Advanced quantum neural network-link net based intrusion detection framework and enhanced blowfish cryptography for data security

Abstract

As cybersecurity threats evolve, it has become increasingly important to ensure data protection while successfully discovering intrusions. This paper introduces a novel Quantum Computation with Neural Networks for Intrusion Detection and Data Security (QCNN-IDDS) framework, which integrates advanced quantum computing and neural network techniques for intrusion detection and encryption. The framework uses a Quadratic Neural Network (QNN) to model complex, nonlinear relationships in data, improving intrusion detection performance. Data preprocessing is performed using the Double Normalization Technique (DNT), followed by feature extraction that incorporates statistical measures (e.g., mean, variance, skewness) to assess feature relevance. The detection process uses an Entropy Threshold Weighted Quantum Neural Network (ETW-QNN) and LinkNet to classify data as normal or abnormal. Data classified as normal is then encrypted using the Modulus-assisted Blowfish (MAB) algorithm, providing robust data security. Evaluation on UNSW-NB15 dataset demonstrates that the ETW-QNN model achieves a peak accuracy of 0.917, outperforming models like CNN + LSTM + GRU (0.747), LinkNet (0.742), EfficientNet (0.743), and ResNet (0.757), while DNN achieves the lowest accuracy at 0.730. The proposed framework offers significant improvements in both detection accuracy and data security compared to traditional methods. With its potential for high accuracy and low false positive rates, the QCNN-IDDS framework is expected to enhance the efficiency and reliability of real-world cybersecurity systems, paving the way for more robust, adaptive, and scalable solutions in dynamic and high-traffic environments.

Keywords

Intrusion detection system data security DNT ETW-QNN and MAB algorithm

1 Introduction

Interconnected computer systems are now widely used in everyday activities and organizational processes. This increased connectivity has also raised concerns about online privacy and user security.^1,2 Recent surveys report approximately 5.1 billion cyberattacks in 2021 and highlight a rise in high-impact and sophisticated attacks on critical frameworks worldwide. This alarming number underscores the urgent need to improve network security measures. ML^3,4 based NIDS are considered one of the most effective strategies for combating network attacks. However, maintaining the efficiency and effectiveness of ML-based NIDS^5,6 in the face of constantly evolving threats is a significant challenge. Developing an optimal framework for ML-based NIDS⁷ involves a continuous trade-off between efficiency and effectiveness; systems that excel in one aspect may not perform as well in the other.

NIDPS leverages ML to achieve accuracy levels that surpass those of traditional rule-based schemes. Advanced ML⁸ algorithms and powerful hardware accelerators are key components of modern IDS/IPS.^9,10 As ML¹¹ models advance, they demand greater processing power, leading to the development of hardware accelerators with increased computational capabilities. This enables the classification of high-capacity traffic in each session and enhances the accuracy of network intrusion detection.¹²

Rapid detection and containment of network intrusions are key to preventing further impact. However, current ML-based IDS/IPS systems identify intrusions only after a session has ended, using a 5-tuple like “source IP, destination IP, source port, destination port, protocol”, to define each session. In traffic segmented into sessions, statistical values from the start to the end of the session are used as features for the ML model,¹³ which then determines malicious activity on a per-session basis. Consequently, network intrusions are detected only after the session and the intrusion itself has concluded, which limits the effectiveness of this approach in providing timely network protection.

Various ML approaches have been explored and applied, to develop anomaly-based IDS. Two commonly used ML approaches in this field are: “1) Supervised Learning, which creates a mapping function from predefined input-output pairs, and 2) Unsupervised Learning, which enables a model to identify internal relationships autonomously”. Supervised learning is the most prevalent method in IDS,¹⁴ with techniques such as SVM, DT, KNN, and NB being frequently utilized. Unsupervised learning typically involves clustering algorithms like K-Means.

This method combines two or more learning techniques,¹⁵ such as integrating a signature-based method with an anomaly-based one or combining different types of anomaly-based methods. For instance, it might involve combining unsupervised and supervised ML techniques,^16,17 or using multiple supervised learning methods together. To improve the overall detection rate, the hybrid method's main objective is to balance the advantages of several learning algorithms. Additionally, it addresses dataset imbalances by reducing bias towards more frequent attacks. Consequently, the hybrid scheme is considered a promising strategy for tackling key challenges in IDS research. The ability of current machine learning (ML)-based intrusion detection systems (IDS) to handle complicated, nonlinear connections in data, as well as their dependence on predetermined attack signatures or labeled datasets, are frequently limitations. This includes both supervised and unsupervised learning techniques. Furthermore, sensitive data is left exposed in the case of an intrusion since these systems usually concentrate on intrusion detection without taking into account the simultaneous need for data encryption and security. Therefore, the goal of this work is to create a next-generation intrusion detection system (IDS) framework that, in addition to utilizing quantum-enhanced machine learning to achieve superior intrusion detection accuracy, also protects sensitive data, providing a cohesive solution for security and privacy in the face of changing cyberthreats. This paper proposes a novel Quantum Computation with Neural Network for Intrusion Detection and Data Security (QCNN-IDDS). One of the key contributions of this work is the DNT for normalizing the pre-processed data. This normalized data reduces the impact of extreme values on the data and scales the data more effectively. Also, it overcomes the issue of skewed results. The proposed ETW-QNN for effectively detecting anomalies, which enhances the training speed and prediction accuracy using the proposed threshold circuit that leads to less computational resources. Proposing MAB algorithm for encrypting the detected normal data. Blowfish is based on a strong Feistel network structure and has been extensively analyzed for security. Here, the F-function is modified for better security.

The organization of the paper is: Section 2 provides a detailed related works, synthesizing existing research on IDS. Section 3 outlines the developed methodology. Section 4 presents the results and discussion, where the effectiveness of the framework is evaluated through experiments and comparisons with existing methods. Section 5 discusses the conclusion.

2 Literature review

we can reorganize the studies based on the methodology used, grouping them into ML-based, hybrid models, and DL-based methods.

2.1 ML- based approaches

In 2020, Dutt, et al.¹⁸ The paper presented an intrusion detection system inspired by the natural immune system, comprising two main components: SMAD and AIAD. SMAD served as the first layer, representing IIS. It analyzed initial network traffic to identify vulnerabilities. AIAD functioned as the second layer, mimicking the Adaptive Immune System. It assessed network packet features, including T-cell and B-cell activity, to detect anomalies. Testing with real-time traffic and datasets showed that SMAD achieved up to 96.04% TPR, while AIAD improved detection accuracy for both user-based and file-based anomalies.

In 2022, Siddiqi and Pak,¹⁹ With the rise in advanced hacking methods, the demand for better network security solutions had grown. ML played a vital role in network intrusion detection, but optimizing these systems remained an ongoing issue. This study introduced a novel framework that combined image processing with feature selection. It initially streamlined feature selection to improve efficiency, then converted non-image data into images and enhanced these images for anomaly detection using DL.

In 2019, Zuniga-Mejia, et al.²⁰ The paper introduced an innovative intrusion detection method for reconfigurable network routing, grounded in linear systems theory. This method utilized the z-plane, a natural two-dimensional feature space, to identify routing attacks by examining system poles. The study presented two host-based IDS inspired by this approach and assessed them through a case study. Both techniques demonstrated high accuracy in detecting attacks without adding packet overhead, by analyzing information available locally.

In 2019, Tama, et al.²¹ An improved IDS was proposed that incorporated a hybrid feature selection strategy and a two-level classifier ensemble. The feature selection employed PSO, ACO, and GA to refine the UNSW-NB15 and NSL-KDD datasets, guided by the REPT classifier. The two-level ensemble used rotation forest and bagging meta-learners. The findings were further validated through a two-step statistical significance test, which enhanced the robustness of the results.

2.2 Hybrid models

In 2019, Khan, et al.²² The paper presented a hybrid anomaly detection model designed for ICS, focusing on the consistent communication patterns among ground devices. The methodology involved several steps: data preprocessing for standardization and scaling, dimensionality reduction to refine anomaly detection, and balancing the dataset using an edited NNRA. When evaluated using a vast dataset from the HML-IDS attained a 97% accuracy rate, surpassing the results of benchmark models.

In 2021, Wisanwanichthan and Thammawichai,²³ The paper introduced DLHA to address issues in intrusion detection. By analyzing attack characteristics and employing PCA to refine detection across various attack types. Comparative analysis with other studies using the NSL-KDD dataset demonstrated that DLHA significantly outperformed several advanced IDS techniques and individual ML classifiers.

2.3 DL-based approaches

In 2022 Kim and Pak,²⁴ have proposed a method that tackles the problem of classifying network intrusions and benign sessions by identifying patterns in packets that are not useful. It generates a new training dataset for GAN from misclassified data in the original training set, processed by an LSTM-DNN model. This approach, which integrates LSTM-DNN with a GAN-based validation system, allows for real-time intrusion detection without terminating sessions or delaying packet collection. Furthermore, experimental results showed that it can detect intrusions at an early stage, achieving detection performance on par with existing methods.

