Journal of Information Processing
Online ISSN : 1882-6652
ISSN-L : 1882-6652
Adversarial Robustness in Hybrid Quantum-Classical Deep Learning for Botnet DGA Detection
Hatma SuryotrisongkoYasuo MusashiAkio TsunedaKenichi Sugitani
Author information
Keywords: adversarial defense, adversarial ML, adversarial training, computer security, cybersecurity, quantum adversarial machine learning, quantum computing, quantum deep learning
JOURNAL FREE ACCESS

2022 Volume 30 Pages 636-644

Details
Download PDF (1697K)
Download citation RIS

(compatible with EndNote, Reference Manager, ProCite, RefWorks)

BIB TEX

(compatible with BibDesk, LaTeX)

Text
How to download citation
Contact us
Abstract

This paper aims to contribute to the adversarial defense research gap in the current state-of-the-art of adversarial machine learning (ML) attacks and defense. More specifically, it contributes to the metric measurement of the robustness of artificial intelligence (AI)/ML models against adversarial example attacks, which currently remains an open question in the cybersecurity domain and to an even greater extent for quantum computing-based AI/ML applications. We propose a new adversarial robustness measurement approach which measures the statistical properties (such as the average of the accuracies and t-test results) from the performance results of quantum ML model experiments involving various adversarial perturbation coefficients (attack strength) values. We argue that our proposed approach is suitable for practical use in realizing a quantum-safe world because, in the current noisy intermediate-scale quantum devices (NISQs) era, quantum noise is complex and challenging to model and therefore complicates the measurement task or benchmarking. The second contribution of our study is the novel hardened hybrid quantum-classical deep learning (DL) model for botnet domain generation algorithm (DGA) detection, employing a model hardening adversarial training technique for mitigating new types of unknown DGA adversaries since new cyberattack approaches from the cyber arms race need to be anticipated. Our analysis shows the vulnerability of the hybrid quantum DL model to adversarial example attacks by as much as a 19% average drop in accuracy. We also found the superior performance of our hardened model obtained average accuracy gains as high as 5.9%. Furthermore, we found that the hybrid quantum-classical DL approach gives the benefit of suppressing the negative impact of quantum noises on the classifier's performance. We demonstrated how to apply our proposed measurement approach in evaluating our novel hybrid quantum DL model and highlighted the adversarial robustness of our model against adversarial example attacks as evidence of the practical implication of our study towards advancing the state of quantum adversarial machine learning research for the quantum-safe world.

Content from these authors
© 2022 by the Information Processing Society of Japan
Previous article Next article
Favorites & Alerts

Recently viewed articles
Share this page
feedback
 Top