{"id":"https://openalex.org/W7117872734","doi":"https://doi.org/10.1109/milcom64451.2025.11309356","title":"NI-Diff: Zero-Day and Adversarial Network Intrusion Detection with Diffusion Models","display_name":"NI-Diff: Zero-Day and Adversarial Network Intrusion Detection with Diffusion Models","publication_year":2025,"publication_date":"2025-10-06","ids":{"openalex":"https://openalex.org/W7117872734","doi":"https://doi.org/10.1109/milcom64451.2025.11309356"},"language":null,"primary_location":{"id":"doi:10.1109/milcom64451.2025.11309356","is_oa":false,"landing_page_url":"https://doi.org/10.1109/milcom64451.2025.11309356","pdf_url":null,"source":null,"license":null,"license_id":null,"version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"MILCOM 2025 - 2025 IEEE Military Communications Conference (MILCOM)","raw_type":"proceedings-article"},"type":"article","indexed_in":["crossref"],"open_access":{"is_oa":false,"oa_status":"closed","oa_url":null,"any_repository_has_fulltext":false},"authorships":[{"author_position":"first","author":{"id":"https://openalex.org/A5100656865","display_name":"Milin Zhang","orcid":"https://orcid.org/0009-0002-9675-8352"},"institutions":[{"id":"https://openalex.org/I12912129","display_name":"Northeastern University","ror":"https://ror.org/04t5xt781","country_code":"US","type":"education","lineage":["https://openalex.org/I12912129"]}],"countries":["US"],"is_corresponding":true,"raw_author_name":"Milin Zhang","raw_affiliation_strings":["Northeastern University,United States"],"affiliations":[{"raw_affiliation_string":"Northeastern University,United States","institution_ids":["https://openalex.org/I12912129"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5121735713","display_name":"Michael J. De Lucia","orcid":null},"institutions":[{"id":"https://openalex.org/I2802705668","display_name":"United States Army Combat Capabilities Development Command","ror":"https://ror.org/02rdkx920","country_code":"US","type":"other","lineage":["https://openalex.org/I1304082316","https://openalex.org/I1330347796","https://openalex.org/I2802705668","https://openalex.org/I4210154437"]},{"id":"https://openalex.org/I166416128","display_name":"DEVCOM Army Research Laboratory","ror":"https://ror.org/011hc8f90","country_code":"US","type":"government","lineage":["https://openalex.org/I1304082316","https://openalex.org/I1330347796","https://openalex.org/I166416128","https://openalex.org/I2802705668","https://openalex.org/I4210154437"]}],"countries":["US"],"is_corresponding":false,"raw_author_name":"Michael De Lucia","raw_affiliation_strings":["DEVCOM Army Research Laboratory,United States"],"affiliations":[{"raw_affiliation_string":"DEVCOM Army Research Laboratory,United States","institution_ids":["https://openalex.org/I166416128","https://openalex.org/I2802705668"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5121715949","display_name":"Ananthram Swami","orcid":null},"institutions":[{"id":"https://openalex.org/I2802705668","display_name":"United States Army Combat Capabilities Development Command","ror":"https://ror.org/02rdkx920","country_code":"US","type":"other","lineage":["https://openalex.org/I1304082316","https://openalex.org/I1330347796","https://openalex.org/I2802705668","https://openalex.org/I4210154437"]},{"id":"https://openalex.org/I166416128","display_name":"DEVCOM Army Research Laboratory","ror":"https://ror.org/011hc8f90","country_code":"US","type":"government","lineage":["https://openalex.org/I1304082316","https://openalex.org/I1330347796","https://openalex.org/I166416128","https://openalex.org/I2802705668","https://openalex.org/I4210154437"]}],"countries":["US"],"is_corresponding":false,"raw_author_name":"Ananthram Swami","raw_affiliation_strings":["DEVCOM Army Research Laboratory,United States"],"affiliations":[{"raw_affiliation_string":"DEVCOM Army Research Laboratory,United States","institution_ids":["https://openalex.org/I166416128","https://openalex.org/I2802705668"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5006871792","display_name":"Jonathan