Quantum Autoencoders for Anomaly Detection in Cybersecurity

TL;DR

This paper demonstrates that Quantum Autoencoders can outperform classical autoencoders in cybersecurity anomaly detection, especially in data-limited scenarios, by leveraging quantum encoding techniques.

Contribution

It introduces the application of Quantum Autoencoders for cybersecurity anomaly detection and compares their performance with classical autoencoders across various encoding strategies.

Findings

QAE with Dense-Angle encoding outperforms CAE in F1 score (0.87 vs 0.77).

QAEs perform well with fewer training samples, showing data efficiency.

Quantum encoding and feature selection significantly impact model performance.

Abstract

Anomaly detection in cybersecurity is a challenging task, where normal events far outnumber anomalous ones with new anomalies occurring frequently. Classical autoencoders have been used for anomaly detection, but struggles in data-limited settings which quantum counterparts can potentially overcome. In this work, we apply Quantum Autoencoders (QAEs) for anomaly detection in cybersecurity, specifically on the BPF-extended tracking honeypot (BETH) dataset. QAEs are evaluated across multiple encoding techniques, ansatz types, repetitions, and feature selection strategies. Our results demonstrate that an 8-feature QAE using Dense-Angle encoding with a RealAmplitude ansatz can outperform Classical Autoencoders (CAEs), even when trained on substantially fewer samples. The effects of quantum encoding and feature selection for developing quantum models are demonstrated and discussed. In a data-limited setting, the best performing QAE model has a F1 score of 0.87, better than that of CAE (0.77). These findings suggest that QAEs may offer practical advantages for anomaly detection in data-limited scenarios.