In 2021, Mora-Gimeno, et al.²⁵ The paper presented a unified IDS that combined multiple detection techniques to model the overall behavior of applications. By employing DNN, the system amalgamated the results of various detection methods. The findings indicated that the suggested model significantly enhanced detection rates and minimized false positives compared to individual techniques. The approach was validated on three datasets of varying complexities.

In 2022, Banaamah and Ahmad²⁶ explored deep learning methods for intrusion detection in IoT, comparing CNNs, LSTM, and GRUs. Using a standard dataset, the study evaluated these models and found that the suggested scheme obtained the maximum accuracy compared to existing approaches.

In 2023, Awajan et al.²⁷ introduced a novel DL-based intrusion detection system for IoT devices. Using a four-layer FC network, the system detected malicious traffic and was designed to be communication protocol-independent, simplifying deployment. It effectively identified “Blackhole, DDoS, Opportunistic Service, Sinkhole, and Workhole” attacks.

In 2024, Schrötter et al.²⁸ has employed a deep neural network model for intrusion detection was reproduced in order to assess the advantages and disadvantages of the machine-learning-based method. Our replicated research study's findings highlight a number of systematic issues with the evaluation techniques and datasets that were used. Even with minor traffic variations, a minimally configured signature-based intrusion detection system outperformed the tested model in our tests. The summary of related works are tabulated in Table 1.

Table 1.
Review of existing works in the area of Intrusion detection framework.

Author [Citation] Methodology Features Challenges

Dutt, et al.¹⁸ SMAD AIAD The AIAD model also achieved high TPR and lower FPR. Highly suspicious traffic identified by the SMAD model was further tested for vulnerabilities using the AIAD model.

Siddiqi and W. Pak,¹⁹ CNN The reduction in feature count within the framework leads to lower computational demands and maintains high precision. There is a significant challenge in developing methods capable of identifying attacks in live network traffic.

Zuniga-Mejia, et al.²⁰ Linear systems theory Both techniques achieved high attack detection accuracy without increasing packet overhead by analyzing information available locally. Determining the optimal number of input signals and identifying which specific ones lead to better detection accuracy remains an open challenge.

Khan, et al.²² HML-IDS NNRA It is capable of handling data samples that are both complex and hybrid in nature. A significant challenge for future work will be enhancing dimensionality reduction.

Kim and Pak,²⁴ LSTM DNN It can consistently deliver rapid detection speeds across different platforms. Since the proposed structure is not tied to a specific classifier, it allows for the use of any higher-accuracy machine learning model.

Wisanwanichthan and Thammawichai,²³ DLHA This approach is appropriate for real-time intrusion detection systems and is designed to protect critical network environments. A key challenge for future work will be applying this approach to datasets or network environments that may categorize attacks differently, such as those featuring more than four attack types.

Mora-Gimeno, et al.²⁵ DNN The proposed model achieved lower FPR and higher detection rates. A significant challenge is to explore the integration of extra detection methods to further enhance results and develop more effective ways of consolidating information within a single data structure.

Tama, et al.²¹ PSO ACO GA The proposed approach is highly effective. Need to tackle the challenge of validating the multi-class classification problem, where incoming network traffic must be categorized into normal or various attack groups.

Banaamah and Ahmad²⁶ DL It obtained better accuracy. Need to investigate additional datasets for intrusion detection on IoT devices.

Awajan et al.²⁷ DNN It accomplished optimal service quality with minimal focus on security. Need to explore the development of a platform-independent framework based on DL-based IDS for IoT networks.

Schrötter et al.²⁸ NN Achieved high Accuracy of performance. Need to runtime performance is important to judge the usability of a system.

Author [Citation]	Methodology	Features	Challenges
Dutt, et al.¹⁸	SMAD AIAD	The AIAD model also achieved high TPR and lower FPR.	Highly suspicious traffic identified by the SMAD model was further tested for vulnerabilities using the AIAD model.
Siddiqi and W. Pak,¹⁹	CNN	The reduction in feature count within the framework leads to lower computational demands and maintains high precision.	There is a significant challenge in developing methods capable of identifying attacks in live network traffic.
Zuniga-Mejia, et al.²⁰	Linear systems theory	Both techniques achieved high attack detection accuracy without increasing packet overhead by analyzing information available locally.	Determining the optimal number of input signals and identifying which specific ones lead to better detection accuracy remains an open challenge.
Khan, et al.²²	HML-IDS NNRA	It is capable of handling data samples that are both complex and hybrid in nature.	A significant challenge for future work will be enhancing dimensionality reduction.
Kim and Pak,²⁴	LSTM DNN	It can consistently deliver rapid detection speeds across different platforms.	Since the proposed structure is not tied to a specific classifier, it allows for the use of any higher-accuracy machine learning model.
Wisanwanichthan and Thammawichai,²³	DLHA	This approach is appropriate for real-time intrusion detection systems and is designed to protect critical network environments.	A key challenge for future work will be applying this approach to datasets or network environments that may categorize attacks differently, such as those featuring more than four attack types.
Mora-Gimeno, et al.²⁵	DNN	The proposed model achieved lower FPR and higher detection rates.	A significant challenge is to explore the integration of extra detection methods to further enhance results and develop more effective ways of consolidating information within a single data structure.
Tama, et al.²¹	PSO ACO GA	The proposed approach is highly effective.	Need to tackle the challenge of validating the multi-class classification problem, where incoming network traffic must be categorized into normal or various attack groups.
Banaamah and Ahmad²⁶	DL	It obtained better accuracy.	Need to investigate additional datasets for intrusion detection on IoT devices.
Awajan et al.²⁷	DNN	It accomplished optimal service quality with minimal focus on security.	Need to explore the development of a platform-independent framework based on DL-based IDS for IoT networks.
Schrötter et al.²⁸	NN	Achieved high Accuracy of performance.	Need to runtime performance is important to judge the usability of a system.

2.4 Problem statement

Current IDS solutions encounter challenges in seamlessly integrating advanced detection algorithms with comprehensive data security measures. Traditional IDS solutions have struggled to overcome several persistent challenges, including scalability, real-time responsiveness, and the adaptation to increasingly sophisticated attack methods. Many existing IDS frameworks are limited in their ability to efficiently handle large volumes of network data while maintaining high levels of accuracy. Moreover, integrating data security measures into the detection process itself often results in trade-offs between detection performance and data protection, making it difficult to achieve both objectives simultaneously. This framework aims to guarantee precise detection outcomes while safeguarding sensitive data throughout the entire detection and response lifecycle.

3 Methodology of intrusion detection framework

Ensuring the security of information systems is essential in the linked world of today. IDFs play a critical role in safeguarding these systems by continuously observing and evaluating system activity and network traffic in order to identify and neutralize possible security threats. An IDF is designed to identify unauthorized access, data breaches, and other malicious actions that could jeopardize the integrity, availability or confidentiality of sensitive information. Utilizing a blend of detection techniques, such as signature-based and anomaly-based approaches, along with sophisticated analysis and response strategies, an IDF offers proactive protection against emerging cyber threats. Its effectiveness is further strengthened by integrating thorough data collection, adaptive response capabilities and real-time analysis, enabling organizations to quickly resolve and address potential intrusions before they escalate into significant security issues. This paper proposes a novel Quantum Computation with Neural Network for Intrusion Detection and Data Security (QCNN-IDDS).

As illustrated in Figure 1, the process initiates with input data preparation, in which the Double Normalization Technique (DNT) is used to prepare the raw data for analysis. This step adjusts the data to a common scale, enhancing the efficiency of subsequent feature extraction. During feature extraction, various techniques are employed to identify significant attributes: “mutual information, raw feature, and information gain assess the relevance of features, while statistical features such as minimum, maximum, mean, median, standard deviation, variance, skewness, kurtosis, and moment”, provide detailed insights into the data distribution and characteristics. Following feature extraction, the data undergoes detection using advanced models like Entropy Threshold Weighted-based Quantum Neural Networks (ETW-QNN) and LinkNet, which analyze the features to classify the data as either ‘normal or abnormal’. If the data is classified as normal, it is then subjected to data encryption using the Modulus-assisted Blowfish (MAB) algorithm, ensuring its security through robust encryption methods. This structured flow effectively prepares, analyzes, and secures data, maintaining its confidentiality and integrity throughout the process.

Figure 1.

Framework of QCNN-IDDS.

