Software Supply Chain Vulnerabilities Detection in Source Code: Performance Comparison between Traditional and Quantum Machine Learning Algorithms

Authors

Mst Shapna Akter, Kennesaw State University
Md Jobair Hossain Faruk, Kennesaw State University
Nafisa Anjum, Kennesaw State University
Mohammad Masum, San Jose State UniversityFollow
Hossain Shahriar, Kennesaw State University
Nazmus Sakib, Kennesaw State University
Akond Rahman, Auburn University
Fan Wu, Tuskegee University
Alfredo Cuzzocrea, Università della Calabria

Publication Date

1-1-2022

Document Type

Conference Proceeding

Publication Title

Proceedings - 2022 IEEE International Conference on Big Data, Big Data 2022

DOI

10.1109/BigData55660.2022.10020813

First Page

5639

Last Page

5645

Abstract

The software supply chain (SSC) attack has become one of the crucial issues that are being increased rapidly with the advancement of the software development domain. In general, SSC attacks execute during the software development processes lead to vulnerabilities in software products targeting downstream customers and even involved stakeholders. Machine Learning approaches are proven in detecting and preventing software security vulnerabilities. Besides, emerging quantum machine learning can be promising in addressing SSC attacks. Considering the distinction between traditional and quantum machine learning, performance could be varies based on the proportions of the experimenting dataset. In this paper, we conduct a comparative analysis between quantum neural networks (QNN) and conventional neural networks (NN) with a software supply chain attack dataset known as ClaMP. Our goal is to distinguish the performance between QNN and NN and to conduct the experiment, we develop two different models for QNN and NN by utilizing Pennylane for quantum and TensorFlow and Keras for traditional respectively. We evaluated the performance of both models with different proportions of the ClaMP dataset to identify the f1 score, recall, precision, and accuracy. We also measure the execution time to check the efficiency of both models. The demonstration result indicates that execution time for QNN is slower than NN with a higher percentage of datasets. Due to recent advancements in QNN, a large level of experiments shall be carried out to understand both models accurately in our future research.

Funding Number

2209636

Funding Sponsor

National Science Foundation

Keywords

ClaMP, Neural Network (NN), Pennylane, Quantum machine learning, Quantum neural network (QNN), Software supply chain Security, TensorFlow

Department

Applied Data Science

Recommended Citation

Mst Shapna Akter, Md Jobair Hossain Faruk, Nafisa Anjum, Mohammad Masum, Hossain Shahriar, Nazmus Sakib, Akond Rahman, Fan Wu, and Alfredo Cuzzocrea. "Software Supply Chain Vulnerabilities Detection in Source Code: Performance Comparison between Traditional and Quantum Machine Learning Algorithms" Proceedings - 2022 IEEE International Conference on Big Data, Big Data 2022 (2022): 5639-5645. https://doi.org/10.1109/BigData55660.2022.10020813