Skip to main content
SpringerLink
Log in

Lightweight real-time WiFi-based intrusion detection system using LightGBM

  • Original Paper
  • Published:
Wireless Networks Aims and scope Submit manuscript

Abstract

Attacks on WiFi networks can cause network failures and denial of service for authentic users. To identify such attacks, the deployment of a WiFi Intrusion Detection System (IDS) is crucial. The key objective of WiFi IDS is to protect the network by examining WiFi traffic and classifying it as an attack or normal. The state-of-the-art anomaly-based WiFi IDSs use machine learning (ML) to learn the characteristics of past attacks from WiFi traffic datasets. A lot of research is done on advanced ML-based IDSs but work on WiFi-based IDSs is very limited and is based on old ML models. Most of our communications and devices are dependent on WiFi, therefore there is a dire need to update WiFi IDSs with the latest lightweight ML models. Even though old ML models are effective, they have to suffer from large training and testing times along with high computational costs due to large traffic features and outdated algorithms. Moreover, with emerging technologies like the Internet of Things and big data, WiFi traffic is increasing rapidly. Therefore, the issue of computational cost needs to be addressed properly. Thus, in this research, we propose an efficient ML-based WiFi IDS that utilizes a lightweight state-of-the-art ML model and optimum feature selection to reduce computational cost and provide high performance. With the help of MAC layer information and radiotap headers, our WiFi IDS can detect WiFi attacks that go undetected through normal network-based IDS. The proposed WiFi IDS uses a Light Gradient Boosting Machine (LightGBM) that combines several weak learners into a single, better generalizable, strong learner and uses Gradient-based One Side Sampling to downsample data instances with small gradients during training. The experimental results prove that the proposed solution outperforms other classifiers in accuracy, precision, recall, F1 score, training time, and testing time. The proposed solution provides better accuracy with 26 times less training time and 20% less test time compared to XGBoost. The proposed solution can classify real-time WiFi traffic in the order of microseconds and can be trained efficiently with new data.

This is a preview of subscription content, log in via an institution to check access.

Access this article

Log in via an institution

Price excludes VAT (USA)
Tax calculation will be finalised during checkout.

Instant access to the full article PDF.

Institutional subscriptions

Fig. 1
Fig. 2
Fig. 3
Fig. 4
Fig. 5

Similar content being viewed by others

References

  1. Alliance, W.-F. (2003). Wi-Fi protected access: Strong, standards-based, interoperable security for today’s Wi-Fi networks (pp 492–495). White paper, University of Cape Town

  2. Bartoli, A. (2020). Understanding server authentication in WPA3 enterprise. Applied Sciences, 10(21), 7879.

    Article  CAS  Google Scholar 

  3. Baray, E., & Ojha, N. K. (2021). WLAN security protocols and WPA3 security approach measurement through aircrack-ng technique. In 2021 5th International conference on computing methodologies and communication (ICCMC) (pp. 23–30). IEEE

  4. Fehér, D. J., & Sandor, B. (2018). Effects of the WPA2 KRACK attack in real environment. In 2018 IEEE 16th international symposium on intelligent systems and informatics (SISY) (pp. 000239–000242). IEEE

  5. Chatzoglou, E., Kambourakis, G., & Kolias, C. (2022). How is your Wi-Fi connection today? DoS attacks on WPA3-SAE. Journal of Information Security and Applications, 64, 103058.

    Article  Google Scholar 

  6. Schepers, D., Ranganathan, A., & Vanhoef, M. (2022). On the robustness of Wi-Fi deauthentication countermeasures. In Proceedings of the 15th ACM conference on security and privacy in wireless and mobile networks (pp. 245–256).

  7. Lounis, K., Ding, S. H., & Zulkernine, M. (2022). Cut It: Deauthentication attacks on protected management frames in WPA2 and WPA3. In International symposium on foundations and practice of security (pp. 235–252). Springer

  8. Sangkatsanee, P., Wattanapongsakorn, N., & Charnsripinyo, C. (2011). Practical real-time intrusion detection using machine learning approaches. Computer Communications, 34(18), 2227–2235.

    Article  Google Scholar 

  9. Yang, L., Li, J., Yin, L., Sun, Z., Zhao, Y., & Li, Z. (2020). Real-time intrusion detection in wireless network: A deep learning-based intelligent mechanism. IEEE Access, 8, 170128–170139.

    Article  Google Scholar 

  10. Chamou, D., Toupas, P., Ketzaki, E., Papadopoulos, S., Giannoutakis, K. M., Drosou, A., & Tzovaras, D. (2019). Intrusion detection system based on network traffic using deep neural networks. In 2019 IEEE 24th international workshop on computer aided modeling and design of communication links and networks (CAMAD) (pp. 1–6).

