Qcl-Ids Achieves 0.941 Accuracy in Quantum Continual Intrusion Detection Systems

Continual intrusion detection presents a significant challenge, demanding systems adapt to novel attacks whilst preserving knowledge of past threats under resource limitations and strict privacy regulations. Zirui Zhu and Xiangyang Li, from the Johns Hopkins University Information Security Institute, alongside Xiangyang Li et al., address this problem with QCL-IDS, a novel quantum-centric continual-learning framework. This research is significant because it co-designs stability and privacy, utilising a unique approach called Quantum Fisher Anchors to retain crucial historical data via compact core sets and a fidelity-based system limiting decision drift. Furthermore, QCL-IDS employs privacy-preserved quantum generative replay to regain adaptability without storing sensitive data, demonstrably outperforming sequential fine-tuning with mean Attack-F1 scores of 0.941 and 0.944 on the UNSW-NB15 and CICIDS2017 datasets, respectively, alongside minimal forgetting rates of 0.005 and 0.004.

Quantum continual learning for intrusion detection systems

Scientists have developed a new quantum-centric continual learning framework, QCL-IDS, designed to enhance intrusion detection systems while adhering to strict operational and privacy constraints. This research addresses the critical need for continual intrusion detection that can adapt to emerging attack stages without losing the ability to identify legacy threats, all within bounded computational resources and without long-term storage of sensitive data. The team achieved this by co-designing stability and privacy-governed rehearsal techniques specifically for near-term quantum (NISQ) pipelines. Experiments demonstrate that this allows for rigorous regularization of the model based on changes in the quantum state, requiring only a small number of circuit evaluations. To enable plasticity without retaining sensitive data, the researchers introduced privacy-preserved quantum generative replay (QGR).
QGR employs frozen, task-conditioned generator snapshots to synthesize bounded rehearsal samples, effectively allowing the system to “rehearse” historical knowledge without storing raw telemetry. This innovative technique addresses the privacy concerns associated with traditional replay-based continual learning methods. The framework formulates continual intrusion detection as a resource-constrained optimization problem, ensuring operational feasibility and compliance with data governance policies. Evaluations conducted on the UNSW-NB15 and CICIDS2017 datasets reveal that QCL-IDS consistently achieves the best retention-adaptation trade-off. Specifically, the gradient-anchor configuration attained a mean Attack-F1 score of 0.941 with a forgetting rate of 0.005 on UNSW-NB15, and a mean Attack-F1 score of 0.944 with a forgetting rate of 0.004 on CICIDS2017, significantly outperforming sequential fine-tuning which achieved scores of 0.800/0.138 and 0.803/0.128 respectively. This work opens new avenues for developing robust and privacy-preserving intrusion detection systems capable of adapting to the ever-evolving landscape of cyber threats.

Quantum continual learning for intrusion detection

Scientists developed QCL-IDS, a quantum-centric continual-learning framework designed to address continual intrusion detection under strict operational constraints, including limited compute and qubit resources and privacy regulations prohibiting long-term storage of raw telemetry data. The study pioneered a co-design approach for stability and privacy-governed rehearsal within intrusion detection pipelines. Researchers implemented a three-stage attack stream utilising the UNSW-NB15 and CICIDS2017 datasets to evaluate performance. Experiments employed a classical generator as a control to validate the quantum approach. The system trains compact quantum generators to approximate the distribution of past tasks, allowing rehearsal of historical knowledge without violating data governance policies. This method achieves a balance between retaining existing knowledge and adapting to new threats. Scientists estimated these values with a small number of circuit evaluations, aligning with the tight evaluation budgets of Near-Term Intermediate-Scale Quantum hardware. QCL-IDS formulates continual intrusion detection as a resource-constrained optimisation problem. The gradient-anchor configuration achieved a mean Attack-F1 score of 0.941 with a forgetting rate of 0.005 on UNSW-NB15 and a mean Attack-F1 of 0.944 with a forgetting rate of 0.004 on CICIDS2017, significantly outperforming sequential fine-tuning which achieved 0.800/0.138 and 0.803/0.128 respectively. The study confirms that stability regularization via Q-FISH is the primary driver of retention, while the privacy-aligned replay provides the necessary plasticity to learn new attack vectors without catastrophic forgetting.

