I. Introduction

II. Literature Review

III. Methodology

B. Preprocessing steps

As we mentioned before the dataset consists of (36,913,503) instances (30,387,099) normal traffic, and (6,526,404) malicious ones.

(49,990) instances for the Krack attack while (186,173) instances for the kr00k attack.

We will implement our experiment in two phases; the first phase consists of two classes (Krack, normal) and (kr00k, normal). While the second phase consists of muli-class(Krack, kr00k, and normal).

To highlight the importance of the preprocessing of the dataset before using it in the proposed model, we have used the chosen sample without any preprocessing and feature selection techniques. The first sample consists of (106971 kr00k traffic and 106791 normal one), while the second sample consists of (33180 Krack traffic) and (34000 normal one), with 254 features for both samples, as Shawn in Table 2.

We chose the following machine learning algorithms:

1)

Decision tree: the process for building a decision tree and the most commonly used criteria for splitting the data [42]:

-

Calculate an impurity measure for the entire dataset (e.g., Gini impurity or entropy).

-

For each feature, calculate the impurity measure of splitting the data based on the values of that feature.

-

Choose the feature that produces the lowest impurity measure after splitting the data.

-

Split the data based on the chosen feature and repeat the process for each resulting subset of data until a stopping criterion is met (e.g., a maximum depth is reached or the number of samples in a leaf node is below a certain threshold).

The equations for calculating impurity measures depend on the specific criterion being used. For example, the Gini impurity measure for a set of samples S with C classes is:

$$G\left(s\right)=1-\sum _{i=1}^c\underset{i}{\overset{2}{P}}$$

(6)

where p_i is the proportion of samples in S that belong to class i. The entropy impurity measure for the same set of samples S is:

$$H\left(s\right)=-\sum _{i=1}^c p_i {log}_2 p_i$$

(7)

where p_i is the same as above.

These impurity measures are used to evaluate the quality of each split and to choose the feature that produces the lowest impurity measure.

2)

Ensemble classifiers: combine multiple individual classifiers into a single ensemble classifier to improve the overall predictive performance. There are different types of ensemble classifiers, such as bagging, boosting, and stacking, and the equations used for each type can vary.

3)

SVM: Support Vector Machine (SVM) is a popular machine learning algorithm for classification, regression, and outlier detection. The main idea behind SVM is to find a hyperplane that separates the data into different classes with the largest margin possible. The equations used in SVM [43]:

$$f\left(x\right)=\mathrm{sign} ( \sum _{i=1}^N{\alpha }_i y_i K(x,x_i)+b))$$

(8)

where f (x) is the predicted class label, α_i is the Lagrange multiplier for the i-th training sample, y_i is the class label of the i-th training sample (either +1 or -1), K(x, x_i) is the kernel function that maps the input features x and x_i to a higher-dimensional space, and b is the bias term.

(9)

where w is the weight vector of the hyperplane.

(10)

where W (α) is the objective function to be maximized, C is a user-defined parameter that controls the trade-off between the margin and the number of training errors, and the constraints ensure that the Lagrange multipliers are non-negative and sum up to zero.

4)

Kernal: A kernel function is a function that maps the input data into a higher-dimensional space, where it is easier to find a separating hyperplane. The equation of linear Kernal [44]:

(11)

where x_i and x_j are the input features of the i-th and j-th training samples, respectively.

5)

KNN: K-Nearest Neighbors (KNN) is a simple yet effective machine learning algorithm used for classification and regression tasks. The basic idea behind KNN is to find the K nearest training samples to a given test sample based on a distance metric, and then use the labels of the K nearest neighbors to predict the label of the test sample. The equation of KNN can be represented as follow [42]:

(12)

where p is the number of features in each sample.

6)

Neural Network: Neural Networks are a powerful class of machine learning algorithms that are inspired by the structure and function of the human brain. A neural network consists of multiple layers of interconnected processing units called neurons, and the input data is processed through the network in a forward pass, with the output of each layer serving as the input to the next layer. Some equations used in neural networks [45]:

-

Activation function://

(13)

where z is the input to the neuron. The ReLU function is given by:

ReLU(z) = max(0, z)

(14)

where z is the input to the neuron.