  11. Balaji, S., & Narayanan, S. S. (2023). Dynamic distributed generative adversarial network for intrusion detection system over Internet of Things. Wireless Networks, 29(5), 1949–1967.

    Article  Google Scholar 

  12. Ortega-Fernandez, I., Sestelo, M., Burguillo, J. C., & Piñón-Blanco, C. (2023). Network intrusion detection system for DDoS attacks in ICS using deep autoencoders. Wireless Networks. https://doi.org/10.1007/s11276-022-03214-3

    Article  Google Scholar 

  13. Rajasoundaran, S., Kumar, S. S., Selvi, M., Thangaramya, K., & Arputharaj, K. (2023). Secure and optimized intrusion detection scheme using LSTM-MAC principles for underwater wireless sensor networks. Wireless Networks. https://doi.org/10.1007/s11276-023-03470-x

    Article  Google Scholar 

  14. Liu, H., & Lang, B. (2019). Machine learning and deep learning methods for intrusion detection systems: A survey. Applied Sciences, 9(20), 4396.

    Article  Google Scholar 

  15. Bellardo, J., & Savage, S. (2003) 802.11 Denial-of-service attacks: Real vulnerabilities and practical solutions. In 12th USENIX Security Symposium (USENIX Security 03).

  16. Ishtiaq, H. U., Bhutta, A. A., & Mian, A. N. (2023). DHCP DoS and starvation attacks on SDN controllers and their mitigation. Journal of Computer Virology and Hacking Techniques. https://doi.org/10.1007/s11416-023-00483-0

    Article  Google Scholar 

  17. Kristiyanto, Y., & Ernastuti, E. (2020). Analysis of Deauthentication attack on IEEE 802.11 connectivity based on IoT technology using external penetration test. CommIT (Communication and Information Technology) Journal, 14(1), 45–51.

    Article  Google Scholar 

  18. Hsu, F.-H., Hsu, Y.-L., & Wang, C.-S. (2019). A solution to detect the existence of a malicious rogue AP. Computer Communications, 142, 62–68.

    Article  Google Scholar 

  19. Vanhoef, M., & Piessens, F. (2017). Key reinstallation attacks: Forcing nonce reuse in WPA2. In Proceedings of the 2017 ACM SIGSAC conference on computer and communications security (pp. 1313–1328).

  20. Čermák, M., Svorenčík, S., & Lipovskỳ, R. (2020). Kr00k-CVE-2019-15126—Serious vulnerability deep inside your Wi-Fi encryption. ESET Research White Paper.

  21. Anagnostopoulos, M., Lagos, S., & Kambourakis, G. (2022). Large-scale empirical evaluation of DNS and SSDP amplification attacks. Journal of Information Security and Applications, 66, 103168.

    Article  Google Scholar 

  22. Dalal, N., Akhtar, N., Gupta, A., Karamchandani, N., Kasbekar, G. S., & Parekh, J. (2022). A wireless intrusion detection system for 802.11 WPA3 networks. In 2022 14th international conference on COMmunication systems & NETworkS (COMSNETS) (pp. 384–392). IEEE.

  23. Thankappan, M., Rifà-Pous, H., & Garrigues, C. (2022). A signature-based wireless intrusion detection system framework for multi-channel man-in-the-middle attacks against protected Wi-Fi networks. Available at SSRN 4245292.

  24. Ambusaidi, M. A., He, X., Nanda, P., & Tan, Z. (2016). Building an intrusion detection system using a filter-based feature selection algorithm. IEEE Transactions on Computers, 65(10), 2986–2998.

    Article  MathSciNet  Google Scholar 

  25. Aminanto, M. E., Choi, R., Tanuwidjaja, H. C., Yoo, P. D., & Kim, K. (2017). Deep abstraction and weighted feature selection for Wi-Fi impersonation detection. IEEE Transactions on Information Forensics and Security, 13(3), 621–636.

    Article  Google Scholar 

  26. Reyes, A., Vaca, F. D., Castro Aguayo, G. A., Niyaz, Q., & Devabhaktuni, V. (2020). A machine learning based two-stage Wi-Fi network intrusion detection system. Electronics, 9(10), 1689.

    Article  Google Scholar 

  27. Kasongo, S. M., & Sun, Y. (2020). A deep learning method with wrapper based feature extraction for wireless intrusion detection system. Computers & Security, 92, 101752.

    Article  Google Scholar 

  28. Zang, M., & Yan, Y. (2021). Machine learning-based intrusion detection system for big data analytics in VANET. In 2021 IEEE 93rd vehicular technology conference (VTC2021-Spring) (pp. 1–5). IEEE.

  29. Kolias, C., Kambourakis, G., Stavrou, A., & Gritzalis, S. (2015). Intrusion detection in 802.11 networks: Empirical evaluation of threats and a public dataset. IEEE Communications Surveys & Tutorials, 18(1), 184–208.