Q-FISH anchors maintain high intrusion detection

Scientists have developed a new quantum-centric continual-learning framework, QCL-IDS, designed for continual intrusion detection systems. This research addresses the challenge of absorbing new attack stages while maintaining legacy detection capabilities under limited computational resources and strict privacy constraints. This directly limits decision drift on representative historical traffic, ensuring the system doesn’t forget previously learned patterns.

Experiments revealed that the gradient-anchor configuration achieved a mean Attack-F1 score of 0.941 on the UNSW-NB15 dataset, accompanied by a forgetting rate of 0.005. On the CICIDS2017 dataset, the same configuration yielded a mean Attack-F1 of 0.944 with a forgetting rate of 0.004. These results significantly outperform sequential fine-tuning, which achieved scores of 0.800/0.138 on UNSW-NB15 and 0.803/0.128 on CICIDS2017, demonstrating a substantial improvement in both detection accuracy and retention of past knowledge. The team measured performance across a three-stage attack stream, consistently demonstrating the superior retention-adaptation trade-off of QCL-IDS.

To regain plasticity without retaining sensitive data, the researchers introduced privacy-preserved quantum generative replay (QGR). This technique utilizes frozen, task-conditioned generator snapshots to synthesize bounded rehearsal samples, effectively allowing the system to “practice” on new attacks without storing the original sensitive data. Dimensionality reduction was performed per task using sklearn.decomposition.PCA with n_components=6, applied to standardized training features. The VQC backbone of the quantum classifier uses 6 input features aligned to 6 qubits and a fixed circuit depth of n_layers=3, evaluated using 2048 shots.

Tests prove that the default replay generator, a prototype-based ConditionalQCBM with 6 qubits, operates with a shallow circuit depth of 2 layers and utilizes shot-based sampling with 1024 shots. The generator is trained for a maximum of 300 optimization iterations. When both replay and Q-FISH are enabled, the replay ratio is reduced from 0.3 to 0.1 and the QFI and fidelity weights are adjusted from 0.3 to 0.25 and 0.1 to 0.08 respectively, preventing over-regularization. Class imbalance is handled via weighted BCE or focal loss, with dataset-specific strategies employed to boost attack-class weighting and automatic weight selection.

QCL-IDS preserves security with quantum continual learning

Scientists have developed a new quantum-centric continual-learning framework, QCL-IDS, designed for intrusion detection systems. This framework addresses the challenge of continuously updating detection capabilities to recognise new attack stages while preserving the ability to identify existing threats, all within limited computational and privacy constraints. Researchers further incorporated privacy-preserved quantum generative replay to enable adaptation without retaining sensitive data, using frozen, task-conditioned generator snapshots to create rehearsal samples.

Testing on the UNSW-NB15 and CICIDS2017 datasets demonstrated that QCL-IDS consistently achieved a superior balance between retaining existing knowledge and adapting to new attacks, attaining a mean Attack-F1 score of 0.941 with a forgetting rate of 0.005 on UNSW-NB15 and 0.944 with a forgetting rate of 0.004 on CICIDS2017, significantly outperforming sequential fine-tuning methods. The findings highlight the importance of stability regularization as the primary mechanism for retention in budgeted continual learning, with replay serving as a complementary tool to enhance plasticity and intermediate performance. The authors acknowledge that the framework operates under specific constraints related to qubit and compute budgets, and long-term telemetry storage. Future research could explore the scalability of QCL-IDS to even larger datasets and more complex attack scenarios, as well as investigate the potential for adapting the framework to other security applications beyond intrusion detection. This work establishes a foundation for developing practical, privacy-preserving continual learning systems for cybersecurity in the emerging quantum computing landscape.