Ashdown","orcid":"https://orcid.org/0000-0001-7202-1095"},"institutions":[{"id":"https://openalex.org/I1280414376","display_name":"United States Air Force Research Laboratory","ror":"https://ror.org/02e2egq70","country_code":"US","type":"facility","lineage":["https://openalex.org/I1280414376","https://openalex.org/I1330347796","https://openalex.org/I4210102105","https://openalex.org/I4389425425"]}],"countries":["US"],"is_corresponding":false,"raw_author_name":"Jonathan Ashdown","raw_affiliation_strings":["Air Force Research Laboratory,United States"],"affiliations":[{"raw_affiliation_string":"Air Force Research Laboratory,United States","institution_ids":["https://openalex.org/I1280414376"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5032194186","display_name":"Nathaniel D. Bastian","orcid":"https://orcid.org/0000-0001-9957-2778"},"institutions":[{"id":"https://openalex.org/I4210152400","display_name":"Military Medical Academy","ror":"https://ror.org/04szvwj50","country_code":"EG","type":"healthcare","lineage":["https://openalex.org/I4210152400"]}],"countries":["EG"],"is_corresponding":false,"raw_author_name":"Nathaniel D. Bastian","raw_affiliation_strings":["United States Military Academy,United States"],"affiliations":[{"raw_affiliation_string":"United States Military Academy,United States","institution_ids":["https://openalex.org/I4210152400"]}]},{"author_position":"last","author":{"id":"https://openalex.org/A5121704481","display_name":"Francesco Restuccia","orcid":null},"institutions":[{"id":"https://openalex.org/I12912129","display_name":"Northeastern University","ror":"https://ror.org/04t5xt781","country_code":"US","type":"education","lineage":["https://openalex.org/I12912129"]}],"countries":["US"],"is_corresponding":false,"raw_author_name":"Francesco Restuccia","raw_affiliation_strings":["Northeastern University,United States"],"affiliations":[{"raw_affiliation_string":"Northeastern University,United States","institution_ids":["https://openalex.org/I12912129"]}]}],"institutions":[],"countries_distinct_count":2,"institutions_distinct_count":6,"corresponding_author_ids":["https://openalex.org/A5100656865"],"corresponding_institution_ids":["https://openalex.org/I12912129"],"apc_list":null,"apc_paid":null,"fwci":0.0,"has_fulltext":false,"cited_by_count":0,"citation_normalized_percentile":{"value":0.82012269,"is_in_top_1_percent":false,"is_in_top_10_percent":false},"cited_by_percentile_year":null,"biblio":{"volume":null,"issue":null,"first_page":"776","last_page":"781"},"is_retracted":false,"is_paratext":false,"is_xpac":false,"primary_topic":{"id":"https://openalex.org/T11689","display_name":"Adversarial Robustness in Machine Learning","score":0.7814000248908997,"subfield":{"id":"https://openalex.org/subfields/1702","display_name":"Artificial Intelligence"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},"topics":[{"id":"https://openalex.org/T11689","display_name":"Adversarial Robustness in Machine Learning","score":0.7814000248908997,"subfield":{"id":"https://openalex.org/subfields/1702","display_name":"Artificial Intelligence"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T10400","display_name":"Network Security and Intrusion Detection","score":0.09109999984502792,"subfield":{"id":"https://openalex.org/subfields/1705","display_name":"Computer Networks and Communications"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T11241","display_name":"Advanced Malware Detection Techniques","score":0.017999999225139618,"subfield":{"id":"https://openalex.org/subfields/1711","display_name":"Signal Processing"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}}],"keywords":[{"id":"https://openalex.org/keywords/adversarial-system","display_name":"Adversarial system","score":0.8842999935150146},{"id":"https://openalex.org/keywords/inference","display_name":"Inference","score":0.6000000238418579},{"id":"https://openalex.org/keywords/intrusion-detection-system","display_name":"Intrusion