-

Forward pass:

(15)

where y_j is the output of the j-th neuron in the layer, x_i is the i-th input to the layer, w_ij is the weight of the connection between the i-th input and the j-th neuron, b_j is the bias term of the j-th neuron, and f is the activation function.

-

Backpropagation:

(16)

(17)

where E is the error function, α is the learning rate, and and are the partial derivatives of the error concerning the weights and biases, respectively.

After applying different ML algorithms, using the cross-validation K=10, the accuracy results were very low, which is to be expected. The results are presented in Table 3

The accuracy results proved the importance of preprocessing steps since it’s a constructive and essential step for obtaining the correct data required to build a classifier, as shown in several types of research such as [46,47,48]. Data preprocessing, which aims to convert the raw data into a simpler and more efficient format for subsequent processing steps, is a crucial step in the knowledge discovery process because quality decisions must be based on quality data. Thus, the preprocessing procedures were carried out on the AWID3 dataset. The AWID3 consists of 13 CSV files with (36,913,503) instances, (30,387,099) normal traffic, and (6,526,404) malicious ones. That was studied and well understood.

1) 

Detecting Krack attack: According to the importance of preprocessing step as we mentioned before, the preprocessing procedure for the Krack dataset sample was as follows:

1-

Deleting the constant and empty features.

2-

Ignoring features that have more than 60% missing values.

3-

Replace missing values with NaN.

The remaining dataset consists of 67 features and (67180 instances) (33180 Krack traffic and (34000 Normal traffic).

After preprocessing the data, we applied different ML algorithms. Table 4 shows The performance of the learning algorithms after preprocessing.

For the same previous sample, we have used feature selection techniques to reduce the computing time and enhance the accuracy of the detection model. We chose the ANOVA FS technique, as Shawn in Figure 3 which is a widely used statistical approach for comparing different independent means.

(18)

In this equation, F_i represents the ANOVA F-value for the i-th feature, MS_B is the between-group mean square, MS_W is the within-group mean square, n_i is the number of samples in group i, k is the total number of groups, N is the total number of samples, $\overline{x}$ij is the mean of the j-th sample in group i, $\overline{x}$ is the overall mean, and xijl is the l-th feature value of the j-th

sample in group i.

The features ranked in the ANOVA method by calculating the variance ratio between and within groups [49]. The accuracy results after applying ANOVA feature selection (FS=15), are shown in Table 5.

The results proved the necessity of processing the dataset since an efficient result depends on efficient data, furthermore, the results show improvement in accuracy results when we used feature selection techniques, as Figure 4 shows.

The best accuracy results that we got were from the Ensemble classifier with 99.1% in addition to 1.8% False Negative Rate, followed by Naive Bayes with 95% accuracy result and 2.3% False Negative Rate.

2) 

Detecting Kr00k attack: This sample consists of 235,064 instances; (106971 kr00k traffic and 128093 normal ones), the preprocessing procedure for the Krack dataset sample was as follows:

1-

Deleting the constant and empty features.

2-

Ignoring features with more than 60% missing values, the remaining features are 63.

3-

Replace missing values with NaN.

The remaining dataset consists of 63 features and 235,064 instances.

After preprocessing the data, we applied different ML algorithms. Table 6 shows The performance of the learning algorithms after preprocessing.

For the same previous sample, we have used ANOVA feature selection techniques to reduce the computing time and enhance the accuracy of the detection model. As Shawn in Figure 5 which is a widely used statistical approach for comparing different independent means.

The accuracy results after applying ANOVA feature selection (FS=15), are shown in Table 7. After applying the Ml algorithms on the chosen sample three times; without any process for the dataset, with preprocess and with FS, we can realize that the preprocess step is a critical and essential step in data mining to get accurate results. Especially in dealing with such data which suffer from high dimensionality imbalance and overfitting of the data. The accuracy results for the mentioned steps are presented in Figure 6. The best accuracy that we got was for Neural Network and SVM with 96.7%. We can conclude from Figure 6 how the accuracy affects by FS and prepossessing the dataset before applying any ML algorithms on it.

