This work addresses the lack of interpretability in existing network intrusion detection systems and the inability of classical subgroup discovery methods to effectively uncover critical multi-feature interactions in high-dimensional spaces. The study pioneers a quantum optimization formulation of subgroup discovery by encoding feature selection into a QUBO (Quadratic Unconstrained Binary Optimization) model, integrating least-squares regression to approximate the WRAcc (Weighted Relative Accuracy) objective function. The resulting problem is solved using the Quantum Approximate Optimization Algorithm (QAOA) on IBM Quantum hardware (ibm_pittsburgh). In experiments with 10–25 qubits, the approach achieves WRAcc scores ranging from 0.624 to 0.983 and yields unique subgroups with test accuracy up to 99.6%, substantially outperforming classical beam search. Notably, it uncovers high-order interaction patterns previously pruned by greedy strategies, establishing a novel paradigm for quantum combinatorial optimization in cybersecurity tailored to NISQ-era devices.

While current network intrusion detection systems achieve satisfactory accuracy, they often lack explainability. Subgroup Discovery (SD) addresses this by building interpretable rules that characterize feature interactions associated with attack traffic. With large datasets, classical heuristic beam search methods struggle with exponentially scaling search spaces and can prune critical multi-feature interactions. This paper introduces a quantum-enhanced pipeline for SD applied to network intrusion detection using NSL-KDD, formulating SD as quantum optimization for the first time. By encoding feature selection as a Quadratic Unconstrained Binary Optimization (QUBO) and solving it via the Quantum Approximate Optimization Algorithm (QAOA) on IBM Quantum hardware (ibm_pittsburgh), the pipeline identifies subgroups of network features that discriminate normal from attack traffic. A least-squares regression QUBO formulation fits the Weighted Relative Accuracy (WRAcc) landscape over feature subsets, with surrogate sampling for larger QUBOs. Results are benchmarked against exhaustive enumeration and Beam Search using ratios for Hamiltonian quality and WRAcc. Hardware scaling experiments on ibm_pittsburgh (10-30 qubits) reveal that QAOA at depth p = 1 shows WRAcc ratios of 0.983 at 10 qubits, 0.971 at 15 qubits, 0.855 at 20 qubits, and 0.624 at 25 qubits, degrading to 0.039 at 30 qubits as circuit noise dominates, establishing an empirical NISQ scaling boundary. Results demonstrate that QAOA discovers subgroups competitive with classical heuristics and finds multi-feature interaction patterns that greedy Beam Search prunes, with QAOA-unique subgroups achieving up to 99.6% test precision. This work establishes a framework for quantum combinatorial optimization in cybersecurity and characterizes hardware scaling for NISQ devices.