Cyber Threat Detection Enabled by Quantum Computing
Zisheng Chen, Zirui Zhu, Xiangyang Li
TL;DR
This work evaluates end-to-end quantum–classical threat detection pipelines under realistic budget and hardware constraints, using a compact MLP encoder coupled to either QSVM or VQC quantum heads for NSL-KDD intrusion detection and Ling-Spam spam filtering. By systematically varying qubit count, circuit depth, and framework, the study demonstrates that shallow, noise-aware quantum components can match or modestly improve classical baselines under tight feature budgets, with hardware results closely tracking simulator trends. The hardware validation, complemented by noise mitigation and careful preprocessing, highlights practical readiness and the key architectural choices that impact performance in near-term QML deployments for cybersecurity. Overall, the paper provides empirical benchmarks, a rigorous pipeline design, and actionable guidance for integrating quantum components into threat detection systems under current technological constraints.
Abstract
Threat detection models in cybersecurity must keep up with shifting traffic, strict feature budgets, and noisy hardware, yet even strong classical systems still miss rare or borderline attacks when the data distribution drifts. Small, near-term quantum processors are now available, but existing work rarely shows whether quantum components can improve end-to-end detection under these unstable, resource constrained conditions rather than just adding complexity. We address this gap with a hybrid architecture that uses a compact multilayer perceptron to compress security data and then routes a few features to 2-4 qubit quantum heads implemented as quantum support vector machines and variational circuits. Under matched preprocessing and training budgets, we benchmark these hybrids against tuned classical baselines on two security tasks, network intrusion detection on NSL-KDD and spam filtering on Ling-Spam datasets, and then deploy the best 4-qubit quantum SVM to an IBM Quantum device with noise-aware execution (readout mitigation and dynamical decoupling). Across both datasets, shallow quantum heads consistently match, and on difficult near-boundary cases modestly reduce, missed attacks and false alarms relative to classical models using the same features. Hardware results track simulator behavior closely enough that the remaining gap is dominated by device noise rather than model design. Taken together, the study shows that even on small, noisy chips, carefully engineered quantum components can already function as competitive, budget-aware elements in practical threat detection pipelines.