Muhamad Erza Aminanto

Deep Abstraction and Weighted Feature Selection for Wi-Fi Impersonation Detection

The recent advances in mobile technologies have resulted in Internet of Things (IoT)-enabled devices becoming more pervasive and integrated into our daily lives. The security challenges that need to be overcome mainly stem from the open nature of a wireless medium, such as a Wi-Fi network. An impersonation attack is an attack in which an adversary is disguised as a legitimate party in a system or communications protocol. The connected devices are pervasive, generating high-dimensional data on a large scale, which complicates simultaneous detections. Feature learning, however, can circumvent the potential problems that could be caused by the large-volume nature of network data. This paper thus proposes a novel deep-feature extraction and selection (D-FES), which combines stacked feature extraction and weighted feature selection. The stacked autoencoding is capable of providing representations that are more meaningful by reconstructing the relevant information from its raw inputs. We then combine this with modified weighted feature selection inspired by an existing shallow-structured machine learner. We finally demonstrate the ability of the condensed set of features to reduce the bias of a machine learner model as well as the computational complexity. Our experimental results on a well-referenced Wi-Fi network benchmark data set, namely, the Aegean Wi-Fi Intrusion data set, prove the usefulness and the utility of the proposed D-FES by achieving a detection accuracy of 99.918% and a false alarm rate of 0.012%, which is the most accurate detection of impersonation attacks reported in the literature.

Detecting Impersonation Attack in WiFi Networks Using Deep Learning Approach

WiFi network traffics will be expected to increase sharply in the coming years, since WiFi network is commonly used for local area connectivity. Unfortunately, there are difficulties in WiFi network research beforehand, since there is no common dataset between researchers on this area. Recently, AWID dataset was published as a comprehensive WiFi network dataset, which derived from real WiFi traces. The previous work on this AWID dataset was unable to classify Impersonation Attack sufficiently. Hence, we focus on optimizing the Impersonation Attack detection. Feature selection can overcome this problem by selecting the most important features for detecting an arbitrary class. We leverage Artificial Neural Network (ANN) for the feature selection and apply Stacked Auto Encoder (SAE), a deep learning algorithm as a classifier for AWID Dataset. Our experiments show that the reduced input features have significantly improved to detect the Impersonation Attack.

Summary and Further Challenges

This last chapter concludes this monograph by providing a closing statement regarding the advantage of using deep learning models for IDS purposes and why those models can improve IDS performance. Afterward, the overview of challenges and future research directions in deep learning applications for IDS is suggested.

Deep Learning-Based IDSs

This chapter reviews recent IDSs leveraging deep learning models as their methodology which were published during 2016 and 2017. The critical issues like problem domain, methodology, dataset, and experimental result of each publication will be discussed. These publications can be classified into three different categories according to deep learning classification in Chap. 4, namely, generative, discriminative, and hybrid. The generative model group consists of IDSs that use deep learning models for feature extraction only and use shallow methods for the classification task. The discriminative model group contains IDSs that use a single deep learning method for both feature extraction and classification task. The hybrid model group includes IDSs that use more than one deep learning method for generative and discriminative purposes. All IDSs are compared to overview the advancement of deep learning in IDS researches.

Classical Machine Learning and Its Applications to IDS

This chapter provides a brief preliminary study regarding classical machine learning which consists of six different models: supervised, unsupervised, semi-supervised, weakly supervised, reinforcement, and adversarial machine learning. Then, the 22 papers are surveyed, which use machine-learning techniques for their IDSs.

Network Intrusion Detection using Deep Learning: A Feature Learning Approach

This chapter discusses the importance of IDS in computer networks while wireless networks grow rapidly these days by providing a survey of a security breach in wireless networks. Many methods have been used to improve IDS performance, the most promising one is to deploy machine learning. Then, the usefulness of recent models of machine learning, called a deep learning, is highlighted to improve IDS performance, particularly as a Feature Learning (FL) approach. We also explain the motivation of surveying deep learning-based IDSs. Computer networks and Internet are inseparable from human life today. Abundant applications rely on Internet, including life-critical applications in healthcare and military. Moreover, extravagant financial transactions exist over the Internet every day. This rapid growth of the Internet has led to a significant increase in wireless network traffic in recent years. According to a worldwide telecommunication consortium, Mobile and Wireless Communications Enablers for the Twenty-Twenty Information Society (METIS) [1], a proliferation of 5G and Wi-Fi networks is expected to occur in the next decades. They believe that avalanche of mobile and wireless traffic volume will occur due to the development of society needs to be fulfilled. Applications such as e-learning, e-banking, and e-health would spread and become more mobile. By 20201 wireless network traffic is anticipated to account for two-thirds of total Internet traffic—with 66% of IP traffic expected to be generated by Wi-Fi and cellular devices only. Cyber-attacks have become an immense growing rate as Internet of Things (IoT) are widely used these days [2]. IBM [3] reported an enormous account hijacked during 2016, and spam emails are four times higher than the previous year. Common attacks noticed in the same 1Cisco Visual Networking Index: Forecast and Methodology 2015–2020, published at www.cisco. com/c/en/us/solutions/collateral/service-provider/visual-networking-index-vni/complete-whitepaper-c11-481360.html

Deep Feature Learning

FL is a technique that models the behavior of data from a subset of attributes only. It also shows the correlation between detection performance and traffic model quality efficiently (Palmieri et al., Concurrency Comput Pract Exp 26(5):1113–1129, 2014). However, feature extraction and feature selection are different. Feature extraction algorithms derive new features from the original features to (i) reduce the cost of feature measurement, (ii) increase classifier efficiency, and (iii) improve classification accuracy, whereas feature selection algorithms select no more than m features from a total of M input features, where m is smaller than M. Thus, the newly generated features were merely selected from the original features without any transformation. However, their goal is to derive or select a characteristic feature vector with a lower dimensionality which is used for the classification task. One advantage of deep learning models is processing underlying data from the input which suits for FL tasks. Therefore, we discuss this critical role of deep learning in IDS as Deep Feature Extraction and Selection (D-FES) and deep learning for clustering.

Improving Detection of Wi-Fi Impersonation by Fully Unsupervised Deep Learning.

Intrusion Detection System (IDS) has been becoming a vital measure in any networks, especially Wi-Fi networks. Wi-Fi networks growth is undeniable due to a huge amount of tiny devices connected via Wi-Fi networks. Regrettably, adversaries may take advantage by launching an impersonation attack, a common wireless network attack. Any IDS usually depends on classification capabilities of machine learning, which supervised learning approaches give the best performance to distinguish benign and malicious data. However, due to massive traffic, it is difficult to collect labeled data in Wi-Fi networks. Therefore, we propose a novel fully unsupervised method which can detect attacks without prior information on data label. Our method is equipped by an unsupervised stacked autoencoder for extracting features and a k-means clustering algorithm for clustering task. We validate our method using a comprehensive Wi-Fi network dataset, Aegean Wi-Fi Intrusion Dataset (AWID). Our experiments show that by using fully unsupervised approach, our method is able to classify impersonation attack in Wi-Fi networks with 92% detection rate without any label needed during training.