A hybrid quantum ensemble learning model for malicious code detection

AdaBoost is a learning algorithm that uses Boosting enhancement by adding a new base classifier to each round of training until a predetermined error rate or a specified maximum number of iterations is reached [28]. It is adaptive reflected by that the samples wrongly classified by the previous base classifier are enhanced, i.e. they receive higher weight values, and the weighted whole samples are again used to train the next base classifier.

GBDT is an iterative decision tree algorithm [29]. The basic idea is to iteratively train a series of decision trees and combine them to form a strong classifier. In each iteration, GBDT will calculate the residual (the difference between the actual value and the predicted value) according to the prediction results of the previous round of models, and use the residual as the training target of the next round of models.

Random Forests consists of many decision trees, each of which is unrelated to the other [30]. A forest is built in a randomized way. After building the forest, when a new sample enters, each decision tree will predict it separately and then give the classification result based on the voting method.

SVM is a supervised learning algorithm whose decision-making process is a maximum-margin hyperplane for the solution of the learning samples [31]. The main steps are: find a number of data on the edge of the set (called Support Vector), use these points to find a plane (called the decision surface), so that the distance from the support vector to the plane is maximized.

MLPC is a feed-forward neural network based on classifier, which is a neural network model with forward propagation mechanism containing one or more layers of hidden nodes between the input and output layers [32]. It is learning process uses BP algorithm and the optimization problem is abstracted into logistic loss function.

Kernel methods are an important class of methods in machine learning, and support vector machine is a typical representative of kernel methods. On classical computers, when the feature space of the data increases, the computational cost of kernel function estimation grows tremendously, which makes the advantages of kernel methods decrease and restricts their application scope. For this reason, some scholars have proposed to combine quantum computing and kernel methods in classical machine learning to fully utilize quantum computing to realize the acceleration of the inner product operation of data vectors, combined with the characteristics of high-latitude Hilbert Space, to improve the performance and advantages of the support vector machine.

QSVM contains two mainstream implementations, one based on variational quantum circuit and the other based on quantum kernel estimation methods [10]. In [33], the authors have applied the VQA method to the support vector machine algorithm solve the SVM optimization problem and transmit the optimized parameters to efficiently classify new data. Yang et al [34] proposed a QSVM model based on optimized HHL quantum circuits containing optimized preprocessing units as well as a result readout method for kernel matrix generating circuit, which reduces the depth of the quantum circuit [35].

At the heart of the QSVM algorithm is a non-sparse matrix power arithmetic technique that efficiently performs matrix inversion on the inner product matrix of the training data. In [34], the authors change the original SVM problem, a quadratic programming problem, into a problem of solving a linear equation system:

$$\begin{align}F\left( {\begin{array}{*{20}{c}} b \\ {\vec{\alpha} } \end{array}} \right) \equiv \left( {\begin{array}{*{20}{c}} 0&{{{\vec{1}}^T}} \\ {\vec{1}}&{K + {\gamma ^{ - 1}}I} \end{array}} \right)\left( {\begin{array}{*{20}{c}} b \\ {\vec{\alpha} } \end{array}} \right) = \left( {\begin{array}{*{20}{c}} 0 \\ {\vec{y}} \end{array}} \right)\end{align} \tag{ 1 }$$

here $K$ is the kernel matrix, and ${K_{ij}} = x_i^T \cdot {x_j}$. Also, the SVM problem is transformed into a matrix exponentiation and matrix inverse problems. A similar HHL algorithm quantum circuit can be constructed for solving the two problems.

In the classical KNN algorithm, the classification performance of the nearest neighbors method based on the distance metric is generally better and has been widely used. However, the computational complexity of the classical KNN algorithm is high, so it is of high theoretical and applied value to introduce the acceleration effect of quantum computing into the KNN algorithm.

Hamming distance and Manhattan distance are the two commonly used distance metrics. Some scholars have tried to realize the calculation of the two distances with the help of quantum circuit can effectively accelerate the distance metric process and achieve a quadratic acceleration effect [36–38].

