Abstract
Attacks on WiFi networks can cause network failures and denial of service for authentic users. To identify such attacks, the deployment of a WiFi Intrusion Detection System (IDS) is crucial. The key objective of WiFi IDS is to protect the network by examining WiFi traffic and classifying it as an attack or normal. The state-of-the-art anomaly-based WiFi IDSs use machine learning (ML) to learn the characteristics of past attacks from WiFi traffic datasets. A lot of research is done on advanced ML-based IDSs but work on WiFi-based IDSs is very limited and is based on old ML models. Most of our communications and devices are dependent on WiFi, therefore there is a dire need to update WiFi IDSs with the latest lightweight ML models. Even though old ML models are effective, they have to suffer from large training and testing times along with high computational costs due to large traffic features and outdated algorithms. Moreover, with emerging technologies like the Internet of Things and big data, WiFi traffic is increasing rapidly. Therefore, the issue of computational cost needs to be addressed properly. Thus, in this research, we propose an efficient ML-based WiFi IDS that utilizes a lightweight state-of-the-art ML model and optimum feature selection to reduce computational cost and provide high performance. With the help of MAC layer information and radiotap headers, our WiFi IDS can detect WiFi attacks that go undetected through normal network-based IDS. The proposed WiFi IDS uses a Light Gradient Boosting Machine (LightGBM) that combines several weak learners into a single, better generalizable, strong learner and uses Gradient-based One Side Sampling to downsample data instances with small gradients during training. The experimental results prove that the proposed solution outperforms other classifiers in accuracy, precision, recall, F1 score, training time, and testing time. The proposed solution provides better accuracy with 26 times less training time and 20% less test time compared to XGBoost. The proposed solution can classify real-time WiFi traffic in the order of microseconds and can be trained efficiently with new data.
Similar content being viewed by others
References
Alliance, W.-F. (2003). Wi-Fi protected access: Strong, standards-based, interoperable security for today’s Wi-Fi networks (pp 492–495). White paper, University of Cape Town
Bartoli, A. (2020). Understanding server authentication in WPA3 enterprise. Applied Sciences, 10(21), 7879.
Baray, E., & Ojha, N. K. (2021). WLAN security protocols and WPA3 security approach measurement through aircrack-ng technique. In 2021 5th International conference on computing methodologies and communication (ICCMC) (pp. 23–30). IEEE
Fehér, D. J., & Sandor, B. (2018). Effects of the WPA2 KRACK attack in real environment. In 2018 IEEE 16th international symposium on intelligent systems and informatics (SISY) (pp. 000239–000242). IEEE
Chatzoglou, E., Kambourakis, G., & Kolias, C. (2022). How is your Wi-Fi connection today? DoS attacks on WPA3-SAE. Journal of Information Security and Applications, 64, 103058.
Schepers, D., Ranganathan, A., & Vanhoef, M. (2022). On the robustness of Wi-Fi deauthentication countermeasures. In Proceedings of the 15th ACM conference on security and privacy in wireless and mobile networks (pp. 245–256).
Lounis, K., Ding, S. H., & Zulkernine, M. (2022). Cut It: Deauthentication attacks on protected management frames in WPA2 and WPA3. In International symposium on foundations and practice of security (pp. 235–252). Springer
Sangkatsanee, P., Wattanapongsakorn, N., & Charnsripinyo, C. (2011). Practical real-time intrusion detection using machine learning approaches. Computer Communications, 34(18), 2227–2235.
Yang, L., Li, J., Yin, L., Sun, Z., Zhao, Y., & Li, Z. (2020). Real-time intrusion detection in wireless network: A deep learning-based intelligent mechanism. IEEE Access, 8, 170128–170139.
Chamou, D., Toupas, P., Ketzaki, E., Papadopoulos, S., Giannoutakis, K. M., Drosou, A., & Tzovaras, D. (2019). Intrusion detection system based on network traffic using deep neural networks. In 2019 IEEE 24th international workshop on computer aided modeling and design of communication links and networks (CAMAD) (pp. 1–6).
Balaji, S., & Narayanan, S. S. (2023). Dynamic distributed generative adversarial network for intrusion detection system over Internet of Things. Wireless Networks, 29(5), 1949–1967.