3.1 Preprocessing

Preprocessing via normalization is an essential phase in data preparation, focusing on adjusting and standardizing the scale of features within a dataset. This technique balances the contribution of each feature to the analysis, regardless of their initial scales or units. Let $D t$ be the input data, which is subjected to anomaly detection. Specifically, normalization in this context involves rescaling feature values to a predefined range, typically [0, 1]. By doing so, it addresses the disparity between features with different magnitudes and units, allowing for a more balanced and fair analysis. A detailed description of the normalization technique for preprocessing is discussed as follows:

DNT for preprocessing

Normalization²⁹ adjusts data, $D t$ to a consistent scale, which is crucial for the optimal performance of many analytical and ML models. Distance-based algorithms and those employing gradient optimization are notably influenced by the scale of input features. In the absence of normalization, features with larger ranges or different units might unduly affect the results, resulting in biased or less effective outcomes. When scaling feature values to a specified range, usually between 0 and 1, the Min-Max normalization technique is employed. This method is particularly useful for making sure that every feature, regardless of its initial scale or units, contributes equally to the analysis or modeling process. The formulation for Min-Max normalization is determined as in Eq. (1).

\begin{aligned} D t^{N o r m} = \frac{D t - M i n (D t)}{M a x (D t) - M i n (D t)} \end{aligned}

(1)

where,

M i n (D t)

signifies the minimum value of the feature in original data,

D t

;

M a x (D t)

signifies the maximum value of the feature in original data,

D t

However, it can be significantly affected by outliers, any extreme values can distort the scaling, leading to skewed results. Moreover, it assumes that the features have similar importance and distribution. To tackle this issue, a new DNT approach is proposed that reduces the impact of extreme values on the normalized data. The proposed DNT formulation for normalizing the original data is expressed in Eq. (2).

\begin{aligned} _{N e w} D t^{N o r m} = \frac{\overset{\land}{D t} - M e d i a n (D t)}{M A D} \end{aligned}

(2)

where,

M A D = M e d i a n [a b s (D t) - m e d i a n (D t)]

;

\overset{\land}{D t} = 0.5 [\tanh [\frac{s i g (D t - μ)}{σ}] + 1]

, in which

s i g

refers to sigmoid value as

s i g = \frac{1}{1 + e^{- (D t)}}

;

μ

refers to the mean value and

σ

indicates the standard deviation of data.

Thus, the proposed DNT employs $\tanh$ an estimator that is less sensitive to outliers compared to min-max normalization, as it mitigates the influence of extreme values on the normalized data. Additionally, this approach improves the centering and scaling of the data, while better accounting for data distributions. Then, the pre-processed data is denoted as $_{N e w} D t^{N o r m}$ .

3.2 Feature extraction

Feature extraction is a critical step in data preprocessing and analysis, aimed at transforming preprocessed data, $_{N e w} D t^{N o r m}$ into a set of meaningful attributes or features that can be used for modelling or analysis. This step involves identifying and choosing the most significant features from the data, $_{N e w} D t^{N o r m}$ to improve the performance of machine learning algorithms and analytical models. The primary objective of feature extraction is to decrease the dataset's dimensionality while preserving the most crucial information. The features such as mutual information, raw feature, and information gain assess the relevance of features, while statistical features such as minimum, maximum, mean, median, standard deviation, variance, skewness, kurtosis, and moment are extracted and defined as follows:

Mutual information: Mutual Information (MI)³⁰ is an information theory measure that quantifies the amount of information one variable reveals about another. It evaluates the level of correlation or dependency between two variables by measuring how much the knowledge of one variable's value decreases the uncertainty about the other. Unlike correlation, which only captures linear relationships, mutual information encompasses all forms of statistical dependency, including both linear and nonlinear relationships. The MI is formulated as in Eq. (3).

\begin{aligned} M I (M : N) = \sum_{m, n} p (m, n) \log \frac{p (m, n)}{p (m) p (n)} \end{aligned}

(3)

Where $p (m, n)$ indicates joint probability distribution function; $p (m)$ and $p (n)$ represents marginal probability distribution functions. Then, the MI-based feature extracted from $_{N e w} D t^{N o r m}$ is denoted as $M I^{f}$ .

Information gain: Information Gain³¹ is a widely used filter-based feature selection technique. It ranks attributes to reduce noise caused by irrelevant features and identifies those that contain the most information based on a specific class. The most relevant features are identified by calculating their entropy, a metric of uncertainty that succinctly describes the distribution of features. The entropy is formulated as in Eq. (4). Here, $P_{i}$ represents many samples for class i; and c indicates values count in the classification class.

\begin{aligned} E t r p (E) = \sum_{i}^{c} - P_{i} \log_{2} P_{i} \end{aligned}

(4)

The information gain is estimated using the entropy value as in Eq. (5). Here, E indicates samples; $V a l u e (B)$ indicates appropriate values B; $| E |$ indicates a set of samples for each data sample; B refers to attribute; and $| E_{v} |$ indicates sample count for value e.

\begin{aligned} I G (E, B) = E t r p (e) - \sum_{V a l u e (B)} \frac{| E_{v} |}{| E |} E t r p (E_{v}) \end{aligned}

(5)

Thus, the information gain features extracted from $_{N e w} D t^{N o r m}$ is indicated as $I G^{f}$

Statistical features: The statistical features³² like min, max, mean, median, standard deviation, variance, skewness, kurtosis, and moment are extracted from the preprocessed data $_{N e w} D t^{N o r m}$ . The description and formulae of these statistical features are pinpointed in Table 2, as follows:

Table 2.

Description and formulae of statistical features.

Statistical features	Description	Formulae
Min	The smallest value in a dataset defines the lower limit of the data range.	$M i n (x) = min (x_{1}, x_{2}, . ., x_{n})$
Max	It refers to the upper limit of the data range.	$M a x (x) = max (x_{1}, x_{2}, . ., x_{n})$
Mean	The mean value of a dataset is obtained by summing all the values and dividing by the total number of values.	$M e a n = \frac{1}{n} \sum_{i = 1}^{n} x_{i}$
Median	The median is the middle value of a dataset arranged in ascending order.	$M e d i a n = {\begin{cases} x_{n + 1 / 2}, i f n i s o d d \\ \frac{x_{n / 2} + x_{(n / 2) + 1}}{2}, i f n i s e v e n \end{cases}$
Standard deviation	A measure of the variability within a dataset, quantifying the average distance of each data point from the mean.	$S D = \sqrt{\frac{1}{n} \sum_{i = 1}^{n} {(x_{i} - μ)}^{2}}$ , where, $μ$ is the mean.
Variance	The average of the squared differences between each data point and the mean.	$V a r i a n c e = \frac{1}{n} \sum_{i = 1}^{n} {(x_{i} - μ)}^{2}$
Skewness	A measure of the asymmetry in the data distribution.	$S k e w = \frac{1}{n} \sum_{i = 1}^{n} {(\frac{x_{i} - μ}{σ})}^{2}$ , where $σ$ is the standard deviation.
Kurtosis	A measure of the “tailedness” of the data distribution.	$K u r t o s i s = \frac{1}{n} \sum_{i = 1}^{n} {(\frac{x_{i} - μ}{σ})}^{4} - 3$
Moment	Moments are derived from the mean of the data.	$M o m e n t = \frac{1}{n} \sum_{i = 1}^{n} {(x_{i} - μ)}^{k}$

Thus, the statistical features like “min, max, mean, median, standard deviation, variance, skewness, kurtosis, and moment” extracted from $_{N e w} D t^{N o r m}$ are fused and denoted as $S t^{f}$ .

Raw features: The raw features are the features that are extracted from the original data, $D t$ . Then, the raw features extracted from $_{N e w} D t^{N o r m}$ is denoted as $R f^{f}$ .

Thereby, the overall features like mutual information, information gain, statistical features and raw features are fused together and are represented as $F f = [M I^{f}, I G^{f}, S t^{f}, R f^{f}]$ .

3.3 Intrusion detection via ETW-QNN

The technique of locating harmful activity within a computer network or system is known as intrusion detection. During this stage, as illustrated in Figure 2, the features that were taken out of the data are fed into an intrusion detection model that includes two advanced models: ETW-QNN and LinkNet. The ETW-QNN model leverages quantum computing principles to enhance its capability to detect complex patterns and anomalies in the data, offering improved accuracy and efficiency compared to classical approaches. The LinkNet model, on the other hand, is a deep learning architecture that combines CNN with skip connections, enabling precise segmentation and anomaly detection through its encoder-decoder structure. These models are designed to train on the feature set to achieve effective anomaly detection. Both models (ETW-QNN and LinkNet) generate intermediate scores representing the likelihood of detected anomalies as $Q_{O u t^{1}}$ and $L_{O u t^{2}}$ , respectively. Further, the average is taken between both the intermediate scores and predicts the output as ‘0’ or ‘1’, which means ‘Normal’ and ‘Abnormal’.

Figure 2.

Intrusion detection via EWT-QNN.

Lastly, it is necessary to make sure that only those who are permitted can access and read the standard data. Thus, the MAB algorithm is used to encrypt the data.

3.3.1 ETW-QNN

Quantum Neural Networks (QNNs)³³ represent a sophisticated blend of quantum computing and neural network principles, designed to harness the unique properties of quantum mechanics for advanced computational tasks. QNNs are essentially based on quantum bits (qubits), which can represent several possibilities at once since they can exist in multiple states concurrently. This is in contrast to classical bits. Because of this feature, QNNs may analyse data in parallel, which could increase their computational efficiency. The architecture of a QNN typically includes several key components: like “Qubits, Quantum circuits, quantum gates and measurement”.

