Packet-Level DDoS Data Augmentation Using Dual-Stream Temporal-Field Diffusion

TL;DR

This paper introduces DSTF-Diffusion, a novel multi-view generative model for synthetic DDoS traffic data that better captures complex temporal and spatial patterns, improving ML detection accuracy.

Contribution

The paper presents a dual-stream diffusion-based generative model that effectively captures both spatial and temporal features of network traffic for realistic DDoS data augmentation.

Findings

Generated data shows higher statistical similarity to real traces.

Enhanced ML detection performance using augmented data.

Outperforms existing synthetic data generation methods.

Abstract

In response to Distributed Denial of Service (DDoS) attacks, recent research efforts increasingly rely on Machine Learning (ML)-based solutions, whose effectiveness largely depends on the quality of labeled training datasets. To address the scarcity of such datasets, data augmentation with synthetic traces is often employed. However, current synthetic trace generation methods struggle to capture the complex temporal patterns and spatial distributions exhibited in emerging DDoS attacks. This results in insufficient resemblance to real traces and unsatisfied detection accuracy when applied to ML tasks. In this paper, we propose Dual-Stream Temporal-Field Diffusion (DSTF-Diffusion), a multi-view, multi-stream network traffic generative model based on diffusion models, featuring two main streams: The field stream utilizes spatial mapping to bridge network data characteristics with pre-trained realms of stable diffusion models, effectively translating complex network interactions into formats that stable diffusion can process, while the spatial stream adopts a dynamic temporal modeling approach, meticulously capturing the intrinsic temporal patterns of network traffic. Extensive experiments demonstrate that data generated by our model exhibits higher statistical similarity to originals compared to current state-of-the-art solutions, and enhance performances on a wide range of downstream tasks.