In [39], the authors proposed a QKNN algorithm based on quantum fidelity measure, which uses quantum circuit with integrated switching tests, loads two N-dimensional states and computes the fidelity between them. In [11], the authors have proposed polar distance to enhance QKNN classification performance. Due to the quantum solution by Euclidean distance, there is a large error and a classical computational part. The algorithm is designed to implement a better distance metric using quantum data as an alternative to the Euclidean distance with better results.

According to polar coordinates, the polar distance in [11] combines cosine similarity and module length similarity, which is better suited to quantum distance metrics. The formula for calculating the polar distance is shown equation (2). The polar distance quantum circuit is shown in figure 1.

Zoom In Zoom Out Reset image size

$$\begin{align}d = {d_c} \cdot \left( {1 - w} \right) + {d_r} \cdot w \quad \left( {{d_c},{d_r},w \in \left[ {0,1} \right]} \right) .\end{align} \tag{ 2 }$$

Among them, ${d_c}$ and ${d_r}$ represent cosine similarity and module length similarity, respectively, $w$ represents an adjustable parameter to better improve the performance of classification.

VQC is a hybrid quantum classical algorithm based on variational optimization for NISQ (Noisy Intermediate-Scale Quantum) [23], which is the most promising algorithmic direction to realize quantum dominance in the near future. The approximation and solution of relevant problems without complete error correction is achieved by fully utilizing the expressive power of a large number of noise-containing quantum bits. VQCs are characterized by the fact that their parameters can be adjusted and are also called parameterized quantum classifiers [40].

Variational quantum algorithm is essentially a parameterized Unitary transform characterized by the inclusion of learnable free parameters. In this case, the Unitary transform can be expressed as $U = {\text{ }}{e^{iH}}$ and $H$ is the Ermie matrix. The Ermie matrix can be transformed into a linear combination of the tensor product of the Pauli matrices ${\text{ }}\left\{ {{\sigma _x},{\sigma _y},{\sigma _z}} \right\}$ and the unit matrix I. The Pauli matrices correspond to a quantum gate. Consequently, the quantum variational algorithm can be expressed as:

$$\begin{align}U\left( \theta \right) = {U_N}\left( {{\theta _N}} \right)V \cdots {U_2}\left( {{\theta _2}} \right)V{U_1}\left( {{\theta _1}} \right).\end{align} \tag{ 3 }$$

Among them, ${U_i}\left( {{\theta _i}} \right)$ represents a parametric quantum gate, V represents a non-parametric quantum gate, and N represents the layers of quantum circuit. According to the quantum noise, the effective circuit width (the number of quantum bits) and depth (the layers of quantum circuit) that quantum devices can provide in the near future will be limited.

In the research related to ensemble learning, the main frameworks can be categorized into three types: Boosting method, Bagging method and Stacking method [4, 5]. Since Bagging and Stacking methods are used in this paper, only these two methods are introduced.

Bagging method is mainly used to construct several homologous base models by bootstrap operation on the original data distribution and utilizing multiple sample sets after sampling. In this way, those base models can be obtained from different training sample sets without changing the base algorithm, and the final prediction result can be obtained by combining multiple base classifiers through voting or other strategies.

Stacking method is used to minimize the generalization error of one or more learners, and their core idea is similar to a complex version of cross-validation. In Stacking model, first carries out a K-fold cross-validation on the dataset, and uses multiple base classifiers to make predictions on these data to get the output results, and then combines the predictions into new features, and trains on the new features using new learners. The individual base learners in Stacking should generally be independently accurate and vary from one base learner to another.

In quantum ensemble learning, [14] proposed a quantum classifier integration framework for quantum classifier fusion and each classifier is weighted according to its performance in classifying training data. Macaluso et al [41] combined quantum superposition, entanglement, and interference in order to build an ensemble of classification models to form a model for quantum integrated classification, also with exponential speedup.

Currently, the mainstream malicious code detection and identification methods mainly include static feature analysis method, dynamic feature analysis method, and hybrid feature analysis method. Static feature analysis method refers to not actually executing the malicious code itself, but scanning the file to obtain the content of the sample, or obtaining the code information of the sample through disassembly tools (e.g. IDA Pro, OllyDump, etc), and extracting the structure, statistical values, images, as the sample features from them [42–44]. In this paper, we mainly use the statics features, such as the opcode sequence, PE file structure, and the string statistical features.

