Machine learning approach for detection of flooding DoS attacks in 802.11 networks and attacker localization

IEEE 802.11 Wi-Fi networks are prone to a large number of Denial of Service (DoS) attacks due to vulnerabilities at the media access control (MAC) layer of 802.11 protocol. In this work, we focus on the flooding DoS attacks in Wi-Fi networks. In flooding DoS attacks, a large number of legitimate looking spoofed requests are transmitted to a victim access point (AP). The processing of large number of spoofed frames results in a huge load at the AP, resulting in a flooding DoS attack. Current methods to detect the flooding DoS use encryption, signal characteristics, protocol modification, upgradation to newer standards etc. which are often expensive to operate and maintain. In this paper, we propose a novel Machine Learning (ML) based intrusion detection system along with intrusion prevention system (IPS) that not only detects the flooding DoS attacks in Wi-Fi networks, but also helps the victim station (STA) in recovering swiftly from the attack. To the best of our knowledge, the usage of ML based techniques for detection of flooding DoS attacks in 802.11 networks has largely been unexplored. The ML based IDS detects the flooding DoS attacks with a high accuracy (precision) and detection rate (recall). After the attack is detected, the location of the attacker is ascertained using Angle of Arrival based localization algorithm and traffic coming from the attacker region is blocked which helps in mitigating the effect of flooding DoS attack.