Qubits: Qubits are the basic units of quantum information and differ from classical bits in several ways. While classical bits can only be in one of two states (0 or 1) at a time, qubits can be in a superposition of both states simultaneously. This ability to represent multiple possibilities at once significantly boosts computational power. This entanglement allows for intricate correlations and operations between qubits, enhancing the overall capacity and efficiency of quantum algorithms.

Quantum Gates: These gates are operations designed to manipulate the states of qubits. They function as the quantum counterparts of classical logic gates and are crucial for executing computations within quantum circuits. Each quantum gate performs a specific transformation on qubits based on quantum principles. These gates are applied in sequences to construct quantum circuits, which facilitate complex computations through various quantum operations.

Quantum Circuits: These circuits consist of quantum gates arranged in a particular sequence to carry out quantum computations. They form the backbone of quantum algorithms, where the order and configuration of gates determine the outcome of the computation. Quantum circuits can handle a broad range of operations, from simple transformations to more intricate algorithms, by utilizing the principles of entanglement and superposition to process information.

A circuit family is an infinite sequence of circuits $ς = {ς_{1}, ς_{2}, \dots, ς_{n}, \dots}$ , where each circuit $ς$ has n binary inputs. This family computes a set of boolean functions $(f n_{1}, f n_{2}, \dots, f n_{n}, \dots)$ , where $f n_{n}$ is the boolean function computed by the circuit $ς_{n}$ . We define the size complexity of the circuit family $ς$ $g (n)$ and its depth complexity as $h (n)$ if, for all $n \geq 0$ , the circuit $ς_{n}$ has a size of at most $g (n)$ and a depth of at most $h (n)$ . Moreover, the size complexity describes the total number of components in the circuit, while depth complexity indicates the number of computational steps required to compute a boolean function. Both metrics are crucial for understanding the efficiency and computational resources needed for a circuit family.

A circuit family is considered as “polytime-uniform” if there exists a Turing machine that, within a time bound of $n^{s}$ for some constant $s \geq 1$ , can construct the circuit $ς_{n}$ given the input $1^{n}$ . The threshold in the threshold function $Δ$ represents a boolean function, which is indicated as $t h^{n, Δ} : {0, 1}^{n} \to {0, 1}$ and the value is defined as in Eq. (6). Here, $y_{1}, \dots, y_{n} \in {0, 1}$ and $0 \leq Δ \leq n$ .

\begin{aligned} t h^{n, Δ} (y_{1}, \dots, y_{n}) = {\begin{cases} 1, & i f \sum_{i = 1}^{n} y_{i} \geq Δ \\ 0, & o t h e r w i s e \end{cases} \end{aligned}

(6)

A weighted threshold function of threshold and weight is represented as $t h_{ω_{1}, ω_{2}, \dots, ω_{n}}^{n, Δ} : {0, 1}^{n} \to {0, 1}$ . The weighted threshold function is expressed as in Eq. (7).

\begin{aligned} t h_{ω_{1}, ω_{2}, \dots, ω_{n}}^{n, Δ} (y_{1}, \dots, y_{n}) = {\begin{cases} 1, & i f \sum_{i = 1}^{n} ω_{i} y_{i} \geq Δ \\ 0, & o t h e r w i s e \end{cases} \end{aligned}

(7)

However, designing and running ETW-QNN requires complicated quantum circuits and significant computational resources. Also, quantum computers are still in the early stage of development with limited qubits and high error rates. This can be addressed by assisting entropy, in which the weighted threshold function is modified. The standard form of entropy is formulated as in Eq. (8).

\begin{aligned} E n t = - \sum_{j = 1}^{n} p_{i} \log (p_{i}) \end{aligned}

(8)

Then, the modified entropy is expressed as in Eq. (9). Here, $p r_{i} = \frac{p_{i}}{\sum_{j = 1}^{n} p_{i}}$ . Using this entropy, the weight factor is computed as in Eq. (10). Here, $n = 2$ .

\begin{aligned} E n t^{N e w} & = - \frac{1}{\ln} \sum_{j = 1}^{n} p r_{i} \log (p r_{i}) \end{aligned}

(9)

\begin{aligned} W_{i} & = \frac{1 - E n {t^{N e w}}_{i}}{\sum_{i = 1}^{n} (1 - E n {t^{N e w}}_{i}) \log (n)} \end{aligned}

(10)

Then, the proposed weighted threshold function is expressed in Eq. (11). Here, $J (E n t^{N e w})$ is the round of the proposed entropy value $G_{i} = \sum_{i = 1}^{n} W_{i} * y_{i}$ .

\begin{aligned} _{N e w} t h_{ω_{1}, ω_{2}, \dots, ω_{n}}^{n, Δ} (y_{1}, \dots, y_{n}) = {\begin{cases} J (E n t^{N e w}), & \sum_{i = 1}^{n} W_{i} G_{i} \geq Δ \\ 0, & o t h e r w i s e \end{cases} \end{aligned}

(11)

Thus, this approach lies in its ability to sustainably enhance the training speed and prediction accuracy through the proposed threshold circuit, which leads to less computational resources. Moreover, it minimizes the model size, potentially speeds up certain computational issues and ability to scale quantum circuits for more complex tasks.

Measurement: It involves observing and extracting information from quantum states. After qubits have been transformed through quantum circuits, measurement collapses their quantum states into classical bits. This process converts the superposition of states into one of the definitive states (0 or 1), yielding a classical output that can be interpreted and used for further processing. Measurement is a critical step in quantum computations, as it allows quantum results to be translated into classical information for practical use. Then, the intermediate score acquired from ETW-QNN is referred as $Q_{O u t^{1}}$ .

3.3.2 Linknet

LinkNet³⁴ is a DL architecture specifically designed for semantic segmentation tasks. It integrates DCNNs with lightweight components to achieve high performance in segmentation while ensuring computational efficiency. The architecture comprises two main phases: “the encoder and the decoder”, as shown in Figure 3.

Figure 3.

Structure of LinkNet.

The encoder is built on a sequence of convolutional blocks that progressively extract features from the input image. It typically utilizes a modified version of well-known CNN architectures like ResNet or DenseNet as its backbone. This phase includes multiple layers such as “convolutional layers, BN, and activation functions”, which work together to capture hierarchical features from the data. The decoder, on the other hand, is tasked with reconstructing the segmentation map from the feature maps generated by the encoder. The decoder refines the feature maps to provide the final segmentation result by using a sequence of upsampling layers, such as transposed convolutions or upsampling followed by convolutions, to improve the spatial resolution of the feature maps.

Moreover, LinkNet includes skip connections, also referred to as residual connections, between the encoder and decoder. These connections aid in retaining spatial information and details that may be lost during the downsampling process. By linking high-level features from the encoder with corresponding lower-level features in the decoder, the skip connections enhance the accuracy of the output. Then, the intermediate score acquired from LinkNet is denoted as $L_{O u t^{2}}$ .

3.4 Data encryption via MAB algorithm

Data encryption is essential for maintaining the confidentiality and integrity of sensitive information. After detecting the malicious attacks, the normal data are subjected to the data encryption phase. By converting data into an unreadable format, it prevents unauthorized users from deciphering sensitive information, safeguarding it from espionage and theft. There are various approaches for data encryption, among those, the MAB algorithm is proposed, which is a variant of the Blowfish algorithm. The elucidation of the MAB algorithm is given as follows:

MAB algorithm: Blowfish,³⁵ a block cipher designed by Bruce Schneier in 1993, is recognized for its efficient performance in software applications. It utilizes a 64-bit block size and accommodates key lengths between 32 and 448 bits. It consists of two main phases: “key expansion and data encryption”. Blowfish's use of key-dependent s-boxes enhances its resilience against differential and linear cryptanalysis.

The MAB algorithm makes use of Blowfish's strong structure while adding new features that increase its defences against assaults without sacrificing system speed. This method offers a reliable and scalable way to safeguard sensitive data while guaranteeing high-accuracy intrusion detection in real-time settings, especially when combined with ECC-based key management and AES for comparison. By concentrating on the precise adjustments and integrations made to these algorithms, we make sure that the contributions to data security and intrusion detection are expressed in an understandable manner while removing superfluous information regarding the fundamental operation of these well-known techniques.

Blowfish employs a 16-round Feistel structure for data encryption and relies on extensively key-dependent S-boxes. Each round involves a permutation dependent on the key and a substitution that relies on both the key and the data. The representation of data encryption is illustrated in Figure 4. Blowfish is well-suited for applications where the key remains constant over time, such as communication links or automatic file encryption. The algorithm leverages basic operations like “exclusive-or, addition, table lookup, and modular multiplication” that are efficient on microprocessors. It avoids complex operations such as bit-wise permutations, variable-length shifts, and conditional jumps, and it uses precomputed subkeys, which can be prepared in advance on systems with large memory for improved performance. Traditionally, the F-function is formulated as in Eq. (12) and their illustration is given in Figure 5.

\begin{aligned} F = ((S 1 + S 2 mod 2^{32}) \oplus S 3) + S 4 mod 2^{32} \end{aligned}

(12)

Figure 4.

