- G.I.O. Aimufua1 and M.S. Bandiya2
- DOI: 10.5281/zenodo.21367660
- SSR Journal of Artificial Intelligence (SSRJAI)
Machine learning is central to modern
network intrusion detection, yet its performance is constrained by two chronic
data pathologies: severe class imbalance between abundant benign traffic and
rare attack flows, and the scarcity of labelled attack data arising from
privacy, legal, and operational constraints on capturing real malicious
traffic. Generative artificial intelligence, encompassing generative
adversarial networks, variational autoencoders, and diffusion models, has been
advanced as a remedy that synthesises realistic attack traffic to rebalance
datasets and enrich training corpora. Despite a rapidly expanding body of
primary studies, the literature lacks a consolidated assessment of three
interdependent concerns: the fidelity of synthetic traffic, its downstream
utility for detection, and the security risks that synthetic data may itself
introduce. This article reports a systematic review, conducted in accordance
with the Preferred Reporting Items for Systematic Reviews and Meta-Analyses
(PRISMA) 2020 guideline, of generative approaches to synthetic network traffic
generation for intrusion detection published between 2020 and 2026, together
with the protocol and future research directions. Framed by generative learning
theory and a seven-type taxonomy of research gaps, the review identifies the
methodological, empirical, and knowledge gaps the field exhibits, and advances
a three-dimensional framework separating the fidelity, utility, and security
dimensions of synthetic-traffic quality. The methodology specifies the search
strategy across five databases, the eligibility criteria, the screening and
data-extraction procedures, and the quality-appraisal instruments. The
contribution is threefold: a reproducible review protocol, a three-dimensional
evaluation framework, and future directions foregrounding the under-examined
security implications of synthetic data.
Keywords: Generative
artificial intelligence, Synthetic network traffic, Intrusion detection,
Generative adversarial networks, Diffusion models, Class imbalance, Systematic
review.
