Formulating Subgroup Discovery as a Quantum Optimization Problem for Network Security

Samuel Spell; Chi-Ren Shyu

doi:10.48550/arXiv.2604.27153

← Recent

AG-2026.04-1973·quant-ph·cross-listed: cs.CR

Formulating Subgroup Discovery as a Quantum Optimization Problem for Network Security

Authors

Samuel Spell
Chi-Ren Shyu

Abstract

While current network intrusion detection systems achieve satisfactory accuracy, they often lack explainability. Subgroup Discovery (SD) addresses this by building interpretable rules that characterize feature interactions associated with attack traffic. With large datasets, classical heuristic beam search methods struggle with exponentially scaling search spaces and can prune critical multi-feature interactions. This paper introduces a quantum-enhanced pipeline for SD applied to network intrusion detection using NSL-KDD, formulating SD as quantum optimization for the first time. By encoding feature selection as a Quadratic Unconstrained Binary Optimization (QUBO) and solving it via the Quantum Approximate Optimization Algorithm (QAOA) on IBM Quantum hardware (ibm_pittsburgh), the pipeline identifies subgroups of network features that discriminate normal from attack traffic. A least-squares regression QUBO formulation fits the Weighted Relative Accuracy (WRAcc) landscape over feature subsets, with surrogate sampling for larger QUBOs. Results are benchmarked against exhaustive enumeration and Beam Search using ratios for Hamiltonian quality and WRAcc. Hardware scaling experiments on ibm_pittsburgh (10-30 qubits) reveal that QAOA at depth p = 1 shows WRAcc ratios of 0.983 at 10 qubits, 0.971 at 15 qubits, 0.855 at 20 qubits, and 0.624 at 25 qubits, degrading to 0.039 at 30 qubits as circuit noise dominates, establishing an empirical NISQ scaling boundary. Results demonstrate that QAOA discovers subgroups competitive with classical heuristics and finds multi-feature interaction patterns that greedy Beam Search prunes, with QAOA-unique subgroups achieving up to 99.6% test precision. This work establishes a framework for quantum combinatorial optimization in cybersecurity and characterizes hardware scaling for NISQ devices.

Submitted

29 April 20261 month ago

Version

v1

License

CC-BY-4.0

DOI

10.48550/arXiv.2604.27153

Cite this preprint

BibTeX RIS

Imports into BibLaTeX, Zotero, Mendeley, EndNote.

PDF

Open PDF

Opens in a new tab · v1.

Summary

Researchers used quantum computers to find interpretable rules for detecting network attacks by formulating the search problem as quantum optimization, discovering feature interactions that classical methods miss—but only on smaller problems before noise overwhelms the results.

The team converted subgroup discovery (finding patterns that characterize attack traffic) into a QUBO problem solvable by QAOA, a near-term quantum algorithm, marking the first application of this approach to intrusion detection.
QAOA found multi-feature interaction patterns that greedy classical beam search pruned away, achieving up to 99.6% test precision on some subgroups—showing quantum's potential for combinatorial search where classical heuristics hit blind spots.
Hardware experiments revealed a hard scaling wall: performance degraded sharply beyond 20 qubits as circuit noise overwhelmed the quantum advantage, exposing the real-world limitation of current noisy quantum devices (NISQ era) for this task.

curious · generated by claude-haiku-4-5

Chat with this PDF

Ask questions, probe assumptions, request a plain-English summary. Answers cite sections from the preprint itself.

Community

Questions and answers about this paper from other readers. No formal peer review — just a place to think out loud.