 99%, effectively safeguarding the receiver of the QKD system. Compared to traditional approaches, our model can be deployed with minimal cost in existing QKD networks without requiring additional optical or electrical components, thus avoiding the introduction of new side channels. Furthermore, unlike multi-class machine learning algorithms, our approach does not rely on prior knowledge of specific attack types and is potentially able to detect unknown active attacks. These advantages-generality, ease of deployment, low cost, and high accuracy-make our model a practical and effective tool for protecting the receiver of QKD systems against active attacks.

Paper Structure

This paper contains 9 sections, 6 equations, 4 figures, 3 tables.

Table of Contents

  1. Introduction
  2. Anomaly Detection Model Design and Dataset Construction
  3. Deep Support Vector Data Description and Neural Network Modeling
  4. Dataset Construction for Anomaly Detection
  5. Model Training and Performance Evaluation
  6. Discussion
  7. Conclusion
  8. Support Vector Data Description and Deep Support Vector Data Description
  9. The Area Under the Receiver Operating Characteristic Curve and Its Calculation

Figures (4)

  • Figure 1: The conceptual diagram of the AD model. Hollow circles represent the QKD system's states under secure conditions, while solid squares denote states generated under attack. These state parameters are extracted to form the dataset for anomaly detection. During training, the neural network learns only from normal data to construct a hypersphere that encloses their distribution. Any anomalous data falling outside this hypersphere is identified as abnormal, thus enabling effective anomaly detection.
  • Figure 2: AUC results obtained from 100 independent tests using the configuration parameters dataset. The dataset is constructed from the parameters of the calibration and post-processing stages, while the anomalous data were generated under the calibration attack. The black dots represent the actual AUC values obtained from each test, and the red dashed line indicates the average AUC across all 100 runs.
  • Figure 3: AUC results obtained from 100 independent tests using the dataset of SPD response timestamps. The dataset is constructed from the timestamps corresponding to SPD counts, with the anomalous data generated under the muted attack. The black square dots represent the AUC values obtained by testing the AD model trained on a dataset constructed using 100 SPD counts, while the black dashed line indicates the average AUC across the 100 tests. Similarly, the red circular dots and the green triangular dots (along with their corresponding dashed lines) represent the AUC values (and their averages across the 100 tests) when the dataset is constructed using 225 and 400 SPD counts, respectively.
  • Figure 4: Timestamp distributions under different numbers of detection events. (a)–(d) show the histogram of SPD timestamps within a 100ns cycle, using a bin size of 0.1ns, for total detection counts of $100$, $225$, $400$, and $4000$, respectively. The black histograms represent data collected under secure conditions, while the red histograms correspond to data collected under muted attack.