detection system","score":0.5939000248908997},{"id":"https://openalex.org/keywords/leverage","display_name":"Leverage (statistics)","score":0.5248000025749207},{"id":"https://openalex.org/keywords/key","display_name":"Key (lock)","score":0.4453999996185303},{"id":"https://openalex.org/keywords/intuition","display_name":"Intuition","score":0.4302999973297119},{"id":"https://openalex.org/keywords/flow-network","display_name":"Flow network","score":0.40139999985694885},{"id":"https://openalex.org/keywords/attack-model","display_name":"Attack model","score":0.38839998841285706}],"concepts":[{"id":"https://openalex.org/C37736160","wikidata":"https://www.wikidata.org/wiki/Q1801315","display_name":"Adversarial system","level":2,"score":0.8842999935150146},{"id":"https://openalex.org/C41008148","wikidata":"https://www.wikidata.org/wiki/Q21198","display_name":"Computer science","level":0,"score":0.7092000246047974},{"id":"https://openalex.org/C2776214188","wikidata":"https://www.wikidata.org/wiki/Q408386","display_name":"Inference","level":2,"score":0.6000000238418579},{"id":"https://openalex.org/C35525427","wikidata":"https://www.wikidata.org/wiki/Q745881","display_name":"Intrusion detection system","level":2,"score":0.5939000248908997},{"id":"https://openalex.org/C154945302","wikidata":"https://www.wikidata.org/wiki/Q11660","display_name":"Artificial intelligence","level":1,"score":0.5654000043869019},{"id":"https://openalex.org/C153083717","wikidata":"https://www.wikidata.org/wiki/Q6535263","display_name":"Leverage (statistics)","level":2,"score":0.5248000025749207},{"id":"https://openalex.org/C119857082","wikidata":"https://www.wikidata.org/wiki/Q2539","display_name":"Machine learning","level":1,"score":0.4693000018596649},{"id":"https://openalex.org/C124101348","wikidata":"https://www.wikidata.org/wiki/Q172491","display_name":"Data mining","level":1,"score":0.4575999975204468},{"id":"https://openalex.org/C26517878","wikidata":"https://www.wikidata.org/wiki/Q228039","display_name":"Key (lock)","level":2,"score":0.4453999996185303},{"id":"https://openalex.org/C132010649","wikidata":"https://www.wikidata.org/wiki/Q189222","display_name":"Intuition","level":2,"score":0.4302999973297119},{"id":"https://openalex.org/C114809511","wikidata":"https://www.wikidata.org/wiki/Q1412924","display_name":"Flow network","level":2,"score":0.40139999985694885},{"id":"https://openalex.org/C65856478","wikidata":"https://www.wikidata.org/wiki/Q3991682","display_name":"Attack model","level":2,"score":0.38839998841285706},{"id":"https://openalex.org/C2988773926","wikidata":"https://www.wikidata.org/wiki/Q25104379","display_name":"Generative adversarial network","level":3,"score":0.3652999997138977},{"id":"https://openalex.org/C182590292","wikidata":"https://www.wikidata.org/wiki/Q989632","display_name":"Network security","level":2,"score":0.32829999923706055},{"id":"https://openalex.org/C39890363","wikidata":"https://www.wikidata.org/wiki/Q36108","display_name":"Generative grammar","level":2,"score":0.32510000467300415},{"id":"https://openalex.org/C2988382989","wikidata":"https://www.wikidata.org/wiki/Q370685","display_name":"Data space","level":2,"score":0.320499986410141},{"id":"https://openalex.org/C67186912","wikidata":"https://www.wikidata.org/wiki/Q367664","display_name":"Data modeling","level":2,"score":0.3190999925136566},{"id":"https://openalex.org/C158251709","wikidata":"https://www.wikidata.org/wiki/Q354025","display_name":"Intrusion","level":2,"score":0.3188999891281128},{"id":"https://openalex.org/C108583219","wikidata":"https://www.wikidata.org/wiki/Q197536","display_name":"Deep learning","level":2,"score":0.2612000107765198},{"id":"https://openalex.org/C177769412","wikidata":"https://www.wikidata.org/wiki/Q278090","display_name":"Prior probability","level":3,"score":0.25949999690055847}],"mesh":[],"locations_count":1,"locations":[{"id":"doi:10.1109/milcom64451.2025.11309356","is_oa":false,"landing_page_url":"https://doi.org/10.1109/milcom64451.2025.11309356","pdf_url":null,"source":null,"license":null,"license_id":null,"version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"MILCOM 