2.6.1. Opcode sequence

2.6.2. String statistical features

2.6.3. PE file structure

The main work of the classical machine learning layer is to preprocess the data features to obtain new features with high differentiation and effectiveness. Using Stacking method, the features such as PE file structure, string statistics values, and opcode sequences of the malicious code are fed into heterogeneous learning models such as AdaBoost, GBDT, MLPC, Random Forests, and SVM for 5-fold cross-validation, and the obtained the corresponding predicted values, as the new features of the dataset, and used as inputs to the next layer (quantum machine learning layer). After the ensemble learning of the heterogeneous learning models, the validity of the new features can be effectively ensured, and the dimensionality reduction is achieved, and at the same time, the generalization ability of the model is also improved. The parameters used in AdaBoost, GBDT, Random Forests, SVM, MLPC are shown in table 2. Algorithm 1 demonstrates the classical machine learning process.

The quantum machine learning layer mainly contains the processes of data quantum state coding, quantum circuit used for quantum classifiers, augmented quantum classifiers, and prediction result aggregation. Firstly, data quantum state coding, which uses common amplitude coding and quantum coding circuits 14 proposed in [45] to realize the data output in quantum states. Secondly, the quantum circuit used for quantum classifiers like QSVM, VQC, and QKNN. Thirdly, augmented quantum classifiers, which adopts the parameter optimization method to optimize the parameters for the three kinds of quantum classifiers, and uses the bagging method in ensemble learning to achieve integrated enhancement of the classification performance of QSVM and VQC. Finally, Prediction result aggregation, the prediction results of the above three enhanced quantum classifiers are aggregated using a voting strategy as the final prediction result.

3.2.1. Data quantum state coding

Quantum state coding is the transformation of classical data into quantum state data for use in quantum classifiers. QKNN model requires the test set to be compared with the entire training set for result prediction, which has lots of data computation. Before running the QKNN model, amplitude coding is used in this paper to minimize the sub-bit overhead.

Before running the QSVM and VQC models, the quantum coding circuit 14 proposed in [45] is used to encode the classical data to output the quantum state through the quantum circuit, which adopts the circuit block structure, and the entanglement method adopts the neighboring bit entanglement with the addition of the first and the last long-distance entanglement, and this long-distance entanglement is shifted with each shift of the circuit block by one step, which is demonstrated by the experiment that the circuit structure. The quantum state coding circuit is shown in figure 3, and we take 5 quantum bits as an example. Experiments show that this circuit structure has good data expression and entanglement ability, and is a better quantum state coding circuit in the NISQ era.

Zoom In Zoom Out Reset image size

3.2.2. The quantum circuit used for VQC, QKNN, QSVM

The quantum circuit used for VQC is shown in figure 4, and we take 5 quantum bits as an example. The quantum circuit is mainly composed of RY and CNOT quantum gates, the depth of quantum circuit is 6 and the number of trainable parameters is 10. Also, the quantum circuit of QKNN is based on the quantum circuit extension of figure 1 (The polar distance quantum circuit), and the depth is 21. The QSVM uses the quantum circuit is same to the IBM qiskit's QSVM which is already implemented in the IBM qiskit, and the depth is 68.

Zoom In Zoom Out Reset image size

3.2.3. Enhancement of quantum classifiers

3.2.4. Results aggregation

A malicious code dataset derived from a big data security analysis competition, co-sponsored by QIANXIN GROUP and Tsinghua University [46]. The dataset comes from a large number of mining and non-mining malicious codes captured from the existing network every day. In our experiment, we selected 2000 samples from the open dataset, contains 1000 mining malicious code samples and 1000 non-mining malicious code samples were selected for testing in the dataset. The experimental setup follows the conventional 7:3 ratio for training data/test data. In this paper, python, IBM qiskit, PyQpanda, and TensorFlow Quantum are used to build the experimental environment for model evaluation.