Representation of data encryption.

Figure 5.

Standard form of F-function.

The proposed representation of F-function is depicted in Figure 6 and the new formulation of F-function is formulated as in Eq. (13).

\begin{aligned} F_{N e w} = [((S 1 + S 2) mod 2^{32} \oplus S 3) + (S 3 \oplus S 4) mod 2^{32}] \end{aligned}

(13)

Figure 6.

Illustration of proposed F-function.

Moreover, decryption is identical to encryption and it is the reverse process of encryption.

4 Results and discussion

4.1 Simulation procedure

The proposed intrusion detection framework was simulated using Python 3.7. The hardware utilized comprised an “11th Gen Intel^® Core™ i5–1135G7 processor with a base clock of 2.40 GHz and 16.0 GB of RAM.” Furthermore, the performance of the intrusion detection system was assessed with the UNSW-NB15 dataset.³⁶

4.2 Dataset description

Raw network packets for this dataset were created with the “IXIA PerfectStorm tool at the Cyber Range Lab of UNSW Canberra,” simulating a combination of real modern activities and synthetic attack behaviors. A total of 100 GB of raw network traffic was captured using Tcpdump and saved as Pcap files. The dataset includes nine attack types: “Fuzzers, Analysis, Backdoors, DoS, Exploits, Generic, Reconnaissance, Shellcode, and Worms.” Argus and Bro-IDS tools facilitated the generation of 49 features through twelve different algorithms, with details provided in the UNSW-NB15_features.csv file.

A total of 2,540,044 records are included in the dataset, which is divided into four separate CSV files: “UNSW-NB15_1.csv, UNSW-NB15_2.csv, UNSW-NB15_3.csv, and UNSW-NB15_4.csv.”

The ground truth information is stored in the “UNSW-NB15_GT.csv file, and the event list is detailed in UNSW-NB15_LIST_EVENTS.csv.”

The dataset was partitioned into training and testing subsets, specifically “UNSW_NB15_training-set.csv and UNSW_NB15_testing-set.csv.” The training subset includes 175,341 records, and the testing subset contains 82,332 records, encompassing various attack types and normal data.

For our analysis, we evaluated the dataset using varying proportions of training data: 60%, 70%, 80%, and 90%. Specifically, with 60% of training data, we utilized 3000 samples for training and 2000 samples for testing. When using 70% of the training data, the dataset comprised 3500 training samples and 1500 testing samples. For 80% of the training data, there were 4000 training samples and 1000 testing samples. Finally, with 90% of the training data, we had 4500 training samples and 500 testing samples.

4.3 Performance analysis

A thorough estimating process was used to evaluate the suggested approach against traditional methods within the intrusion detection system. This evaluation covered two major aspects: a) Detection and b) Data Encryption. For the detection aspect, a wide range of metrics including “Sensitivity, Negative Predictive Value (NPV), Specificity, F-measure, False Negative Rate (FNR), Precision, False Positive Rate (FPR), Matthews Correlation Coefficient (MCC), and Accuracy” were used to analyze the ETW-QNN method's effectiveness. Additionally, ablation studies and statistical comparisons were conducted with state-of-the-art methods like CNN + LSTM + GRUS²⁶ and DNN,²⁷ as well as traditional models such as EfficientNet, LinkNet, SqueezeNet, ResNet, NN, and QNN. In terms of data encryption, the MAB approach was evaluated for attack resilience, encryption time, and decryption time, and was compared against conventional methods including ECC, AES, Blowfish, Elgamal, and FerNet.

4.4 Detection analysis

4.4.1 Box-plot comparison of positive performance metrics

A box plot is a visual representation that summarizes a data set, highlighting the distribution of the data as well as identifying any outliers. It effectively compares multiple data sets, as multiple box plots can be displayed on the same graph. To evaluate the effectiveness of the ETW-QNN strategy, its performance is compared with several conventional methods, including EfficientNet, LinkNet, CNN + LSTM + GRUs,²⁶ DNN,²⁷ SqueezeNet, ResNet, NN and QNN, specifically for intrusion detection in data security. Figure 7 illustrates the positive metric evaluation of these methods. The accuracy analysis across various models with different training data proportions highlights the superior performance of ETW-QNN strategy. At 60% training data, the ETW-QNN method achieves an impressive accuracy of 0.878, significantly outperforming other models, including EfficientNet (0.745), LinkNet (0.739), CNN + LSTM + GRUs²⁶ (0.767), DNN²⁷ (0.723), SqueezeNet (0.757), ResNet (0.752), NN (0.743) and QNN (0.756). This trend is maintained with an increase in the proportion of training data. The ETW-QNN model's accuracy improves to 0.901 with 70% of the training data, maintaining its lead over traditional methods. The ETW-QNN model reaches an accuracy of 0.928 with 80% of training data, continuing to outshine all other models in the comparison. With 90% of training data, the ETW-QNN method achieves an accuracy of 0.962, proving its exceptional and steady performance in intrusion detection.

Figure 7.

Box-plot analysis of positive metrics for ETW-QNN and conventional methods.

At 60% training data, the ETW-QNN method achieves a sensitivity of 0.879, which is notably higher than that of other models, such as EfficientNet with 0.772, LinkNet with 0.753, and CNN + LSTM + GRUs²⁶ with 0.773. This trend continues as the amount of training data increases. At 70% training data, the ETW-QNN strategy's sensitivity rises to 0.888, surpassing the sensitivities of Efficient Net (0.729), LinkNet (0.761), and CNN + LSTM + GRUs²⁶ (0.756). By 80% training data, the ETW-QNN method reaches an impressive sensitivity of 0.928, compared to CNN + LSTM + GRUs²⁶'s peak sensitivity of 0.728 and SqueezeNet (0.777). The ETW-QNN strategy reaches the highest sensitivity of 0.963 with 90% training data, while ResNet and QNN display lower sensitivities of 0.766 and 0.711, respectively. Overall, the ETW-QNN model stands out with its superior sensitivity across all training data levels, showcasing its effectiveness and reliability in intrusion detection over traditional models. At 70% training data, the ETW-QNN strategy achieves a specificity of 0.910, outperforming other methods such as EfficientNet (0.753), LinkNet (0.747), CNN + LSTM + GRUs²⁶ (0.739), DNN²⁷ (0.719), SqueezeNet (0.767), ResNet (0.741), NN (0.721) and QNN (0.732). This high specificity shows that the ETW-QNN approach is very good at precisely identifying intrusions. The Positive Metric evaluation that demonstrates that the ETW-QNN methodology outperforms conventional techniques. These results of DNT-based pre-processing, which effectively prepares the data for analysis, and the utilization of a hybrid architecture that enhances detection accuracy. These factors collectively contribute to higher positive metric values observed, highlighting the ETW-QNN method's efficacy in accomplishing more precise and reliable outcomes.

4.4.2 Box-plot comparison of negative performance metrics

The box-plot analysis of ETW-QNN strategy, compared to EfficientNet, LinkNet, CNN + LSTM + GRUs,²⁶ DNN,²⁷ SqueezeNet, ResNet, NN and QNN, regarding negative metrics for intrusion detection in data security, is presented in Figure 8. This analysis highlights how the ETW-QNN method contrasts with conventional approaches in minimizing negative metrics. Achieving minimal negative metric values is essential for enhancing the model's capability to detect intrusions accurately and efficiently. The evaluation of FPR across multiple models demonstrates that the ETW-QNN strategy delivers superior performance compared to conventional methods. The ETW-QNN approach, using 60% of training data, obtains an FPR of 0.123, substantially lower than that of competing models. EfficientNet, for instance, has an FPR of 0.273, while LinkNet records 0.271, and CNN + LSTM + GRUs²⁶ shows 0.238. DNN,²⁷ SqueezeNet, and QNN exhibit higher FPR values of 0.289, 0.252, and 0.253, respectively. When the training data is raised to 70%, the ETW-QNN strategy further reduces its FPR to 0.090, outperforming both EfficientNet (0.247) and LinkNet (0.253), among other methods. At 80% training data, the ETW-QNN method achieves an FPR of 0.072, which remains lower than the FPRs of EfficientNet (0.238), LinkNet (0.289), and CNN + LSTM + GRUs²⁶ (0.260).

Figure 8.

Box-plot analysis of negative metrics for ETW-QNN and conventional methods.

The ETW-QNN approach demonstrated a remarkably low FNR of 0.037 with 90% of the training data, significantly better than the FNRs of other models assessed. For instance, EfficientNet had an FNR of 0.229, signifying a higher rate of error. LinkNet recorded an FNR of 0.271, CNN + LSTM + GRUs²⁶ 0.220, and DNN²⁷ 0.280, all of which are higher than the ETW-QNN method's rate. SqueezeNet and ResNet both had FNRs of 0.271 and 0.234, respectively, while QNN had the highest FNR at 0.289. The low FNR of ETW-QNN strategy means it is highly effective at identifying intrusions with minimized error rates. This remarkable reduction in error values demonstrates the ETW-QNN approach's effectiveness in enhancing intrusion detection accuracy and reliability, thereby improving its ability to accurately detect malicious activities. This reduction in negative metrics is attributed to the effectiveness of DNT-based pre-processing and the precise detection capabilities provided by the hybrid architecture. These advancements contribute to a significant decrease in undesirable outcomes, highlighting the ETW-QNN method's superior performance in mitigating negative metrics relative to traditional approaches.