Multi Class Detection: In this phase, we will use a sample consisting of three classes(Krack, Kr00k, and Nominal), 15,000 instances, and 254 features. Due to the importance of preprocessing as we noted in the previous subsections, we have applied the preprocessing steps in the chosen sample. Where we removed the empty features and the features with constant values, in addition to replacing all the empty cells in the remaining features with NaN. Then we applied ML algorithms using the classification linear application on MATLAB. The performance of the ML algorithms is presented in Table 8, the table presented the accuracy results using FS with NOVA algorithm techniques and without using FS.

The accuracy results for the mentioned steps are presented in Figure 7.

The best accuracy that we achieved without using FS was for KNN 67.4%, while when we applied the ANOVA FS the performance increased in all the used algorithms. The best accuracy was achieved by the Ensemble classifier with 90.7%, and for the Decision tree with 88.3%.

IV. Results and Discussion

Table 8. The performance of the learning algorithms-multi class.

Table 8. The performance of the learning algorithms-multi class.

V. Conclusion

References

1. Alraih, S.; Shayea, I.; Behjati, M.; Nordin, R.; Abdullah, N.F.; Abu-Samah, A.; Nandi, D. Revolution or Evolution? Technical Requirements and Considerations towards 6G Mobile Communications. Sensors 2022, 22, 762. [Google Scholar] [CrossRef]
2. Chettri, L.; Bera, R. A Comprehensive Survey on Internet of Things (IoT) Toward 5G Wireless Systems. IEEE Internet Things J. 2019, 7, 16–32. [Google Scholar] [CrossRef]
3. Ahn, V.T.H.; Ma, M. A Secure Authentication Protocol with Performance Enhancements for 4G LTE/LTE-A Wireless Networks. In Proceedings of the 2021 3rd International Electronics Communication Conference (IECC), Ho Chi Minh City, Vietnam, 8–10 July 2021; pp. 28–36. [Google Scholar]
4. Prabha, P.A.; Arjun, N.; Gogul, J.; Prasanth, S.D. Two-Way Economical Smart Device Control and Power Consumption Prediction System. In Proceedings of the International Conference on Recent Trends in Computing, Ghaziabad, India, 4–5 June 2021; Springer: Singapore, 2022; pp. 415–429. [Google Scholar]
5. Liyanage, M.; Braeken, A.; Jurcut, A.D.; Ylianttila, M.; Gurtov, A. Secure communication channel architecture for Software Defined Mobile Networks. Comput. Netw. 2017, 114, 32–50. [Google Scholar] [CrossRef]
6. Gurtov, A.; Liyanage, M.; Ylianttila, M. Software Defined Mobile Networks (SDMN): Beyond LTE Network Architecture; John Wiley & Sons: Hoboken, NJ, USA, 2015. [Google Scholar]
7. Park, J.H.; Rathore, S.; Singh, S.K.; Salim, M.M.; Azzaoui, A.; Kim, T.W.; Pan, Y.; Park, J.H. A comprehensive survey on core technologies and services for 5g security: Taxonomies, issues, and solutions. Hum.-Centric Comput. Inf. Sci. 2021, 11, 3. [Google Scholar]
8. Gupta, S.; Parne, B.L.; Chaudhari, N.S. Security vulnerabilities in handover authentication mechanism of 5g network. In Proceedings of the 2018 First International Conference on Secure Cyber Computing and Communication (ICSCCC), Jalandhar, India, 15–17 December 2018; IEEE: Piscataway, NJ, USA, 2018; pp. 369–374. [Google Scholar]
9. Borgaonkar, R.; Tøndel, I.A.; Degefa, M.Z.; Jaatun, M.G. Improving smart grid security through 5G enabled IoT and edge computing. Concurr. Comput. Pract. Exp. 2021, 33, e6466. [Google Scholar] [CrossRef]
