SD-CGAN: Conditional Sinkhorn Divergence GAN for DDoS Anomaly Detection in IoT Networks
Henry Onyeka, Emmanuel Samson, Liang Hong, Tariqul Islam, Imtiaz Ahmed, Kamrul Hasan
TL;DR
This work targets robust anomaly detection in dynamic IoT edge networks amid imbalanced traffic and unseen attacks. It introduces SD-CGAN, a conditional GAN trained on benign traffic and optimized with Sinkhorn Divergence, augmented by CTGAN-generated minority samples to address class imbalance. The approach achieves high detection performance on the CICDDoS2019 exploitative subset and demonstrates stable training with reduced mode collapse, enabling feasible edge deployment. Results outperform several baselines (CNN/LSTM/GAN variants) in precision, recall, F1, and accuracy, and show promising zero-day detection capability when trained only on benign data. The study suggests extending SD-CGAN to multi-class scenarios, validating across more IoT datasets, and adding explainability to interpret anomaly scores.
Abstract
The increasing complexity of IoT edge networks presents significant challenges for anomaly detection, particularly in identifying sophisticated Denial-of-Service (DoS) attacks and zero-day exploits under highly dynamic and imbalanced traffic conditions. This paper proposes SD-CGAN, a Conditional Generative Adversarial Network framework enhanced with Sinkhorn Divergence, tailored for robust anomaly detection in IoT edge environments. The framework incorporates CTGAN-based synthetic data augmentation to address class imbalance and leverages Sinkhorn Divergence as a geometry-aware loss function to improve training stability and reduce mode collapse. The model is evaluated on exploitative attack subsets from the CICDDoS2019 dataset and compared against baseline deep learning and GAN-based approaches. Results show that SD-CGAN achieves superior detection accuracy, precision, recall, and F1-score while maintaining computational efficiency suitable for deployment in edge-enabled IoT environments.