4.4.3 Box-Plot comparison of other performance metrics

Figure 9 illustrates a box plot evaluation of ETW-QNN methodology compared to Efficient Net, LinkNet, CNN + LSTM + GRUs,²⁶ DNN,²⁷ Squeeze Net, Res Net, NN and QNN, focusing on various other metrics for intrusion detection in data security. This comparison highlights how the ETW-QNN approach differs from conventional methods in terms of these metrics. Analysis of the F-measure across different models shows that the ETW-QNN strategy excels in performance compared to traditional methods. Using 60% of training data, the ETW-QNN approach attains an F-measure of 0.852, significantly outperforming the F-measures of other models. For instance, Efficient Net has an F-measure of 0.708, Link Net at 0.698, and CNN + LSTM + GRUs²⁶ at 0.726. DNN,²⁷ Squeeze Net, NN²⁸ and QNN show F-measure values of 0.681, 0.717, and 0.716, respectively. As the training data increases to 70%, the ETW-QNN strategy's F-measure rises to 0.881, surpassing Efficient Net (0.702), Link Net (0.719), and CNN + LSTM + GRUs²⁶ (0.712). The ETW-QNN method, at 80% training data, achieves an improved F-measure of 0.912, outpacing Efficient Net (0.698), Link Net (0.683), and other models. By utilizing 90% of training data, the ETW-QNN strategy achieves a remarkable F-measure of 0.957, highlighting its advantage over EfficientNet (0.718), LinkNet (0.719), and ResNet (0.749). This consistently high F-measure across varying training data underscores the ETW-QNN strategy's efficacy in balancing precision and recall, making it extremely effectual for intrusion detection in data security.

Figure 9.

Box-plot analysis of other metrics for ETW-QNN.

With the highest MCC of 0.923 at 90% training data, the ETW-QNN performs more effectively in intrusion detection. This is significantly higher than other methods, including EfficientNet (0.476), LinkNet (0.497), CNN + LSTM + GRUs²⁶ (0.489), DNN²⁷ (0.466), SqueezeNet (0.513), ResNet (0.547), NN (0.521) and QNN (0.461). This result highlights the ETW-QNN method's effectiveness in accurately detecting intrusions. An NPV of 0.950 is demonstrated using the ETW-QNN approach at 80% training data. In comparison, other models exhibit lower NPV values. EfficientNet achieves an NPV of 0.804, while LinkNet and CNN + LSTM + GRUs²⁶ have NPVs of 0.802 and 0.800, respectively. DNN²⁷ shows a slightly higher NPV of 0.809, and SqueezeNet and QNN both have NPVs of 0.833. Despite these values being reasonably high, they still fall short of the ETW-QNN approach's performance.

4.4.4 Ablation study on ETW-QNN

In Table 3, an ablation evaluation is presented, comparing the ETW-QNN approach with several variations, such as a model employing conventional normalization, a model using standard QNN, and a model lacking feature extraction. This analysis highlights the impact of each component on the effectiveness of intrusion detection in data security, providing insights into the contributions of normalization, QNN, and feature extraction methods to the overall performance of ETW-QNN approach. Additionally, the analysis is conducted using 90% of training data. The ETW-QNN achieves a precision of 0.950, highlighting its high effectiveness in detecting intrusions with outstanding precision. Conversely, the models with traditional normalization and conventional QNN display reduced precision values of 0.722 and 0.726, respectively. The precision of 0.754 for the model without feature extraction is lower than the precision achieved by the ETW-QNN method. The higher precision of ETW-QNN strategy signifies that it is better at accurately detecting intrusions. In the ablation analysis, the ETW-QNN strategy accomplished an FNR of 0.037, which is notably lesser compared to other models. By contrast, the other models demonstrate higher FNR values: the model using conventional normalization has an FNR of 0.195, the conventional QNN model has an FNR of 0.183, and the model lacking feature extraction has an FNR of 0.190. A lesser FNR specifies that the model is more applicable at detecting intrusions and diminishing error values.

Table 3.
Ablation analysis on ETW-QNN, model with conventional normalization, model with conventional QNN and model without feature extraction.

Metrics Model with Conventional Normalization Model with Conventional QNN Model without Feature Extraction ETW-QNN

Accuracy 0.793 0.798 0.813 0.962

FPR 0.216 0.215 0.184 0.039

Sensitivity 0.805 0.817 0.810 0.963

FNR 0.195 0.183 0.190 0.037

Specificity 0.784 0.785 0.816 0.961

F-Measure 0.762 0.769 0.781 0.957

MCC 0.582 0.594 0.620 0.923

Precision 0.722 0.726 0.754 0.950

NPV 0.852 0.860 0.860 0.971

Metrics	Model with Conventional Normalization	Model with Conventional QNN	Model without Feature Extraction	ETW-QNN
Accuracy	0.793	0.798	0.813	0.962
FPR	0.216	0.215	0.184	0.039
Sensitivity	0.805	0.817	0.810	0.963
FNR	0.195	0.183	0.190	0.037
Specificity	0.784	0.785	0.816	0.961
F-Measure	0.762	0.769	0.781	0.957
MCC	0.582	0.594	0.620	0.923
Precision	0.722	0.726	0.754	0.950
NPV	0.852	0.860	0.860	0.971

4.4.5 Statistical assessment on accuracy

Table 4 provides a detailed statistical evaluation of the ETW-QNN methodology compared to EfficientNet, LinkNet, CNN + LSTM + GRUs,²⁶ DNN,²⁷ SqueezeNet, ResNet, NN²⁸ and QNN for intrusion detection in data security. This comparison highlights how the ETW-QNN approach stands in contrast to traditional methods, offering insights into its relative performance and effectiveness in detecting intrusions. Table 4 displays the mean statistical metric values for the various models’ intrusion detection performance. The ETW-QNN model outperforms all other methods, achieving the highest mean accuracy of 0.917, with a peak accuracy of 0.962, and a relatively higher standard deviation of 0.031516, indicating strong performance with some variability. In comparison, CNN + LSTM + GRUs has a mean accuracy of 0.747, SqueezeNet achieves 0.760, and ResNet shows a mean of 0.757. The QNN model performs slightly better than DNN (mean 0.730) and shows a mean accuracy of 0.75. The QNN approach reaches an accuracy of 0.750. These values highlight that the ETW-QNN method not only outperforms the conventional models but also sets a new standard in accuracy for intrusion detection, demonstrating superior capability in consistently identifying intrusions. In the provided data, the ETW-QNN methodology stands out with an accuracy of 0.962, which significantly exceeds the maximum accuracies of other models. For comparison, CNN + LSTM + GRUs²⁶ reaches an accuracy of 0.767, while DNN,²⁷ SqueezeNet, and ResNet have accuracies of 0.737, 0.763, and 0.776, respectively. This elevated accuracy reflects the ETW-QNN model's ability to perform at a peak level in intrusion detection tasks.

Table 4.
Statistical analysis on accuracy.

Metrics Mean Median Std Min Max

EfficientNet³⁷ 0.742667 0.743833 0.004143 0.736 0.747

LinkNet³⁸ 0.741542 0.74525 0.012106 0.723 0.752667

CNN + LSTM + GRUS²⁶ 0.747375 0.744 0.011723 0.735 0.7665

DNN²⁷ 0.730042 0.730333 0.006513 0.7225 0.737

SqueezeNet³⁹ 0.760417 0.761 0.002203 0.757 0.762667

ResNet⁴⁰ 0.75725 0.7535 0.0113 0.746 0.776

Qnn³⁴ 0.75 0.753 0.009899 0.734 0.76

NN²⁸ 0.753625 0.7545 0.003489 0.748 0.7575

ETW-QNN 0.917042 0.914333 0.031516 0.8775 0.962

Metrics	Mean	Median	Std	Min	Max
EfficientNet³⁷	0.742667	0.743833	0.004143	0.736	0.747
LinkNet³⁸	0.741542	0.74525	0.012106	0.723	0.752667
CNN + LSTM + GRUS²⁶	0.747375	0.744	0.011723	0.735	0.7665
DNN²⁷	0.730042	0.730333	0.006513	0.7225	0.737
SqueezeNet³⁹	0.760417	0.761	0.002203	0.757	0.762667
ResNet⁴⁰	0.75725	0.7535	0.0113	0.746	0.776
Qnn³⁴	0.75	0.753	0.009899	0.734	0.76
NN²⁸	0.753625	0.7545	0.003489	0.748	0.7575
ETW-QNN	0.917042	0.914333	0.031516	0.8775	0.962

4.5 Analysis on data encryption

4.5.1 Attack analysis

The MAB strategy's attack analysis is contrasted with more traditional encryption methods including ECC, AES, Blowfish, Elgamal, and FerNet in Figure 10. This evaluation provides a comprehensive understanding of the security strengths and vulnerabilities of various approaches by evaluating their performance based on the correlation coefficient. In this context, the correlation coefficient was evaluated by comparing the original data with the encrypted data, providing insights into how well each encryption method preserves the statistical properties of the original data and its susceptibility to various attacks. In a CCA, the attacker selects arbitrary ciphertexts for decryption and utilizes the decrypted data to infer the encryption key. With a CPA, the attacker can request the encryption of chosen plaintexts and use the resulting ciphertexts to deduce the encryption key.

