Table of Contents
Fetching ...

Diffusion-Driven Synthetic Tabular Data Generation for Enhanced DoS/DDoS Attack Classification

Aravind B, Anirud R. S., Sai Surya Teja N, Bala Subrahmanya Sriranga Navaneeth A, Karthika R, Mohankumar N

TL;DR

This work tackles severe class imbalance in DoS/DDoS intrusion detection by employing per-class TabDDPM diffusion models to generate diverse, high-fidelity minority-class samples on CIC-IDS-2017. The diffusion-augmented data are used to train a compact ANN, yielding a macro-F1 of about 0.989 and near-perfect recall for minority attacks, outperforming both baseline and SMOTE oversampling. The study demonstrates that diffusion-based tabular data generation can provide realistic, privacy-preserving augmentation that improves detection of rare attack patterns and could be extended to fraud detection and medical domains. Practical insights include detailed diffusion training parameters, per-class generation, and efficient training compared to baseline approaches, highlighting diffusion models as a robust solution for imbalanced cybersecurity datasets.

Abstract

Class imbalance refers to a situation where certain classes in a dataset have significantly fewer samples than oth- ers, leading to biased model performance. Class imbalance in network intrusion detection using Tabular Denoising Diffusion Probability Models (TabDDPM) for data augmentation is ad- dressed in this paper. Our approach synthesizes high-fidelity minority-class samples from the CIC-IDS2017 dataset through iterative denoising processes. For the minority classes that have smaller samples, synthetic samples were generated and merged with the original dataset. The augmented training data enables an ANN classifier to achieve near-perfect recall on previously underrepresented attack classes. These results establish diffusion models as an effective solution for tabular data imbalance in security domains, with potential applications in fraud detection and medical diagnostics.

Diffusion-Driven Synthetic Tabular Data Generation for Enhanced DoS/DDoS Attack Classification

TL;DR

This work tackles severe class imbalance in DoS/DDoS intrusion detection by employing per-class TabDDPM diffusion models to generate diverse, high-fidelity minority-class samples on CIC-IDS-2017. The diffusion-augmented data are used to train a compact ANN, yielding a macro-F1 of about 0.989 and near-perfect recall for minority attacks, outperforming both baseline and SMOTE oversampling. The study demonstrates that diffusion-based tabular data generation can provide realistic, privacy-preserving augmentation that improves detection of rare attack patterns and could be extended to fraud detection and medical domains. Practical insights include detailed diffusion training parameters, per-class generation, and efficient training compared to baseline approaches, highlighting diffusion models as a robust solution for imbalanced cybersecurity datasets.

Abstract

Class imbalance refers to a situation where certain classes in a dataset have significantly fewer samples than oth- ers, leading to biased model performance. Class imbalance in network intrusion detection using Tabular Denoising Diffusion Probability Models (TabDDPM) for data augmentation is ad- dressed in this paper. Our approach synthesizes high-fidelity minority-class samples from the CIC-IDS2017 dataset through iterative denoising processes. For the minority classes that have smaller samples, synthetic samples were generated and merged with the original dataset. The augmented training data enables an ANN classifier to achieve near-perfect recall on previously underrepresented attack classes. These results establish diffusion models as an effective solution for tabular data imbalance in security domains, with potential applications in fraud detection and medical diagnostics.
Paper Structure (15 sections, 8 figures, 3 tables)

This paper contains 15 sections, 8 figures, 3 tables.

Figures (8)

  • Figure 1: Effect of Balanced vs. Imbalanced Data on Decision Boundaries (Left: clear class separation, Right: Skewed Boundary & Rare attack mis-classification despite high overall accuracy.)
  • Figure 2: Workflow of DoS/DDoS detection using diffusion-based data augmentation and neural network classifier
  • Figure 3: Confusion matrix of baseline model (no augmentation, F1 = 0.86) showing severe minority class misclassifications due to class imbalance
  • Figure 4: Confusion matrix of SMOTE-augmented model (F1 = 0.89): improved minority recall with precision loss from boundary overlap
  • Figure 5: Confusion matrix of TabDDPM-augmented model (F1 = 0.989): near-perfect classification with robust minority attack detection
  • ...and 3 more figures