Cargando…
Best of Both Worlds: Detecting Application Layer Attacks through 802.11 and Non-802.11 Features
Intrusion detection in wireless and, more specifically, Wi-Fi networks is lately increasingly under the spotlight of the research community. However, the literature currently lacks a comprehensive assessment of the potential to detect application layer attacks based on both 802.11 and non-802.11 net...
| Autores principales: | , , , |
|---|---|
| Formato: | Online Artículo Texto |
| Lenguaje: | English |
| Publicado: |
MDPI
2022
|
| Materias: | |
| Acceso en línea: | https://www.ncbi.nlm.nih.gov/pmc/articles/PMC9370851/ https://www.ncbi.nlm.nih.gov/pubmed/35957190 http://dx.doi.org/10.3390/s22155633 |
| _version_ | 1784766941009805312 |
|---|---|
| author | Chatzoglou, Efstratios Kambourakis, Georgios Smiliotopoulos, Christos Kolias, Constantinos |
| author_facet | Chatzoglou, Efstratios Kambourakis, Georgios Smiliotopoulos, Christos Kolias, Constantinos |
| author_sort | Chatzoglou, Efstratios |
| collection | PubMed |
| description | Intrusion detection in wireless and, more specifically, Wi-Fi networks is lately increasingly under the spotlight of the research community. However, the literature currently lacks a comprehensive assessment of the potential to detect application layer attacks based on both 802.11 and non-802.11 network protocol features. The investigation of this capacity is of paramount importance since Wi-Fi domains are often used as a stepping stone by threat actors for unleashing an ample variety of application layer assaults. In this setting, by exploiting the contemporary AWID3 benchmark dataset along with both shallow and deep learning machine learning techniques, this work attempts to provide concrete answers to a dyad of principal matters. First, what is the competence of 802.11-specific and non-802.11 features when used separately and in tandem in detecting application layer attacks, say, website spoofing? Second, which network protocol features are the most informative to the machine learning model for detecting application layer attacks? Without relying on any optimization or dimensionality reduction technique, our experiments, indicatively exploiting an engineered feature, demonstrate a detection performance up to 96.7% in terms of the Area under the ROC Curve (AUC) metric. |
| format | Online Article Text |
| id | pubmed-9370851 |
| institution | National Center for Biotechnology Information |
| language | English |
| publishDate | 2022 |
| publisher | MDPI |
| record_format | MEDLINE/PubMed |
| spelling | pubmed-93708512022-08-12 Best of Both Worlds: Detecting Application Layer Attacks through 802.11 and Non-802.11 Features Chatzoglou, Efstratios Kambourakis, Georgios Smiliotopoulos, Christos Kolias, Constantinos Sensors (Basel) Article Intrusion detection in wireless and, more specifically, Wi-Fi networks is lately increasingly under the spotlight of the research community. However, the literature currently lacks a comprehensive assessment of the potential to detect application layer attacks based on both 802.11 and non-802.11 network protocol features. The investigation of this capacity is of paramount importance since Wi-Fi domains are often used as a stepping stone by threat actors for unleashing an ample variety of application layer assaults. In this setting, by exploiting the contemporary AWID3 benchmark dataset along with both shallow and deep learning machine learning techniques, this work attempts to provide concrete answers to a dyad of principal matters. First, what is the competence of 802.11-specific and non-802.11 features when used separately and in tandem in detecting application layer attacks, say, website spoofing? Second, which network protocol features are the most informative to the machine learning model for detecting application layer attacks? Without relying on any optimization or dimensionality reduction technique, our experiments, indicatively exploiting an engineered feature, demonstrate a detection performance up to 96.7% in terms of the Area under the ROC Curve (AUC) metric. MDPI 2022-07-28 /pmc/articles/PMC9370851/ /pubmed/35957190 http://dx.doi.org/10.3390/s22155633 Text en © 2022 by the authors. https://creativecommons.org/licenses/by/4.0/Licensee MDPI, Basel, Switzerland. This article is an open access article distributed under the terms and conditions of the Creative Commons Attribution (CC BY) license (https://creativecommons.org/licenses/by/4.0/). |
| spellingShingle | Article Chatzoglou, Efstratios Kambourakis, Georgios Smiliotopoulos, Christos Kolias, Constantinos Best of Both Worlds: Detecting Application Layer Attacks through 802.11 and Non-802.11 Features |
| title | Best of Both Worlds: Detecting Application Layer Attacks through 802.11 and Non-802.11 Features |
| title_full | Best of Both Worlds: Detecting Application Layer Attacks through 802.11 and Non-802.11 Features |
| title_fullStr | Best of Both Worlds: Detecting Application Layer Attacks through 802.11 and Non-802.11 Features |
| title_full_unstemmed | Best of Both Worlds: Detecting Application Layer Attacks through 802.11 and Non-802.11 Features |
| title_short | Best of Both Worlds: Detecting Application Layer Attacks through 802.11 and Non-802.11 Features |
| title_sort | best of both worlds: detecting application layer attacks through 802.11 and non-802.11 features |
| topic | Article |
| url | https://www.ncbi.nlm.nih.gov/pmc/articles/PMC9370851/ https://www.ncbi.nlm.nih.gov/pubmed/35957190 http://dx.doi.org/10.3390/s22155633 |
| work_keys_str_mv | AT chatzoglouefstratios bestofbothworldsdetectingapplicationlayerattacksthrough80211andnon80211features AT kambourakisgeorgios bestofbothworldsdetectingapplicationlayerattacksthrough80211andnon80211features AT smiliotopouloschristos bestofbothworldsdetectingapplicationlayerattacksthrough80211andnon80211features AT koliasconstantinos bestofbothworldsdetectingapplicationlayerattacksthrough80211andnon80211features |