Latent Diffusion for Internet of Things Attack Data Generation in Intrusion Detection

TL;DR

This paper introduces a Latent Diffusion Model to generate synthetic attack data for IoT intrusion detection, significantly improving IDS performance and addressing class imbalance with efficient, diverse, and high-fidelity data augmentation.

Contribution

The paper proposes a novel use of Latent Diffusion Models for IoT attack data augmentation, outperforming existing methods in fidelity, diversity, and computational efficiency.

Findings

LDM-generated data improves IDS F1-scores up to 0.99 for DDoS and Mirai attacks.

LDMs generate diverse samples while preserving feature dependencies.

Sampling time is reduced by approximately 25% compared to data-space diffusion models.

Abstract

Intrusion Detection Systems (IDSs) are a key component for protecting Internet of Things (IoT) environments. However, in Machine Learning-based (ML-based) IDSs, performance is often degraded by the strong class imbalance between benign and attack traffic. Although data augmentation has been widely explored to mitigate this issue, existing approaches typically rely on simple oversampling techniques or generative models that struggle to simultaneously achieve high sample fidelity, diversity, and computational efficiency. To address these limitations, we propose the use of a Latent Diffusion Model (LDM) for attack data augmentation in IoT intrusion detection and provide a comprehensive comparison against state-of-the-art baselines. Experiments were conducted on three representative IoT attack types, specifically Distributed Denial-of-Service (DDoS), Mirai, and Man-in-the-Middle, evaluating both downstream IDS performance and intrinsic generative quality using distributional, dependency-based, and diversity metrics. Results show that balancing the training data with LDM-generated samples substantially improves IDS performance, achieving F1-scores of up to 0.99 for DDoS and Mirai attacks and consistently outperforming competing methods. Additionally, quantitative and qualitative analyses demonstrate that LDMs effectively preserve feature dependencies while generating diverse samples and reduce sampling time by approximately 25\% compared to diffusion models operating directly in data space. These findings highlight latent diffusion as an effective and scalable solution for synthetic IoT attack data generation, substantially mitigating the impact of class imbalance in ML-based IDSs for IoT scenarios.