    Article  Google Scholar 

  30. Das, A. (2022). Design and development of an efficient network intrusion detection system using ensemble machine learning techniques for Wifi environments. International Journal of Advanced Computer Science and Applications, 13(4), 856.

    Article  Google Scholar 

  31. Ahmad, U. B., Akram, M. A., & Mian, A. N. (2022). Low-latency intrusion detection using a deep neural network. IT Professional, 24(3), 67–72.

    Article  Google Scholar 

  32. Thing, V. L. (2017). IEEE 802.11 network anomaly detection and attack classification: A deep learning approach. In 2017 IEEE wireless communications and networking conference (WCNC) (pp. 1–6). IEEE.

  33. Ran, J., Ji, Y., & Tang, B. (2019). A semi-supervised learning approach to IEEE 802.11 network anomaly detection. In 2019 IEEE 89th vehicular technology conference (VTC2019-Spring) (pp. 1–5). IEEE.

  34. Ke, G., Meng, Q., Finley, T., Wang, T., Chen, W., Ma, W., Ye, Q., & Liu, T.-Y. (2017). Lightgbm: A highly efficient gradient boosting decision tree. Advances in Neural Information Processing Systems, 30, 1–9.

    Google Scholar 

  35. Jin, D., Lu, Y., Qin, J., Cheng, Z., & Mao, Z. (2020). SwiftIDS: Real-time intrusion detection system based on LightGBM and parallel intrusion detection mechanism. Computers & Security, 97, 101984.

    Article  Google Scholar 

  36. Milenkoski, A., Vieira, M., Kounev, S., Avritzer, A., & Payne, B. D. (2015). Evaluating computer intrusion detection systems: A survey of common practices. ACM Computing Surveys, 48(1), 1–41.

    Article  Google Scholar 

  37. Khraisat, A., Gondal, I., Vamplew, P., & Kamruzzaman, J. (2019). Survey of intrusion detection systems: Techniques, datasets and challenges. Cybersecurity, 2(1), 1–22.

    Article  Google Scholar 

  38. Vasiliadis, G., Polychronakis, M., & Ioannidis, S. (2011). Midea: A multi-parallel intrusion detection architecture. In Proceedings of the 18th ACM conference on computer and communications security (pp. 297–308).

  39. Kocher, G., & Kumar, G. (2021). Machine learning and deep learning methods for intrusion detection systems: Recent developments and challenges. Soft Computing, 25(15), 9731–9763.

    Article  Google Scholar 

  40. Nivaashini, M., & Thangaraj, P. (2021). Computational intelligence techniques for automatic detection of Wi-Fi attacks in wireless IoT networks. Wireless Networks, 27(4), 2761–2784.

    Article  Google Scholar 

  41. Chatzoglou, E., Kambourakis, G., & Kolias, C. (2021). Empirical evaluation of attacks against IEEE 802.11 enterprise networks: The AWID3 dataset. IEEE Access, 9, 34188–34205.

    Article  Google Scholar 

  42. Saini, R., Halder, D., & Baswade, A. M. (2022). RIDS: Real-time intrusion detection system for WPA3 enabled enterprise networks. arXiv preprint arXiv:2207.02489

  43. Chen, T., & Guestrin, C. (2016). Xgboost: A scalable tree boosting system. In Proceedings of the 22nd ACM SIGKDD international conference on knowledge discovery and data mining (pp. 785–794).

Download references

Author information

Authors and Affiliations

  1. Department of Computer Science, Information Technology University, Lahore, Pakistan

    Areeb Ahmed Bhutta, Mehr un Nisa & Adnan Noor Mian

Authors
  1. Areeb Ahmed Bhutta
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Mehr un Nisa
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Adnan Noor Mian
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Areeb Ahmed Bhutta.

Ethics declarations

Conflict of interest

The authors did not receive support from any organization for the submitted work. The authors have no competing interests to declare that are relevant to the content of this article. Data will be made available upon reasonable request to the authors

Additional information

Publisher's Note

Springer Nature remains neutral with regard to jurisdictional claims in published maps and institutional affiliations.

Rights and permissions

Springer Nature or its licensor (e.g. a society or other partner) holds exclusive rights to this article under a publishing agreement with the author(s) or other rightsholder(s); author self-archiving of the accepted manuscript version of this article is solely governed by the terms of such publishing agreement and applicable law.

Reprints and permissions

About this article

Check for updates. Verify currency and authenticity via CrossMark

Cite this article

Bhutta, A.A., Nisa, M.u. & Mian, A.N. Lightweight real-time WiFi-based intrusion detection system using LightGBM. Wireless Netw 30, 749–761 (2024). https://doi.org/10.1007/s11276-023-03516-0

Download citation

  • Accepted:

  • Published:

  • Issue Date:

  • DOI: https://doi.org/10.1007/s11276-023-03516-0

Keywords

Search

Navigation