10. Gonzalez, A.J.; Grønsund, P.; Dimitriadis, A.; Reshytnik, D. Information security in a 5g facility: An implementation experience. In Proceedings of the 2021 Joint European Conference on Networks and Communications & 6G Summit (EuCNC/6G Summit), Porto, Portugal, 8–11 June 2021; IEEE: Piscataway, NJ, USA, 2021; pp. 425–430. [Google Scholar]
11. Kim, H. 5G core network security issues and attack classification from network protocol perspective. J. Internet Serv. Inf. Secur. 2020, 10, 1–15. [Google Scholar]
12. Mohan, J.P.; Sugunaraj, N.; Ranganathan, P. Cyber security threats for 5g networks. In Proceedings of the 2022 IEEE International Conference on Electro Information Technology (eIT), Mankato, MN, USA, 19–22 May 2022; IEEE: Piscataway, NJ, USA, 2022; pp. 446–454. [Google Scholar]
13. Tsiknas, K.; Taketzis, D.; Demertzis, K.; Skianis, C. Cyber Threats to Industrial IoT: A Survey on Attacks and Countermeasures. IoT 2021, 2, 163–186. [Google Scholar] [CrossRef]
14. Muthuramalingam, S.; Thangavel, M.; Sridhar, S. A review on digital sphere threats and vulnerabilities. In Combating Security Breaches and Criminal Activity in the Digital Sphere; IGI Global: Hershey, PA, USA, 2016; pp. 1–21. [Google Scholar]
15. Klaine, P.V.; Imran, M.A.; Onireti, O.; Souza, R.D. A Survey of Machine Learning Techniques Applied to Self-Organizing Cellular Networks. IEEE Commun. Surv. Tutor. 2017, 19, 2392–2431. [Google Scholar] [CrossRef]
16. Klautau, A.; Batista, P.; Gonza, N.; Wang, Y.; Heath, R.W. 5G mimo data for machine learning: Application to beam-selection using deep learning. In Proceedings of the 2018 Information Theory and Applications Workshop (ITA), San Diego, CA, USA, 11–16 February 2018; IEEE: Piscataway, NJ, USA, 2018; pp. 1–9. [Google Scholar]
17. Kafle, V.P.; Fukushima, Y.; Martinez-Julia, P.; Miyazawa, T. Consideration on Automation of 5G Network Slicing with Machine Learning. In Proceedings of the 2018 ITU Kaleidoscope: Machine Learning for a 5G Future, Santa Fe, Argentina, 26–28 November 2018. [Google Scholar]
18. Sofi, I.B.; Gupta, A. A survey on energy efficient 5G green network with a planned multi-tier architecture. J. Netw. Comput. Appl. 2018, 118, 1–28. [Google Scholar] [CrossRef]
19. Ioannou, I.; Christophorou, C.; Vassiliou, V.; Pitsillides, A. A distributed AI/ML framework for D2D Transmission Mode Selection in 5G and beyond. Comput. Netw. 2022, 210, 108964. [Google Scholar] [CrossRef]
20. Nassef, O.; Sun, W.; Purmehdi, H.; Tatipamula, M.; Mahmoodi, T. A survey: Distributed Machine Learning for 5G and beyond. Comput. Netw. 2022, 207, 108820. [Google Scholar] [CrossRef]
21. Babu, K.V.; Das, S.; Sree, G.N.J.; Patel, S.K.; Saradhi, M.P.; Tagore, M. Design and development of miniaturized MIMO antenna using parasitic elements and Machine learning (Ml) technique for lower sub 6 GHz 5G applications. AEU-Int. J. Electron. Commun. 2022, 153, 154281. [Google Scholar] [CrossRef]
22. Yang, L.; Li, J.; Yin, L.; Sun, Z.; Zhao, Y.; Li, Z. Real-Time Intrusion Detection in Wireless Network: A Deep Learning-Based Intelligent Mechanism. IEEE Access 2020, 8, 170128–170139. [Google Scholar] [CrossRef]
23. Berisha, V.; Krantsevich, C.; Hahn, P.R.; Hahn, S.; Dasarathy, G.; Turaga, P.; Liss, J. Digital medicine and the curse of dimensionality. NPJ Digit. Med. 2021, 4, 153. [Google Scholar] [CrossRef]
