Realistic network traffic simulation is critical for evaluating intrusion detection systems, stress-testing network protocols, and constructing high-fidelity environments for cybersecurity training. While attack traffic can often be layered into training environments using red-teaming or replay methods, generating authentic benign background traffic remains a core challenge -- particularly in simulating the complex temporal and communication dynamics of real-world networks. This paper introduces TempoNet, a novel generative model that combines multi-task learning with multi-mark temporal point processes to jointly model inter-arrival times and all packet- and flow-header fields. TempoNet captures fine-grained timing patterns and higher-order correlations such as host-pair behavior and seasonal trends, addressing key limitations of GAN-, LLM-, and Bayesian-based methods that fail to reproduce structured temporal variation. TempoNet produces temporally consistent, high-fidelity traces, validated on real-world datasets. Furthermore, we show that intrusion detection models trained on TempoNet-generated background traffic perform comparably to those trained on real data, validating its utility for real-world security applications.
翻译:真实的网络流量仿真对于评估入侵检测系统、压力测试网络协议以及构建用于网络安全训练的高保真环境至关重要。虽然攻击流量通常可以通过红队或重放方法叠加到训练环境中,但生成真实的良性背景流量仍然是一个核心挑战——特别是在模拟现实世界网络中复杂的时间与通信动态方面。本文介绍了TempoNet,一种新颖的生成模型,它将多任务学习与多标记时间点过程相结合,以联合建模到达间隔时间以及所有数据包和流头部字段。TempoNet捕获了细粒度的时间模式和高阶相关性,例如主机对行为和季节性趋势,解决了基于GAN、LLM和贝叶斯方法的关键局限性,这些方法无法再现结构化的时间变化。TempoNet生成了时间一致、高保真的轨迹,并在真实世界数据集上得到了验证。此外,我们表明,在TempoNet生成的背景流量上训练的入侵检测模型与在真实数据上训练的模型性能相当,这验证了其在现实世界安全应用中的实用性。