Packet-Level DDoS Data Augmentation Using Dual-Stream Temporal-Field Diffusion
This work addresses the scarcity of labeled training datasets for ML-based DDoS detection, which is a critical issue for network security, though it appears incremental as it builds on existing diffusion models.
The paper tackles the problem of generating synthetic network traffic data for DDoS attack detection by proposing DSTF-Diffusion, a diffusion-based model that captures temporal and spatial patterns, resulting in higher statistical similarity to real data and improved performance on downstream tasks.
In response to Distributed Denial of Service (DDoS) attacks, recent research efforts increasingly rely on Machine Learning (ML)-based solutions, whose effectiveness largely depends on the quality of labeled training datasets. To address the scarcity of such datasets, data augmentation with synthetic traces is often employed. However, current synthetic trace generation methods struggle to capture the complex temporal patterns and spatial distributions exhibited in emerging DDoS attacks. This results in insufficient resemblance to real traces and unsatisfied detection accuracy when applied to ML tasks. In this paper, we propose Dual-Stream Temporal-Field Diffusion (DSTF-Diffusion), a multi-view, multi-stream network traffic generative model based on diffusion models, featuring two main streams: The field stream utilizes spatial mapping to bridge network data characteristics with pre-trained realms of stable diffusion models, effectively translating complex network interactions into formats that stable diffusion can process, while the spatial stream adopts a dynamic temporal modeling approach, meticulously capturing the intrinsic temporal patterns of network traffic. Extensive experiments demonstrate that data generated by our model exhibits higher statistical similarity to originals compared to current state-of-the-art solutions, and enhance performances on a wide range of downstream tasks.