Figure 10.

Attack analysis on MAB and conventional methods a) BFA b) CCA c) CPA d) EDA e) FIA and f) KPA.

Examining the BFA with respect to the correlation coefficient for different encryption methods reveals the effectiveness of the MAB strategy. Notably, the MAB method achieves the lowest correlation coefficient value of 9.365, indicating its enhanced resistance to differential attacks. In comparison, the correlation coefficients for ECC, AES, Blowfish, and Elgamal are 10.178, 13.876, 11.372, and 10.631, respectively. This analysis underscores the MAB method's advanced security performance relative to conventional encryption techniques. The analysis of FIA resistance, assessed through the correlation coefficient, highlights the performance of various encryption methods. Among the evaluated techniques, the MAB method has the lowest correlation coefficient of 4.352, signifying its greater resilience to FIA. In contrast, ECC, Blowfish, AES, Elgamal, and FerNet show higher correlation coefficients, with values of 5.178, 4.572, 7.865, 7.351, and 5.861, respectively. A lower correlation coefficient reflects better protection against FIA, as it signifies reduced predictability of faults in the encrypted data. The MAB strategy's lower coefficient underscores its enhanced capability to withstand such attacks, offering superior security in comparison to the conventional methods.

The analysis of EDA in terms of correlation coefficient across various encryption methods highlights significant differences in their susceptibility to these attacks. Further, the AES shows a higher correlation coefficient of 13.861, suggesting that AES is more affected by these attacks compared to ECC. Blowfish exhibits the highest correlation coefficient of 13.984, making it the most susceptible to EDA among the compared methods. Elgamal also demonstrates considerable vulnerability with a correlation coefficient of 13.567, placing it in the high susceptibility category but slightly less affected than Blowfish. In contrast, the MAB Method displays the lowest correlation coefficient of 9.251, indicating that it is the least affected by EDA among the methods evaluated. This development is accredited in the Blowfish framework, which effectively bolsters resistance against various attack strategies. As a result, the MAB method demonstrates superior security performance, offering better protection against attacks and ensuring more robust data encryption.

4.5.2 Encryption and decryption time analysis

A comparison of the encryption and decryption timings for the MAB approach with traditional data encryption techniques is shown in Tables 5 and 6. Effective data encryption relies on minimizing both encryption and decryption times, and the MAB scheme's performance is evaluated against these established methods to assess its relative efficiency. Table 5 provides a comparison of encryption times for MAB method versus conventional data encryption techniques across different data sizes. For 16-bit data, the MAB method achieves the shortest encryption time of 0.189 s, outperforming ECC (0.378 s), AES (0.381 s), Blowfish (0.217 s), Elgamal (0.416 s), and FerNet (0.490 s). At 32-bits, the MAB method maintains its advantage with an encryption time of 0.115 s, compared to ECC (0.258 s), AES (0.328 s), Blowfish (0.387 s), Elgamal (0.490 s), and FerNet (0.258 s). For 64-bit data, the MAB continues to lead with the least time of 0.108 s, outperforming ECC (0.218 s), AES (0.291 s), Blowfish (0.135 s), Elgamal (0.126 s), and FerNet (0.476 s). At 128-bits, the MAB method again demonstrates superior efficiency with an encryption time of 0.088 s, significantly better than ECC (0.225 s), AES (0.459 s), Blowfish (0.250 s), Elgamal (0.339 s), and FerNet (0.259 s). This analysis highlights the MAB method's efficiency in minimizing encryption time across various data sizes.

Table 5.
Encryption time analysis on MAB and conventional methods.

Data Size ECC AES Blowfish Elgamal FerNet MAB

16-bits 0.378 0.381 0.217 0.416 0.490 0.189

32-bits 0.258 0.328 0.387 0.490 0.258 0.115

64-bits 0.218 0.291 0.135 0.126 0.476 0.108

128-bits 0.225 0.459 0.250 0.339 0.259 0.088

Data Size	ECC	AES	Blowfish	Elgamal	FerNet	MAB
16-bits	0.378	0.381	0.217	0.416	0.490	0.189
32-bits	0.258	0.328	0.387	0.490	0.258	0.115
64-bits	0.218	0.291	0.135	0.126	0.476	0.108
128-bits	0.225	0.459	0.250	0.339	0.259	0.088

Table 6.

Decryption time analysis on MAB and conventional methods.

Data Size	ECC	AES	Blowfish	Elgamal	FerNet	MAB
16-bits	0.497	0.485	0.299	0.252	0.441	0.229
32-bits	0.172	0.091	0.365	0.120	0.261	0.208
64-bits	0.498	0.351	0.444	0.386	0.397	0.194
128-bits	0.334	0.457	0.220	0.559	0.348	0.073

Table 6 provides an analysis of decryption times for MAB method in comparison with conventional encryption techniques across different data sizes. For 16-bit, the MAB method achieves a decryption time of 0.229 s, which is faster than ECC (0.497 s), AES (0.485 s), Blowfish (0.299 s), Elgamal (0.252 s), and FerNet (0.441 s). The MAB algorithm performs better than ECC (0.172 s), AES (0.091 s), Blowfish (0.365 s), Elgamal (0.120 s), and FerNet (0.261 s) when the data size grows to 32 bits, with a decryption time of 0.208 s. For 64-bits, the MAB method records a decryption time of 0.194 s, which is lower than ECC (0.498 s), AES (0.351 s), Blowfish (0.444 s), Elgamal (0.386 s), and FerNet (0.397 s). At 128-bits, the MAB method achieves a notable decryption time of 0.073 s, significantly faster than ECC (0.334 s), AES (0.457 s), Blowfish (0.220 s), Elgamal (0.559 s), and FerNet (0.348 s). Overall, the MAB model's decryption scheme consistently demonstrates superior efficiency, providing reduced decryption times across all tested data sizes compared to the conventional methods.

4.5.3 ROC -AUC curve analysis

Figure 11 shows the analysis of ROC -AUC curve. At different threshold settings, the True Positive Rate (sensitivity) is plotted against the False Positive Rate (1-specificity) using the ROC curve, and the area under this curve is measured by the AUC value. With AUC = 1 denoting a perfect classifier and AUC = 0.5 denoting a model with no discriminatory power, or random guessing, a larger AUC result denotes greater efficiency of the model. The ROC-AUC score is used in this paper to assess how well the QCNN-IDDS system distinguishes between normal and abnormal network traffic. A high ROC-AUC score indicates that the model is effectively classifying instances, making it a reliable metric for evaluating the framework's performance.

Figure 11.

Analysis of ROC -AUC curve.

4.6 Scalability analysis

The QCNN-IDDS method's results metrics for varying data sizes (20,000, 30,000, 40,000, and 50,000 instances) are provided in Table 7. From 0.904 for 20,000 instances to 0.937 for 50,000 examples, the model's accuracy grows steadily with the quantity of the data, suggesting improved classification performance with larger datasets. The sensitivity and specificity also increase, reflecting better detection of both positive and negative instances as data size grows. These findings demonstrate the QCNN-IDDS model's scalability and efficacy in managing bigger datasets, with major advances in classification accuracy and error reduction.

Table 7.
Scalability analysis of variation in Data size.

Variation in Data size

Metrics 20000 30000 40000 50000

Accuracy 0.904 0.924 0.928 0.937

sensitivity 0.925743 0.933168 0.943069 0.94802

specificity 0.924497 0.932886 0.934564 0.941275

precision 0.89486 0.90625 0.904988 0.914425

f_measure 0.910673 0.919512 0.920049 0.923636

mcc 0.865302 0.863866 0.865339 0.870593

npv 0.929239 0.933767 0.938547 0.940276

fpr 0.075503 0.065436 0.067114 0.058725

fnr 0.074257 0.066832 0.056931 0.05198

	Variation in Data size
Accuracy	0.904	0.924	0.928	0.937
sensitivity	0.925743	0.933168	0.943069	0.94802
specificity	0.924497	0.932886	0.934564	0.941275
precision	0.89486	0.90625	0.904988	0.914425
f_measure	0.910673	0.919512	0.920049	0.923636
mcc	0.865302	0.863866	0.865339	0.870593
npv	0.929239	0.933767	0.938547	0.940276
fpr	0.075503	0.065436	0.067114	0.058725
fnr	0.074257	0.066832	0.056931	0.05198

4.6.1 Computational time analysis

Table 8 provides a comparison of the time (in seconds) required by different models for training or inference, showcasing the computational efficiency of each. Among the listed models, the ETW-QNN emerges as the fastest, requiring 66.82 s, significantly outperforming other models in terms of time efficiency. The EfficientNet, CNN + LSTM + GRU, and LinkNet models take 86.09, 87.07, and 89.00 s, respectively, showing moderate computational demands. SqueezeNet requires the most time at 91.70 s, slightly outperforming QNN but still less efficient than ETW-QNN.

