SHAP-based intrusion detection in IoT networks using quantum neural networks on IonQ hardware

IF 3.4 3区计算机科学 Q1 COMPUTER SCIENCE, THEORY & METHODS

Journal of Parallel and Distributed Computing Pub Date : 2025-06-13 DOI:10.1016/j.jpdc.2025.105133

K Rajkumar, S. Mercy Shalinie

{"title":"SHAP-based intrusion detection in IoT networks using quantum neural networks on IonQ hardware","authors":"K Rajkumar, S. Mercy Shalinie","doi":"10.1016/j.jpdc.2025.105133","DOIUrl":null,"url":null,"abstract":"<div><div>Securing IoT networks against cyber-attacks, especially Distributed Denial of Service (DDoS) attacks, is a growing challenge due to their ability to disrupt services and overwhelm network resources. This study introduces a novel post-processing methodology that integrates Explainable AI (XAI) with Quantum Neural Networks (QNN) to enhance the interpretability of DDoS attack detection. We utilize the CICFlowMeter tool for feature extraction, processing bidirectional network traffic data and generating up to 87 distinct features. Notably, the CICFlowMeter removes potentially tampered features such as IP addresses and ports to prevent manipulation, addressing the limitations associated with the use of these features in the presence of attackers. After a QNN generates expectation values for a given input, SHAP (SHapley Additive exPlanations) values are applied to interpret the contributions of individual features in the decision-making process. Although the QNN output indicates whether a network flow is benign or malicious, the quantum model's complexity makes it difficult to interpret. By using SHAP values, we identify which features such as IP addresses, ports, and traffic patterns significantly influence the QNN’s classification, providing human-understandable explanations for the model's predictions. For evaluation, we used the CIC-IoT 2022and proposed SDN-DDoS24 datasets, with SDN-DDoS24 outperforming others when integrated with the proposed methodology. The QNN was implemented on IonQ quantum hardware through Amazon Braket, achieving an expectation value of 0.98 with a low latency of 113 milliseconds, making it suitable for applications requiring both precision and speed. This study demonstrates that integrating XAI with QNN not only improves DDoS attack detection accuracy but also enhances transparency, making the model more trustworthy for real-world cybersecurity applications. By offering clear explanations of model behavior, the approach ensures that security experts can make informed decisions based on the quantum-enhanced detection system, improving its reliability and usability in dynamic network environments.</div></div>","PeriodicalId":54775,"journal":{"name":"Journal of Parallel and Distributed Computing","volume":"204 ","pages":"Article 105133"},"PeriodicalIF":3.4000,"publicationDate":"2025-06-13","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"0","resultStr":null,"platform":"Semanticscholar","paperid":null,"PeriodicalName":"Journal of Parallel and Distributed Computing","FirstCategoryId":"94","ListUrlMain":"https://www.sciencedirect.com/science/article/pii/S0743731525001005","RegionNum":3,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"Q1","JCRName":"COMPUTER SCIENCE, THEORY & METHODS","Score":null,"Total":0}

引用次数: 0

Abstract

Securing IoT networks against cyber-attacks, especially Distributed Denial of Service (DDoS) attacks, is a growing challenge due to their ability to disrupt services and overwhelm network resources. This study introduces a novel post-processing methodology that integrates Explainable AI (XAI) with Quantum Neural Networks (QNN) to enhance the interpretability of DDoS attack detection. We utilize the CICFlowMeter tool for feature extraction, processing bidirectional network traffic data and generating up to 87 distinct features. Notably, the CICFlowMeter removes potentially tampered features such as IP addresses and ports to prevent manipulation, addressing the limitations associated with the use of these features in the presence of attackers. After a QNN generates expectation values for a given input, SHAP (SHapley Additive exPlanations) values are applied to interpret the contributions of individual features in the decision-making process. Although the QNN output indicates whether a network flow is benign or malicious, the quantum model's complexity makes it difficult to interpret. By using SHAP values, we identify which features such as IP addresses, ports, and traffic patterns significantly influence the QNN’s classification, providing human-understandable explanations for the model's predictions. For evaluation, we used the CIC-IoT 2022and proposed SDN-DDoS24 datasets, with SDN-DDoS24 outperforming others when integrated with the proposed methodology. The QNN was implemented on IonQ quantum hardware through Amazon Braket, achieving an expectation value of 0.98 with a low latency of 113 milliseconds, making it suitable for applications requiring both precision and speed. This study demonstrates that integrating XAI with QNN not only improves DDoS attack detection accuracy but also enhances transparency, making the model more trustworthy for real-world cybersecurity applications. By offering clear explanations of model behavior, the approach ensures that security experts can make informed decisions based on the quantum-enhanced detection system, improving its reliability and usability in dynamic network environments.

查看原文本刊更多论文

在IonQ硬件上使用量子神经网络的物联网网络中基于shap的入侵检测

保护物联网网络免受网络攻击，特别是分布式拒绝服务（DDoS）攻击，是一项日益严峻的挑战，因为它们能够破坏服务并压倒网络资源。本研究介绍了一种新的后处理方法，该方法将可解释人工智能（XAI）与量子神经网络（QNN）相结合，以增强DDoS攻击检测的可解释性。我们利用CICFlowMeter工具进行特征提取，处理双向网络流量数据，并生成多达87个不同的特征。值得注意的是，CICFlowMeter删除了潜在的篡改功能，如IP地址和端口，以防止操作，解决了在攻击者存在的情况下使用这些功能的限制。在QNN为给定输入生成期望值后，应用SHapley加性解释（SHapley Additive explanation）值来解释决策过程中各个特征的贡献。尽管QNN的输出表明网络流是良性的还是恶意的，但量子模型的复杂性使其难以解释。通过使用SHAP值，我们确定哪些特征（如IP地址、端口和流量模式）显著影响QNN的分类，为模型的预测提供人类可以理解的解释。为了进行评估，我们使用了CIC-IoT 2022和建议的SDN-DDoS24数据集，其中SDN-DDoS24在与建议的方法集成时优于其他数据集。该QNN通过Amazon rack在IonQ量子硬件上实现，实现了0.98的期望值和113毫秒的低延迟，使其适合同时要求精度和速度的应用。该研究表明，将XAI与QNN集成不仅可以提高DDoS攻击检测的准确性，还可以增强透明度，使模型在现实世界的网络安全应用中更值得信赖。通过提供模型行为的清晰解释，该方法确保安全专家能够根据量子增强检测系统做出明智的决策，提高其在动态网络环境中的可靠性和可用性。

本文章由计算机程序翻译，如有差异，请以英文原文为准。

求助全文

约1分钟内获得全文求助全文

来源期刊

Journal of Parallel and Distributed Computing 工程技术-计算机：理论方法

CiteScore

10.30

自引率

2.60%

发文量

172

审稿时长

12 months

期刊介绍： This international journal is directed to researchers, engineers, educators, managers, programmers, and users of computers who have particular interests in parallel processing and/or distributed computing. The Journal of Parallel and Distributed Computing publishes original research papers and timely review articles on the theory, design, evaluation, and use of parallel and/or distributed computing systems. The journal also features special issues on these topics; again covering the full range from the design to the use of our targeted systems.