Diffusion-Based Intrusion Detection: A Unified Comparison of Augmentation, Feature Extraction, and Purification with Bayesian Optimization
摘要
Diffusion models are being adopted in Intrusion Detection Systems (IDS) for data augmentation, representation learning, and defense against adversarial noise. This study offers a unified evaluation of three integration strategies—Diffusion Data Augmentation (DDA-IDS), Diffusion Feature Extraction (DFE-IDS), and Diffusion-based Adversarial Purification (DAP-IDS)—implemented with the same backbone and assessed under an identical protocol on NSL-KDD. Bayesian Optimization (BO) tunes diffusion and classifier hyperparameters against a minority-aware validation objective (macro-F1). On clean traffic, DDA-IDS without BO achieves the best class balance (highest macro-F1). DFE-IDS underperforms due to feature overlap with the normal class, depressing r2l/u2r detection. DAP-IDS is the only pipeline that consistently benefits from BO, which raises rare-class recall while preserving dos and normal performance. These results show that the value of BO is method-dependent and that macro-F1 together with confusion-matrix analysis is essential for fair assessment beyond overall accuracy. The findings provide practical guidance for choosing among augmentation, representation learning, and purification under different latency and robustness requirements, and motivate hybrid designs that combine these roles for real-world deployment.