In this paper, four commonly used metrics such as accuracy, precision, recall and F1-score of binary classification task species are selected for model evaluation. The specific formulas for the four metrics are shown in equations (5)–(8). Among them, TP indicates that positive samples are correctly classified as positive samples, FP indicates that negative samples are incorrectly classified as positive samples, FN indicates that positive samples are incorrectly classified as negative samples, and TN indicates that negative samples are correctly classified as negative samples

$$\begin{align}{\text{Accuracy}} & = \frac{{{\text{TP}} + {\text{TN}}}}{{{\text{TP}} + {\text{TN}} + {\text{FP}} + {\text{FN}}}}\end{align} \tag{ 5 }$$

$$\begin{align}{\text{Precision}} & = \frac{{{\text{TP}}}}{{{\text{TP}} + {\text{FP}}}}\end{align} \tag{ 6 }$$

$$\begin{align}{\text{Recall }} & = \frac{{{\text{TP}}}}{{{\text{TP}} + {\text{FN}}}}\end{align} \tag{ 7 }$$

$$\begin{align}{\text{F1}} & = 2{{*}}\frac{{{\text{Precision}}*{\text{Recall}}}}{{{\text{Precision}} + {\text{Recall}}}}.\end{align} \tag{ 8 }$$

In conducting the model enhancement experiments, the range of parameter values and optimal combinations of quantum classifiers (QSVM, QKNN, VQC) are shown in table 3. To enhance the QSVM model, the set of values [0.1,0.5,1,5,10,100] is selected for penalty parameter c, and the set of values [0.01,0.05,0.1,0.5,1,3,5] is selected for the gamma parameter. To enhance the VQC model, L1Loss, L2Loss and CrossEntropyLoss are selected for loss function, COYBYLA, P_BFGS, SPSA, etc are selected for optimizers. To enhance the QKNN model, the set of integers [3,4,5,6,7,8,9] is selected for k-value, and the set of fractions (0,1) is selected for the weight parameter w.

In order to verify the performance of the model in this paper, we select QSVM and VQC of IBM qiskit, QKNN in [39] and two implementations in [26]. (named HQC_TTN and HQC_MERA), as well as DecisionTreeClassifier in classical machine learning as the comparison models to carry out the experiments. In this paper, four metrics such as accuracy, precision, recall, and F1-score are selected for model evaluation. The experimental results are shown in table 4. For the precision (accuracy, F1-score) rate, our model reaches 98.9% (94.5%, 94.24%), which is the highest among the seven models. Compared with the second best model, the precision (accuracy, F1-score) rate improves nearly 3% (0.5%, 0.24%). However, for the recall rate, our model is relatively low and not satisfactory enough.

In the NISQ era, the numbers of quantum bits, trainable parameters as well as quantum layers are important parameters in resource analysis. In this paper, we counted the above three resources required for all models in the experiment in table 5.

As shown in table 5, the resource requirements for our model is mediocre. Both the numbers of quantum bits and trainable parameters of OurModel are 10. The number of quantum layers is 68, which is the same as QSVM but higher than other models.

Overall, our model is higher than the comparison models (contains 5 quantum classifiers and 1 classical machine learning) in three metrics, including accuracy, precision, and F1-score, in which precision rate is improved by nearly 3 percentage points, which achieves better results and is important for the efficient and precise identification of malicious code. At the same time, compared to other models, our model has relatively low resource requirements. In particular, combined with the acceleration of quantum computing, our model is able to cope with the growing trend of the scale of malicious code and prevent the threats brought by malicious code more effectively, which is of great significance to the security of cyberspace.

In the experiments, we use multi-feature fusion means to ensure the richness and effectiveness of features, such as OPCODE sequences, String Statistical features and PE file structure. At the same time, Stacking method is used to integrate 5 kinds of heterogeneous learning models to ensure the effectiveness of the features while downgrading the data. The experimental results also illustrate that the Bayesian parameter optimization and bagging ensemble learning in classical machine learning are also used for quantum classifiers with good results.

In order to further display the experimental result, we display the four metrics under accuracy, precision, recall, and F1-score as bar charts of QSVM_qiskit, VQC_qiskit, QKNN, HQC_TTN, HQC_MERA, DTClassifier (DecsionTreeClassifier), and OurModel (the model in this paper). Figure 5 shows the effect of the above seven models in the form of bar charts.

Zoom In Zoom Out Reset image size