Lightweight real-time WiFi-based intrusion detection system using LightGBM

Attacks on WiFi networks can cause network failures and denial of service for authentic users. To identify such attacks, the deployment of a WiFi Intrusion Detection System (IDS) is crucial. The key objective of WiFi IDS is to protect the network by examining WiFi traffic and classifying it as an attack or normal. The state-of-the-art anomaly-based WiFi IDSs use machine learning (ML) to learn the characteristics of past attacks from WiFi traffic datasets. A lot of research is done on advanced ML-based IDSs but work on WiFi-based IDSs is very limited and is based on old ML models. Most of our communications and devices are dependent on WiFi, therefore there is a dire need to update WiFi IDSs with the latest lightweight ML models. Even though old ML models are effective, they have to suffer from large training and testing times along with high computational costs due to large traffic features and outdated algorithms. Moreover, with emerging technologies like the Internet of Things and big data, WiFi traffic is increasing rapidly. Therefore, the issue of computational cost needs to be addressed properly. Thus, in this research, we propose an efficient ML-based WiFi IDS that utilizes a lightweight state-of-the-art ML model and optimum feature selection to reduce computational cost and provide high performance. With the help of MAC layer information and radiotap headers, our WiFi IDS can detect WiFi attacks that go undetected through normal network-based IDS. The proposed WiFi IDS uses a Light Gradient Boosting Machine (LightGBM) that combines several weak learners into a single, better generalizable, strong learner and uses Gradient-based One Side Sampling to downsample data instances with small gradients during training. The experimental results prove that the proposed solution outperforms other classifiers in accuracy, precision, recall, F1 score, training time, and testing time. The proposed solution provides better accuracy with 26 times less training time and 20% less test time compared to XGBoost. The proposed solution can classify real-time WiFi traffic in the order of microseconds and can be trained efficiently with new data.