Encrypted network traffic poses significant challenges for intrusion detection due to the lack of payload visibility, limited labeled datasets, and high class imbalance between benign and malicious activities. Traditional data augmentation methods struggle to preserve the complex temporal and statistical characteristics of real network traffic. To address these issues, this work explores the use of Generative AI (GAI) models to synthesize realistic and diverse encrypted traffic traces. We evaluate three approaches: Variational Autoencoders (VAE), Generative Adversarial Networks (GAN), and SMOTE (Synthetic Minority Over-sampling Technique), each integrated with a preprocessing pipeline that includes feature selection and class balancing. The UNSW NB-15 dataset is used as the primary benchmark, focusing on Tor traffic as anomalies. We analyze statistical similarity between real and synthetic data, and assess classifier performance using metrics such as Accuracy, F1-score, and AUC-ROC. Results show that VAE-generated data provides the best balance between privacy and performance, while GANs offer higher fidelity but risk overfitting. SMOTE, though simple, enhances recall but may lack diversity. The findings demonstrate that GAI methods can significantly improve encrypted traffic detection when trained with privacy-preserving synthetic data.

翻译：加密网络流量因载荷不可见、标注数据集有限以及正常与恶意活动间的高度类别不平衡，给入侵检测带来了重大挑战。传统数据增强方法难以保持真实网络流量的复杂时序与统计特征。为解决这些问题，本研究探索利用生成式人工智能模型合成真实且多样化的加密流量轨迹。我们评估了三种方法：变分自编码器、生成对抗网络以及合成少数类过采样技术，每种方法均集成了包含特征选择与类别平衡的预处理流程。研究以UNSW NB-15数据集为主要基准，重点关注Tor流量作为异常流量。我们分析了真实数据与合成数据间的统计相似性，并使用准确率、F1分数和AUC-ROC等指标评估分类器性能。结果表明，VAE生成的数据在隐私保护与性能间取得了最佳平衡，而GAN虽能提供更高保真度却存在过拟合风险。SMOTE方法虽简单且能提升召回率，但可能缺乏多样性。研究证明，当使用具备隐私保护能力的合成数据进行训练时，生成式人工智能方法能显著提升加密流量检测性能。