WIDS: An Anomaly Based Intrusion Detection System for Wi-Fi (IEEE 802.11) Protocol

WIDS: An Anomaly Based Intrusion Detection System for Wi-Fi (IEEE 802.11) Protocol

Abstract:

Over the last few decades, the Internet has seen unprecedented growth, with over 4.57 billion active users as of July 2022, encompassing 59% of the global population. In recent years, we have seen an increase in mobile computing and the Internet of Things (IoT), allowing more users to communicate through the Internet using wireless devices. Modern Internet users use their wireless IoT devices for a wide variety of services that include cloud computing and storage, social networking, content services, online banking, shopping, to name a few. Moreover, with the omnipresence of IoT devices, wireless networks are used for services like device control, user authentication, etc. Wi-Fi is the network of choice for most of these wireless communications. Although Wi-Fi networks have improved over recent years, little has been done to secure Wi-Fi networks against attacks. In this article, we present a Wireless Intrusion Detection System (WIDS); an anomaly behavior analysis approach to detect attacks on Wi-Fi networks with high accuracy and low false alarms. In this approach, we model the normal behavior of the Wi-Fi protocol, using n-grams, and use machine learning models to classify Wi-Fi traffic flows as normal or malicious. We have extensively tested our approach on multiple datasets collected locally at the University of Arizona and AWID family of datasets. Our approach can successfully detect all attacks on Wi-Fi protocols with low false positives (0.0174) and a varying low rate of false negatives for different attacks.