Ortega-Fernandez, I., Sestelo, M., Burguillo, J. C., & Piñón-Blanco, C. (2023). Network intrusion detection system for DDoS attacks in ICS using deep autoencoders. Wireless Networks. https://doi.org/10.1007/s11276-022-03214-3
Rajasoundaran, S., Kumar, S. S., Selvi, M., Thangaramya, K., & Arputharaj, K. (2023). Secure and optimized intrusion detection scheme using LSTM-MAC principles for underwater wireless sensor networks. Wireless Networks. https://doi.org/10.1007/s11276-023-03470-x
Liu, H., & Lang, B. (2019). Machine learning and deep learning methods for intrusion detection systems: A survey. Applied Sciences, 9(20), 4396.
Bellardo, J., & Savage, S. (2003) 802.11 Denial-of-service attacks: Real vulnerabilities and practical solutions. In 12th USENIX Security Symposium (USENIX Security 03).
Ishtiaq, H. U., Bhutta, A. A., & Mian, A. N. (2023). DHCP DoS and starvation attacks on SDN controllers and their mitigation. Journal of Computer Virology and Hacking Techniques. https://doi.org/10.1007/s11416-023-00483-0
Kristiyanto, Y., & Ernastuti, E. (2020). Analysis of Deauthentication attack on IEEE 802.11 connectivity based on IoT technology using external penetration test. CommIT (Communication and Information Technology) Journal, 14(1), 45–51.
Hsu, F.-H., Hsu, Y.-L., & Wang, C.-S. (2019). A solution to detect the existence of a malicious rogue AP. Computer Communications, 142, 62–68.
Vanhoef, M., & Piessens, F. (2017). Key reinstallation attacks: Forcing nonce reuse in WPA2. In Proceedings of the 2017 ACM SIGSAC conference on computer and communications security (pp. 1313–1328).
Čermák, M., Svorenčík, S., & Lipovskỳ, R. (2020). Kr00k-CVE-2019-15126—Serious vulnerability deep inside your Wi-Fi encryption. ESET Research White Paper.
Anagnostopoulos, M., Lagos, S., & Kambourakis, G. (2022). Large-scale empirical evaluation of DNS and SSDP amplification attacks. Journal of Information Security and Applications, 66, 103168.
Dalal, N., Akhtar, N., Gupta, A., Karamchandani, N., Kasbekar, G. S., & Parekh, J. (2022). A wireless intrusion detection system for 802.11 WPA3 networks. In 2022 14th international conference on COMmunication systems & NETworkS (COMSNETS) (pp. 384–392). IEEE.
Thankappan, M., Rifà-Pous, H., & Garrigues, C. (2022). A signature-based wireless intrusion detection system framework for multi-channel man-in-the-middle attacks against protected Wi-Fi networks. Available at SSRN 4245292.
Ambusaidi, M. A., He, X., Nanda, P., & Tan, Z. (2016). Building an intrusion detection system using a filter-based feature selection algorithm. IEEE Transactions on Computers, 65(10), 2986–2998.
Aminanto, M. E., Choi, R., Tanuwidjaja, H. C., Yoo, P. D., & Kim, K. (2017). Deep abstraction and weighted feature selection for Wi-Fi impersonation detection. IEEE Transactions on Information Forensics and Security, 13(3), 621–636.
Reyes, A., Vaca, F. D., Castro Aguayo, G. A., Niyaz, Q., & Devabhaktuni, V. (2020). A machine learning based two-stage Wi-Fi network intrusion detection system. Electronics, 9(10), 1689.
Kasongo, S. M., & Sun, Y. (2020). A deep learning method with wrapper based feature extraction for wireless intrusion detection system. Computers & Security, 92, 101752.
Zang, M., & Yan, Y. (2021). Machine learning-based intrusion detection system for big data analytics in VANET. In 2021 IEEE 93rd vehicular technology conference (VTC2021-Spring) (pp. 1–5). IEEE.
Kolias, C., Kambourakis, G., Stavrou, A., & Gritzalis, S. (2015). Intrusion detection in 802.11 networks: Empirical evaluation of threats and a public dataset. IEEE Communications Surveys & Tutorials, 18(1), 184–208.