24. Lee, S.J.; Yoo, P.D.; Asyhari, A.T.; Jhi, Y.; Chermak, L.; Yeun, C.Y.; Taha, K. IMPACT: Impersonation attack detection via edge computing using deep autoencoder and feature abstraction. IEEE Access 2020, 8, 65520–65529. [Google Scholar] [CrossRef]
25. Kolias, C.; Kambourakis, G.; Stavrou, A.; Gritzalis, S. Intrusion Detection in 802.11 Networks: Empirical Evaluation of Threats and a Public Dataset. IEEE Commun. Surv. Tutor. 2015, 18, 184–208. [Google Scholar] [CrossRef]
26. Chatzoglou, E.; Kambourakis, G.; Kolias, C. Empirical evaluation of attacks against IEEE 802.11 enterprise networks: The awid3 dataset. IEEE Access 2021, 9, 34188–34205. [Google Scholar] [CrossRef]
27. Kolias, C.; Kolias, V.; Kambourakis, G. TermID: A distributed swarm intelligence-based approach for wireless intrusion detection. Int. J. Inf. Secur. 2017, 16, 401–416. [Google Scholar] [CrossRef]
28. Aminanto, M.E.; Choi, R.; Tanuwidjaja, H.C.; Yoo, P.D.; Kim, K. Deep Abstraction and Weighted Feature Selection for Wi-Fi Impersonation Detection. IEEE Trans. Inf. Forensics Secur. 2017, 13, 621–636. [Google Scholar] [CrossRef]
29. Diro, A.; Chilamkurti, N. Leveraging LSTM Networks for Attack Detection in Fog-to-Things Communications. IEEE Commun. Mag. 2018, 56, 124–130. [Google Scholar] [CrossRef]
30. Sethuraman, S.C.; Dhamodaran, S.; Vijayakumar, V. Intrusion detection system for detecting wireless attacks in IEEE 802.11 networks. IET Netw. 2019, 8, 219–232. [Google Scholar] [CrossRef]
31. Kasongo, S.M.; Sun, Y. A deep learning method with wrapper based feature extraction for wireless intrusion detection system. Comput. Secur. 2020, 92, 101752. [Google Scholar] [CrossRef]
32. Zhou, Y.; Cheng, G.; Jiang, S.; Dai, M. Building an efficient intrusion detection system based on feature selection and ensemble classifier. Comput. Netw. 2020, 174, 107247. [Google Scholar] [CrossRef]
33. Hacılar, H.; Aydın, Z.; Güngör, V.Ç. Intrusion Detection with Bayesian Optimization on Imbalance Wired Wireless and Software-Defined Networking Traffics. Available online: https://www.researchgate.net/publication/357833330_Intrusion_Detection_with_Bayesian_Optimization_on_Imbalance_Wired_Wireless_and_Software-Defined_Networking_Traffics (accessed on 1 July 2023).
34. Wilson, R.; Linekar, R. Towards effective wireless intrusion detection using awid dataset. 2021. [Google Scholar]
35. Bhandari, S.; Kukreja, A.K.; Lazar, A.; Sim, A.; Wu, K. Feature selection improves tree-based classification for wireless intrusion detection. In Proceedings of the 3rd International Workshop on Systems and Network Telemetry and Analytics, Stockholm, Sweden, 23 June 2020; pp. 19–26. [Google Scholar]
36. Rahman, M.A.; Asyhari, A.T.; Leong, L.; Satrya, G.; Tao, M.H.; Zolkipli, M. Scalable machine learning-based intrusion detection system for iot-enabled smart cities. Sustain. Cities Soc. 2020, 61, 102324. [Google Scholar] [CrossRef]
37. Agrawal, A.; Chatterjee, U.; Maiti, R.R. Ktracker: Passively tracking krack using ml model. In Proceedings of the Twelveth ACM Conference on Data and Application Security and Privacy, Baltimore, MD, USA, 24–27 April 2022; pp. 364–366. [Google Scholar]
38. Fontes, R.D.R.; Rothenberg, C.E. On the Krack Attack: Reproducing Vulnerability and a Software-Defined Mitigation Approach, (2018). Available online: https://api.semanticscholar.org/CorpusID:51995777 (accessed on 1 July 2023).
39. Vanhoef, M.; Piessens, F. Key reinstallation attacks: Forcing nonce reuse in wpa2. In Proceedings of the 2017 ACM SIGSAC Conference on Computer and Communications Security, Dallas, TX, USA, 30 October–3 November 2017; pp. 1313–1328. [Google Scholar]
