Best of Both Worlds: Detecting Application Layer Attacks through 802.11 and Non-802.11 Features.

Autor: Chatzoglou E; Department of Information & Communication Systems Engineering, University of the Aegean, 83200 Karlovasi, Greece., Kambourakis G; Joint Research Centre, European Commission, 21027 Ispra, Italy., Smiliotopoulos C; Department of Information & Communication Systems Engineering, University of the Aegean, 83200 Karlovasi, Greece., Kolias C; Department of Computer Science, University of Idaho, Idaho Falls, ID 83402, USA.
Jazyk: angličtina
Zdroj: Sensors (Basel, Switzerland) [Sensors (Basel)] 2022 Jul 28; Vol. 22 (15). Date of Electronic Publication: 2022 Jul 28.
DOI: 10.3390/s22155633
Abstrakt: Intrusion detection in wireless and, more specifically, Wi-Fi networks is lately increasingly under the spotlight of the research community. However, the literature currently lacks a comprehensive assessment of the potential to detect application layer attacks based on both 802.11 and non-802.11 network protocol features. The investigation of this capacity is of paramount importance since Wi-Fi domains are often used as a stepping stone by threat actors for unleashing an ample variety of application layer assaults. In this setting, by exploiting the contemporary AWID3 benchmark dataset along with both shallow and deep learning machine learning techniques, this work attempts to provide concrete answers to a dyad of principal matters. First, what is the competence of 802.11-specific and non-802.11 features when used separately and in tandem in detecting application layer attacks, say, website spoofing? Second, which network protocol features are the most informative to the machine learning model for detecting application layer attacks? Without relying on any optimization or dimensionality reduction technique, our experiments, indicatively exploiting an engineered feature, demonstrate a detection performance up to 96.7% in terms of the Area under the ROC Curve (AUC) metric.
Databáze: MEDLINE
Nepřihlášeným uživatelům se plný text nezobrazuje