Das, A. (2022). Design and development of an efficient network intrusion detection system using ensemble machine learning techniques for Wifi environments. International Journal of Advanced Computer Science and Applications, 13(4), 856.
Ahmad, U. B., Akram, M. A., & Mian, A. N. (2022). Low-latency intrusion detection using a deep neural network. IT Professional, 24(3), 67–72.
Thing, V. L. (2017). IEEE 802.11 network anomaly detection and attack classification: A deep learning approach. In 2017 IEEE wireless communications and networking conference (WCNC) (pp. 1–6). IEEE.
Ran, J., Ji, Y., & Tang, B. (2019). A semi-supervised learning approach to IEEE 802.11 network anomaly detection. In 2019 IEEE 89th vehicular technology conference (VTC2019-Spring) (pp. 1–5). IEEE.
Ke, G., Meng, Q., Finley, T., Wang, T., Chen, W., Ma, W., Ye, Q., & Liu, T.-Y. (2017). Lightgbm: A highly efficient gradient boosting decision tree. Advances in Neural Information Processing Systems, 30, 1–9.
Jin, D., Lu, Y., Qin, J., Cheng, Z., & Mao, Z. (2020). SwiftIDS: Real-time intrusion detection system based on LightGBM and parallel intrusion detection mechanism. Computers & Security, 97, 101984.
Milenkoski, A., Vieira, M., Kounev, S., Avritzer, A., & Payne, B. D. (2015). Evaluating computer intrusion detection systems: A survey of common practices. ACM Computing Surveys, 48(1), 1–41.
Khraisat, A., Gondal, I., Vamplew, P., & Kamruzzaman, J. (2019). Survey of intrusion detection systems: Techniques, datasets and challenges. Cybersecurity, 2(1), 1–22.
Vasiliadis, G., Polychronakis, M., & Ioannidis, S. (2011). Midea: A multi-parallel intrusion detection architecture. In Proceedings of the 18th ACM conference on computer and communications security (pp. 297–308).
Kocher, G., & Kumar, G. (2021). Machine learning and deep learning methods for intrusion detection systems: Recent developments and challenges. Soft Computing, 25(15), 9731–9763.
Nivaashini, M., & Thangaraj, P. (2021). Computational intelligence techniques for automatic detection of Wi-Fi attacks in wireless IoT networks. Wireless Networks, 27(4), 2761–2784.
Chatzoglou, E., Kambourakis, G., & Kolias, C. (2021). Empirical evaluation of attacks against IEEE 802.11 enterprise networks: The AWID3 dataset. IEEE Access, 9, 34188–34205.
Saini, R., Halder, D., & Baswade, A. M. (2022). RIDS: Real-time intrusion detection system for WPA3 enabled enterprise networks. arXiv preprint arXiv:2207.02489
Chen, T., & Guestrin, C. (2016). Xgboost: A scalable tree boosting system. In Proceedings of the 22nd ACM SIGKDD international conference on knowledge discovery and data mining (pp. 785–794).
Author information
Authors and Affiliations
Corresponding author
Ethics declarations
Conflict of interest
The authors did not receive support from any organization for the submitted work. The authors have no competing interests to declare that are relevant to the content of this article. Data will be made available upon reasonable request to the authors
Additional information
Publisher's Note
Springer Nature remains neutral with regard to jurisdictional claims in published maps and institutional affiliations.
Rights and permissions
Springer Nature or its licensor (e.g. a society or other partner) holds exclusive rights to this article under a publishing agreement with the author(s) or other rightsholder(s); author self-archiving of the accepted manuscript version of this article is solely governed by the terms of such publishing agreement and applicable law.
About this article
Cite this article
Bhutta, A.A., Nisa, M.u. & Mian, A.N. Lightweight real-time WiFi-based intrusion detection system using LightGBM. Wireless Netw 30, 749–761 (2024). https://doi.org/10.1007/s11276-023-03516-0
Accepted:
Published:
Issue Date:
DOI: https://doi.org/10.1007/s11276-023-03516-0