Quantifying the Privacy Implications of High-Fidelity Synthetic Network Traffic

TL;DR

This work addresses the privacy risks of high-fidelity synthetic network traffic by proposing a comprehensive privacy metric suite that combines membership inference, data extraction, and network-specific leakage tests across four diverse generative models and five datasets. It systematically quantifies how readily attackers can infer training membership, memorize and reproduce training data, and infer sensitive network semantics such as identifiers, properties, and topology. The study reveals substantial leakage variability driven by attacker capabilities, training data diversity, and model overfitting, and demonstrates that anonymization and differential-privacy-inspired noise offer distinct privacy-utility tradeoffs. The findings provide practical guidance for designing and deploying synthetic network traffic with minimized leakage while acknowledging that no single mitigation universally solves all risks; benchmarks that jointly report fidelity, utility, and privacy risk are needed for informed method selection.

Abstract

To address the scarcity and privacy concerns of network traffic data, various generative models have been developed to produce synthetic traffic. However, synthetic traffic is not inherently privacy-preserving, and the extent to which it leaks sensitive information, and how to measure such leakage, remain largely unexplored. This challenge is further compounded by the diversity of model architectures, which shape how traffic is represented and synthesized. We introduce a comprehensive set of privacy metrics for synthetic network traffic, combining standard approaches like membership inference attacks (MIA) and data extraction attacks with network-specific identifiers and attributes. Using these metrics, we systematically evaluate the vulnerability of different representative generative models and examine the factors that influence attack success. Our results reveal substantial variability in privacy risks across models and datasets. MIA success ranges from 0% to 88%, and up to 100% of network identifiers can be recovered from generated traffic, highlighting serious privacy vulnerabilities. We further identify key factors that significantly affect attack outcomes, including training data diversity and how well the generative model fits the training data. These findings provide actionable guidance for designing and deploying generative models that minimize privacy leakage, establishing a foundation for safer synthetic network traffic generation.

Figures (13)

• Figure 1: Pipeline of splitting each dataset into non-training, training and auxiliary data.
• Figure 2: Pipeline of Membership Inference Attacks (MIA). (1) The data owner trains the generative model and makes it available as a service to everyone. (2) An attacker queries the generative model to extract signals and trains a binary attacker model to predict membership. (3) To predict membership of a target sample, an attacker first queries the generative model to extract signals, then predicts membership using the trained attacker model.
• Figure 3: MIA performance across different generative models and datasets. NetSSM is most vulnerable, followed by TrafficLLM and NetDiffusion. MIA is highly successful on IoT and SR datasets.
• Figure 4: Data extraction attack performance across different generative models and datasets. NetDiffusion shows no vulnerability to data extraction, while extractable rates on NetSSM and TrafficLLM can exceed 0.8 on certain datasets.
• Figure 5: Extractable rate across different positions for NetSSM. Higher extractable rate is observed at positions 1-9 and 27-33.