GMDDPM-CT: Advancing network intrusion detection through diffusion-based sample synthesis and deep learning

With the increasing complexity of network security threats, Network Intrusion Detection Systems (NIDS) face heightened challenges in identifying minority-class attack samples within network traffic. Detecting these rare attack flows is essential for maintaining system security; however, their low frequency significantly hinders detection. To address this challenge, we introduce GMDDPM-CT, a novel method that integrates the Gaussian and Multinomial Denoising Diffusion Probabilistic Model (GMDDPM) for data balancing with a CNN-Transformer for classification. The GMDDPM component utilizes a diffusion model to generate synthetic samples for minority classes, addressing sample scarcity and enhancing data balance effectively. We conducted experiments on several network traffic datasets, including CIC-IDS2017, CICIoT 2023, NSL-KDD, and UNSW-NB15, by harnessing the CNN-Transformer’s powerful feature extraction capabilities. Our findings indicate that GMDDPM-CT consistently outperforms traditional data balancing methods across key performance metrics, demonstrating high efficacy in detecting minority-class traffic across various datasets. The innovative application of diffusion models to resolve network traffic data imbalance underscores GMDDPM-CT’s strong generalization ability, offering a promising solution for improving intrusion detection in complex network security environments.