Diff-IDS:A Network Intrusion Detection Model Based on Diffusion Model for Imbalanced Data Samples  

作　　者：Yue Yang Xiangyan Tang Zhaowu Liu Jieren Cheng Haozhe Fang Cunyi Zhang 

机构地区：[1]School of Cyberspace Security,Hainan University,Haikou,570228,China [2]Hainan Province Blockchain Technology Engineering Research Center,Haikou,570228,China [3]School of Computer Science and Technology,Hainan University,Haikou,570228,China

出　　处：《Computers, Materials & Continua》2025年第3期4389-4408,共20页计算机、材料和连续体(英文)

基　　金：supported by the Key Research and Development Program of Hainan Province(Grant Nos.ZDYF2024GXJS014,ZDYF2023GXJS163);the National Natural Science Foundation of China(NSFC)(Grant Nos.62162022,62162024);Collaborative Innovation Project of Hainan University(XTCX2022XXB02).

摘　　要：With the rapid development of Internet of Things technology,the sharp increase in network devices and their inherent security vulnerabilities present a stark contrast,bringing unprecedented challenges to the field of network security,especially in identifying malicious attacks.However,due to the uneven distribution of network traffic data,particularly the imbalance between attack traffic and normal traffic,as well as the imbalance between minority class attacks and majority class attacks,traditional machine learning detection algorithms have significant limitations when dealing with sparse network traffic data.To effectively tackle this challenge,we have designed a lightweight intrusion detection model based on diffusion mechanisms,named Diff-IDS,with the core objective of enhancing the model’s efficiency in parsing complex network traffic features,thereby significantly improving its detection speed and training efficiency.The model begins by finely filtering network traffic features and converting them into grayscale images,while also employing image-flipping techniques for data augmentation.Subsequently,these preprocessed images are fed into a diffusion model based on the Unet architecture for training.Once the model is trained,we fix the weights of the Unet network and propose a feature enhancement algorithm based on feature masking to further boost the model’s expressiveness.Finally,we devise an end-to-end lightweight detection strategy to streamline the model,enabling efficient lightweight detection of imbalanced samples.Our method has been subjected to multiple experimental tests on renowned network intrusion detection benchmarks,including CICIDS 2017,KDD 99,and NSL-KDD.The experimental results indicate that Diff-IDS leads in terms of detection accuracy,training efficiency,and lightweight metrics compared to the current state-of-the-art models,demonstrating exceptional detection capabilities and robustness.

关 键 词：Network traffic feature enhancement diffusion model multi-classification Algorithm 2(continued)13:end for 14:Return y 

分 类 号：TP3[自动化与计算机技术—计算机科学与技术]