2025 - 2025 IEEE Military Communications Conference (MILCOM)","raw_type":"proceedings-article"}],"best_oa_location":null,"sustainable_development_goals":[],"awards":[],"funders":[{"id":"https://openalex.org/F4320306076","display_name":"National Science Foundation","ror":"https://ror.org/021nxhr62"},{"id":"https://openalex.org/F4320337345","display_name":"Office of Naval Research","ror":"https://ror.org/00rk2pe57"},{"id":"https://openalex.org/F4320338279","display_name":"Air Force Office of Scientific Research","ror":"https://ror.org/011e9bt93"}],"has_content":{"grobid_xml":false,"pdf":false},"content_urls":null,"referenced_works_count":23,"referenced_works":["https://openalex.org/W2180612164","https://openalex.org/W2921453769","https://openalex.org/W2950689937","https://openalex.org/W2959392253","https://openalex.org/W3011253173","https://openalex.org/W3047132966","https://openalex.org/W3082065751","https://openalex.org/W3102844060","https://openalex.org/W3155868884","https://openalex.org/W3198511875","https://openalex.org/W3209929369","https://openalex.org/W3212419298","https://openalex.org/W4226135488","https://openalex.org/W4382281941","https://openalex.org/W4385730905","https://openalex.org/W4386083133","https://openalex.org/W4398150616","https://openalex.org/W4401786193","https://openalex.org/W4405102691","https://openalex.org/W4405531485","https://openalex.org/W4406371502","https://openalex.org/W4406518089","https://openalex.org/W4409156093"],"related_works":[],"abstract_inverted_index":{"While":[0],"Deep":[1],"Learning":[2],"(DL)":[3],"has":[4],"achieved":[5],"remarkable":[6],"success":[7],"in":[8,74,150,154],"Network":[9],"Intrusion":[10],"Detection":[11],"System":[12],"(NIDS),":[13],"its":[14],"inherent":[15],"data-driven":[16],"nature":[17],"makes":[18],"it":[19],"vulnerable":[20],"to":[21,29,40,63,111,125],"distribution":[22,100],"shift.":[23],"This":[24],"limitation":[25],"exposes":[26],"DL-based":[27,75],"NIDS":[28,163],"both":[30,88],"adversarial":[31,59,89,173,189],"attacks":[32,45,66],"that":[33,46,84,135,166],"are":[34,47],"crafted":[35],"by":[36,97],"adding":[37],"subtle":[38],"change":[39],"original":[41],"samples":[42],"and":[43,67,120,139,176,191],"zero-day":[44,65,95,178],"out-of-distribution":[48],"(OOD)":[49],"data":[50,138,142],"unseen":[51],"during":[52],"training.":[53],"However,":[54],"existing":[55],"work":[56],"focusing":[57],"on":[58,160],"detection":[60,82,190,193],"often":[61],"fails":[62],"identify":[64,87,171],"vice":[68],"versa,":[69],"leaving":[70],"a":[71,80,108,117,122,145],"security":[72],"gap":[73],"NIDS.":[76],"We":[77],"propose":[78],"NI-Diff,":[79],"novel":[81],"approach":[83,168],"can":[85,169],"effectively":[86,170],"network":[90,114,174],"flow":[91,115,175],"as":[92,94],"well":[93],"intrusion":[96],"estimating":[98],"their":[99],"with":[101,180],"generative":[102],"models.":[103],"More":[104],"specifically,":[105],"we":[106],"leverage":[107],"variational":[109],"auto-encoder":[110],"map":[112],"the":[113,127,136,140,155],"into":[116],"latent":[118],"space":[119],"use":[121],"diffusion":[123],"model":[124],"reconstruct":[126],"likely-hood":[128],"from":[129],"noise.":[130],"Our":[131],"key":[132],"intuition":[133],"is":[134],"in-distribution":[137],"reconstructed":[141],"will":[143],"have":[144],"similar":[146,151],"likelyhood":[147],"which":[148],"results":[149],"inference":[152],"output":[153],"DL":[156],"classifier.":[157],"Extensive":[158],"experiments":[159],"two":[161],"large-scale":[162],"datasets":[164],"demonstrate":[165],"our":[167],"97%":[172],"92%":[177],"threat":[179],"less":[181],"than":[182],"2%":[183],"false":[184],"positive":[185],"rate,":[186],"outperforming":[187],"state-of-the-art":[188],"OOD":[192],"baselines.":[194]},"counts_by_year":[],"updated_date":"2026-04-09T08:11:56.329763","created_date":"2026-01-01T00:00:00"}