Open Access

ARTICLE

Diff-IDS: A Network Intrusion Detection Model Based on Diffusion Model for Imbalanced Data Samples

Yue Yang^1,2, Xiangyan Tang^2,3,*, Zhaowu Liu^2,3,*, Jieren Cheng^2,3, Haozhe Fang³, Cunyi Zhang³

1 School of Cyberspace Security, Hainan University, Haikou, 570228, China
2 Hainan Province Blockchain Technology Engineering Research Center, Haikou, 570228, China
3 School of Computer Science and Technology, Hainan University, Haikou, 570228, China

* Corresponding Authors: Xiangyan Tang. Email: ; Zhaowu Liu. Email:

Computers, Materials & Continua 2025, 82(3), 4389-4408. https://doi.org/10.32604/cmc.2025.060357

Received 30 October 2024; Accepted 23 December 2024; Issue published 06 March 2025

Abstract

With the rapid development of Internet of Things technology, the sharp increase in network devices and their inherent security vulnerabilities present a stark contrast, bringing unprecedented challenges to the field of network security, especially in identifying malicious attacks. However, due to the uneven distribution of network traffic data, particularly the imbalance between attack traffic and normal traffic, as well as the imbalance between minority class attacks and majority class attacks, traditional machine learning detection algorithms have significant limitations when dealing with sparse network traffic data. To effectively tackle this challenge, we have designed a lightweight intrusion detection model based on diffusion mechanisms, named Diff-IDS, with the core objective of enhancing the model’s efficiency in parsing complex network traffic features, thereby significantly improving its detection speed and training efficiency. The model begins by finely filtering network traffic features and converting them into grayscale images, while also employing image-flipping techniques for data augmentation. Subsequently, these preprocessed images are fed into a diffusion model based on the Unet architecture for training. Once the model is trained, we fix the weights of the Unet network and propose a feature enhancement algorithm based on feature masking to further boost the model’s expressiveness. Finally, we devise an end-to-end lightweight detection strategy to streamline the model, enabling efficient lightweight detection of imbalanced samples. Our method has been subjected to multiple experimental tests on renowned network intrusion detection benchmarks, including CICIDS 2017, KDD 99, and NSL-KDD. The experimental results indicate that Diff-IDS leads in terms of detection accuracy, training efficiency, and lightweight metrics compared to the current state-of-the-art models, demonstrating exceptional detection capabilities and robustness.

---

Keywords

---