40. Kohlios, C.P.; Hayajneh, T. A Comprehensive Attack Flow Model and Security Analysis for Wi-Fi and WPA3. Electronics 2018, 7, 284. [Google Scholar] [CrossRef]
41. Čermák, M.; Svorenčík, S.; Lipovský, R. Kr00k-cve-2019-15126–Serious Vulnerability Deep Inside Your Wi-Fi Encryption; ESET Research White Paper, Bratislava, Slovak Republic; 2020. Available online: https://web-assets.esetstatic.com/wls/2020/02/ESET_Kr00k.pdf (accessed on 1 July 2023).
42. Hastie, T.; Tibshirani, R.; Friedman, J.H.; Friedman, J.H. The Elements of Statistical Learning: Data Mining, Inference, and Prediction; Springer: Berlin/Heidelberg, Germany, 2009; Volume 2. [Google Scholar]
43. Cortesc, V. Support vector networks. Mach. Learn. 1995, 20, 273–297. [Google Scholar] [CrossRef]
44. Shawe-Taylor, J.; Cristianini, N. Kernel Methods for Pattern Analysis; Cambridge University Press: Cambridge, UK, 2004. [Google Scholar]
45. Goodfellow, I.; Bengio, Y.; Courville, A. Deep Learning; MIT Press: Cambridge, MA, USA, 2016. [Google Scholar]
46. Alam, S.; Yao, N. The impact of preprocessing steps on the accuracy of machine learning algorithms in sentiment analysis. Comput. Math. Organ. Theory 2019, 25, 319–335. [Google Scholar] [CrossRef]
47. Go, A.; Bhayani, R.; Huang, L. Twitter Sentiment Classification Using Distant Supervision; CS224N Project Report; Stanford University: Stanford, CA, USA, 2009. [Google Scholar]
48. Kubik, C.; Knauer, S.M.; Groche, P. Smart sheet metal forming: Importance of data acquisition, preprocessing and transformation on the performance of a multiclass support vector machine for predicting wear states during blanking. J. Intell. Manuf. 2022, 33, 259–282. [Google Scholar] [CrossRef]
49. Nasiri, H.; Alavi, S.A. A Novel Framework Based on Deep Learning and ANOVA Feature Selection Method for Diagnosis of COVID-19 Cases from Chest X-Ray Images. Comput. Intell. Neurosci. 2022, 2022, 4694567. [Google Scholar] [CrossRef]
50. Zebari, R.; Abdulazeez, A.; Zeebaree, D.; Zebari, D.; Saeed, J. A Comprehensive Review of Dimensionality Reduction Techniques for Feature Selection and Feature Extraction. J. Appl. Sci. Technol. Trends 2020, 1, 56–70. [Google Scholar] [CrossRef]
51. Belkin, M.; Hsu, D.; Ma, S.; Mandal, S. Reconciling modern machine-learning practice and the classical bias–variance trade-off. Proc. Natl. Acad. Sci. USA 2019, 116, 15849–15854. [Google Scholar] [CrossRef] [PubMed]
52. Alperin, K.; Joback, E.; Shing, L.; Elkin, G. A framework for unsupervised classificiation and data mining of tweets about cyber vulnerabilities. arXiv 2021, arXiv:2104.11695. [Google Scholar]
53. Chatzoglou, E.; Kambourakis, G.; Smiliotopoulos, C.; Kolias, C. Best of both worlds: Detecting application layer attacks through 802.11 and non-802.11 features. Sensors 2022, 22, 5633. [Google Scholar] [CrossRef] [PubMed]
54. Muhati, E.; Rawat, D.B. Asynchronous Advantage Actor-Critic (A3C) Learning for Cognitive Network Security. In Proceedings of the 2021 Third IEEE International Conference on Trust, Privacy and Security in Intelligent Systems and Applications (TPS-ISA), Virtual, 13–15 December 2021; pp. 106–113. [Google Scholar]
55. Zheng, C.; Zang, M.; Hong, X.; Bensoussane, R.; Vargaftik, S.; Ben-Itzhak, Y.; Zilberman, N. Automating in-network machine learning. arXiv 2022, arXiv:2205.08824. [Google Scholar]