DDP-DAR: Network intrusion detection based on denoising diffusion probabilistic model and dual-attention residual network.

Network intrusion detection (NID) is an effective manner to guarantee the security of cyberspace. However, the scale of normal network traffic is much larger than intrusion traffic (i.e., appearing data imbalance problem), which leads to the training of NID model to be more towards the majority classes, thus affecting the detection effect. Although scholars have solved this problem by reducing normal network traffic or increasing intrusion traffic, while increasing the number of intrusion traffic can effectively expand the scale of datasets in the model training process, which is benefit for training a better NID model. In this paper, we propose a network intrusion detection based on denoising diffusion probabilistic model and dual-attention residual network (DDP-DAR) through feature representation, data augmentation and intrusion detection, respectively. In the feature representation phase, we propose a novel feature representation method to better represent network traffic in the format of RGB images by storing global features and local features. In the data augmentation phase, we utilize the denoising diffusion probabilistic model instead of traditional data augmentation models (e.g., VAE, GAN), and then introduce the cosine noise addition and learnable variance parameter strategies to improve the denoising diffusion model for generating RGB images with high quality. In the intrusion detection phase, we propose the detection method based on dual-attention residual network, which performs feature extraction through multilayer network structure and dual-attention mechanism to get the higher level and more important information, thereby detecting intrusion traffic more accurately. Compared with the state-of-the-art data augmentation-based NID methods, a large number of experimental results show that DDP-DAR performs better in four metrics of Accuracy, F1-measure, FPR and ROC-AUC; Meanwhile, the detection results of DDP-DAR are more stable.