关键词: 去噪扩散概率模型, 入侵检测, 稀有类攻击流量, 不平衡数据, 深度学习

Abstract: The rapid development of the Internet and Internet of things (IoT) technologies has made it an urgent task to guarantee the security of network systems. However, traditional intrusion detection models have limitations when facing with rare classes of attack traffic in complex network environments. The imbalance in data across different types of network traffic adversely affects the overall classification performance of these models. To address the above issues, this paper proposes an intrusion detection method, DDPM_1DCNN_BiLSTM, based on a denoising diffusion probability model. The proposed method utilizes diffusion probabilistic model to generate rare classes of attack traffic data for sample augmentation. Subsequently, 1DCNN_BiLSTM model integrated withselfattention mechanism are used to extract features and detect traffic. The experiments use the unbalanced intrusion detection dataset NSLKDD to train 1DCNN_BiLSTM with existing common classification models including randomforest, decisiontree, etc. on the original training set and the balanced dataset respectively, and uses the trained model to classify the same test set. The experimental results indicate that various existing classification models trained on the balanced dataset perform better in the test set compared to the models trained on the original unbalanced dataset. Furthermore, the proposed method has higher accuracy and F1 score compared to common intrusion detection methods, proving the effectiveness of the proposed method to improve the detection rate of the rare class of attack traffic and the comprehensive capability of intrusion detection.

Key words: denoising diffusion probabilistic model, intrusion detection, rare class attack traffic, unbalanced data, deep learning