Table 8.
Time analysis.

Metrics Time(s)

Efficient Net 86.09434

Link Net 89.0019

CNN + LSTM + GRUS 87.06632

DNN 73.45713

Squeeze Net 91.69741

ResNet 74.38477

QNN 91.62541

NN 91.61902

ETW-QNN 66.81762

Metrics	Time(s)
Efficient Net	86.09434
Link Net	89.0019
CNN + LSTM + GRUS	87.06632
DNN	73.45713
Squeeze Net	91.69741
ResNet	74.38477
QNN	91.62541
NN	91.61902
ETW-QNN	66.81762

5 Conclusion

This work presents a novel Quantum Computation with Neural Network for Intrusion Detection and Data Security (QCNN-IDDS) framework that tackles two crucial issues in contemporary cybersecurity: precise intrusion detection and data protection. It does this by combining cutting-edge machine learning models with quantum computing. This framework not only improves IDS detection capabilities but also makes sure that sensitive data is safely encrypted while being detected by combining LinkNet and Entropy Threshold Weighted Quantum Neural Networks (ETW-QNN) with data security techniques like Modulus-assisted Blowfish (MAB) encryption. At 60% training data, the ETW-QNN approach yields an FPR of 0.123, which is much lower than that of previous methods. For example, CNN + LSTM + GRUs displays 0.238, LinkNet records 0.271, while EfficientNet has 0.273 FPR. Higher FPR values of 0.289, 0.252, and 0.253 are presented by DNN, SqueezeNet, and QNN, accordingly. Future studies could look at the scalability of quantum models, the creation of hybrid classical-quantum models, and the potential of quantum cryptography for communications security.

Footnotes

Abbreviation

Funding

The author(s) received no financial support for the research, authorship, and/or publication of this article.

Conflicting interests

The author(s) declared no potential conflicts of interest with respect to the research, authorship, and/or publication of this article.

References

Javeed

Saeed

Adil

, et al. A federated learning-based zero trust intrusion detection system for Internet of Things. Ad Hoc Networks 2024; 162: 103540.

Samantaray

Barik

Biswal

. A comparative assessment of machine learning algorithms in the IoT-based network intrusion detection systems. Decis Anal J 2024; 11: 100478.

Gheni

Al-Yaseen

. Two-step data clustering for improved intrusion detection system using CICIoT2023 dataset. e-Prime-Adv Electr Eng Electron Energy 2024; 9: 100673.

Hore

Ghadermazi

Shah

, et al. A sequential deep learning framework for a robust and resilient network intrusion detection system. Comput Secur 2024; 144: 103928.

Chintapalli

Singh

Frnda

, et al. OOA-modified Bi-LSTM network: an effective intrusion detection framework for IoT systems. Heliyon 2024; 10: e29410.

Korium

Saber

Beattie

, et al. Intrusion detection system for cyberattacks in the Internet of Vehicles environment. Ad Hoc Networks 2024; 153: 103330.

Park

Lee

Kim

, et al. An enhanced AI-based network intrusion detection system using generative adversarial networks. IEEE Internet Things J 2023; 10: 2330–2345.

Shahriar

Xiao

Moriano Salazar

, et al. CANShield: Signal-based intrusion detection for controller area networks. Oak Ridge, TN, United States: Oak Ridge National Laboratory (ORNL), 2022.

Mohammadi

Bok

Saif

. A proactive intrusion detection and mitigation system for grid-connected photovoltaic inverters. IEEE Trans Ind Cyber-Phys Syst 2023; 1: 273–286.

10.

Nallakaruppan

Somayaji

Fuladi

, et al. Enhancing security of host-based intrusion detection systems for the internet of things. IEEE Access 2024; 12: 31788–31797.

11.

Said

Sabir

Askerzade

. CNN-BiLSTM: A hybrid deep learning approach for network intrusion detection system in software defined networking with hybrid feature selection. IEEE Access 2023; 11: 138732–138747.

12.

Herzalla

Lunardi

Andreoni

. TII-SSRC-23 dataset: typological exploration of diverse traffic patterns for intrusion detection. IEEE Access 2023; 11: 118577–94.

13.

Khan

Gumaei

Derhab

, et al. A novel two-stage deep learning model for efficient network intrusion detection. IEEE Access 2019; 7: 30373–30385.

14.

Zhang

Wang

, et al. RTIDS: a robust transformer-based approach for intrusion detection system. IEEE Access 2022; 10: 64375–64387.

15.

Fatani

Abd Elaziz

Dahou

, et al. Iot intrusion detection system using deep learning and enhanced transient search optimization. IEEE Access 2021; 9: 123448–64.

16.

Cengiz

Lipsa

Dash

, et al. A novel intrusion detection system based on artificial neural network and genetic algorithm with a new dimensionality reduction technique for UAV communication. IEEE Access 2024; 12: 4925–4937.

17.

Chai

Wang

, et al. Crsf: An intrusion detection framework for industrial internet of things based on pretrained cnn2d-rnn and svm. IEEE Access 2023; 11: 92041–92054.

18.

Dutt

Borah

Maitra

. Immune system based intrusion detection system (IS-IDS): a proposed model. IEEE Access 2020; 8: 34929–34941.

19.

Siddiqi

Pak

. Tier-based optimization for synthesized network intrusion detection system. IEEE Access 2022; 10: 108530–44.

20.

Zuniga-Mejia

Villalpando-Hernandez

Vargas-Rosales

, et al. A linear systems perspective on intrusion detection for routing in reconfigurable wireless networks. IEEE Access 2019; 7: 60486–60500.

21.

Tama

Comuzzi

Rhee

. TSE-IDS: a two-stage classifier ensemble for intelligent anomaly-based intrusion detection system. IEEE Access 2019; 7: 94497–94507.

22.

Khan

, et al. HML-IDS: a hybrid-multilevel anomaly prediction approach for intrusion detection in SCADA systems. IEEE Access 2019; 7: 89507–89521.

23.

Wisanwanichthan

Thammawichai

. A double-layered hybrid approach for network intrusion detection system using combined naive Bayes and SVM. IEEE Access 2021; 9: 138432–50.

24.

Kim

Pak

. Early detection of network intrusions using a GAN-based one-class classifier. IEEE Access 2022; 10: 119357–67.

25.

Mora-Gimeno

Mora-Mora

Volckaert

, et al. Intrusion detection system based on integrated system calls graph and neural networks. IEEE Access 2021; 9: 9822–9833.

26.

Banaamah

Ahmad

. Intrusion detection in iot using deep learning. Sensors 2022; 22: 8417.

27.

Awajan

. A novel deep learning-based intrusion detection system for IOT networks. Computers 2023; 12: 34.

28.

Schrötter

Niemann

Schnor

. A comparison of neural-network-based intrusion detection against signature-based detection in IoT networks. Information 2024; 15: 164.

29.

Nayak

Misra

Behera

. Impact of data normalization on stock index forecasting. Int J Comput Inf Syst Ind Manage Appl 2014; 6: 13.

30.

Hoque

Bhattacharyya

Kalita

. MIFS-ND: a mutual information-based feature selection method. Expert Syst Appl 2014; 41: 6371–6385.

31.

Stiawan

Idris

Bamhdi

, et al. CICIDS-2017 dataset feature analysis with information gain for anomaly detection. IEEE Access 2020; 8: 132911–21.

32.

Esmael

Arnaout

Fruhwirth

, et al. A statistical feature-based approach for operations recognition in drilling time series. Int J Computr Inf Syst Ind Manage Appl 2012; 4: 100–108.

33.

Vasuki

Karunamurthy

Ramakrishnan

, et al. Overview of quantum computing in quantum neural network and artificial intelligence.

34.

Gupta

Zia

. Quantum neural networks. J Comput Syst Sci 2001; 63: 355–383.

35.

Parihar

Kulshrestha

. Blowfish algorithm: a detailed study. Int J Technol Res Eng 2016; 3: 2253–2255.

36.

https://research.unsw.edu.au/projects/unsw-nb15-dataset

37.

Tan

. Efficientnetv2: Smaller models and faster training. In: International Conference on Machine Learning, 2021.

38.

Chaurasia

Culurciello

. Linknet: Exploiting encoder representations for efficient semantic segmentation. In: 2017 IEEE visual communications and image processing (VCIP), 2017.

39.

Minu

Subashka Ramesh

. Optimal squeeze net with deep neural network-based Arial image classification model in unmanned aerial vehicles. Traitement du Signal 2022; 39: 275–281.

40.