Software Supply Chain Vulnerabilities Detection in Source Code: Performance Comparison between Traditional and Quantum Machine Learning Algorithms

Mst Shapna Akter,Md Jobair Hossain Faruk,Nafisa Anjum,Mohammad Masum,Hossain Shahriar,Akond Rahman,Fan Wu,Alfredo Cuzzocrea
DOI: https://doi.org/10.1109/BigData55660.2022.10020813
2023-05-31
Abstract:The software supply chain (SSC) attack has become one of the crucial issues that are being increased rapidly with the advancement of the software development domain. In general, SSC attacks execute during the software development processes lead to vulnerabilities in software products targeting downstream customers and even involved stakeholders. Machine Learning approaches are proven in detecting and preventing software security vulnerabilities. Besides, emerging quantum machine learning can be promising in addressing SSC attacks. Considering the distinction between traditional and quantum machine learning, performance could be varies based on the proportions of the experimenting dataset. In this paper, we conduct a comparative analysis between quantum neural networks (QNN) and conventional neural networks (NN) with a software supply chain attack dataset known as ClaMP. Our goal is to distinguish the performance between QNN and NN and to conduct the experiment, we develop two different models for QNN and NN by utilizing Pennylane for quantum and TensorFlow and Keras for traditional respectively. We evaluated the performance of both models with different proportions of the ClaMP dataset to identify the f1 score, recall, precision, and accuracy. We also measure the execution time to check the efficiency of both models. The demonstration result indicates that execution time for QNN is slower than NN with a higher percentage of datasets. Due to recent advancements in QNN, a large level of experiments shall be carried out to understand both models accurately in our future research.
Cryptography and Security,Machine Learning,Quantum Physics
What problem does this paper attempt to address?
### Problems the Paper Attempts to Solve This paper aims to compare the performance differences between Quantum Neural Networks (QNN) and traditional Neural Networks (NN) in detecting software supply chain attacks. Specifically, the research goal is to evaluate the accuracy, recall, precision, and F1 score of these two models under different dataset proportions and measure their execution time to assess efficiency. #### Main Research Content: - **Experimental Subjects**: The ClaMP dataset is used for experiments, which is designed for detecting software supply chain attacks. - **Model Comparison**: Two different models were developed, one based on Quantum Neural Networks (QNN) and the other based on traditional Neural Networks (NN). The QNN model was built using Pennylane, while the NN model was built using TensorFlow and Keras. - **Performance Evaluation**: These two models were tested on different proportions of the dataset, and metrics such as accuracy, recall, precision, and F1 score were recorded. Additionally, the execution time of each model was recorded. - **Result Analysis**: The results show that QNN's execution time is slower than NN's on larger dataset proportions, but QNN outperforms NN on some smaller dataset proportions. #### Conclusion - The study found that QNN's execution time slows down as the dataset proportion increases, while NN's execution time speeds up as the dataset proportion increases. - Despite the rapid development of quantum machine learning in recent years, the current version of quantum simulators still has limitations, especially the limited number of qubits, which restricts its application in detecting software supply chain attacks. - Future research needs to further improve quantum simulators to better handle large-scale datasets, enhance classification performance, and reduce computation time.