SABADT: Hybrid Intrusion Detection Approach for Cyber Attacks Identification in WLAN
With the advancement of technology, the use of wireless media and devices are increasing every day. In particular, the use of wireless local area networks (WLAN) has increased rapidly in recent years and is expected to increase further. The current state of wireless local area network technologies m...
| Main Authors: | , , , |
|---|---|
| Format: | Article |
| Language: | English |
| Published: |
IEEE
2021-01-01
|
| Series: | IEEE Access |
| Subjects: | |
| Online Access: | https://ieeexplore.ieee.org/document/9622260/ |
| _version_ | 1818979141496602624 |
|---|---|
| author | Merve Ozkan-Okay Omer Aslan Recep Eryigit Refik Samet |
| author_facet | Merve Ozkan-Okay Omer Aslan Recep Eryigit Refik Samet |
| author_sort | Merve Ozkan-Okay |
| collection | DOAJ |
| description | With the advancement of technology, the use of wireless media and devices are increasing every day. In particular, the use of wireless local area networks (WLAN) has increased rapidly in recent years and is expected to increase further. The current state of wireless local area network technologies makes the network vulnerable to attacks ranging from passive listening to active intervention. Intrusion detection systems (IDSs) are being developed against these kinds of attacks. The IDSs play an important role in WLAN security by detecting and preventing malicious activities. However, most techniques used in IDSs cannot cope with dynamic and complex attacks. The aim of this study is to reduce the deficiencies in present IDSs for WLANs and build a more effective system which can detect unknown and complex attack variants dynamically. In this context, a methodology has been proposed. The proposed methodology basically has two contributions. The first contribution is the Feature Selection Approach (FSAP) to increase the speed of attack detection by reducing the number of used features. The second contribution is the hybrid attack detection technique, SABADT (Signature and Anomaly Based Attack Detection Technique), which detects attacks fast with high accuracy. The proposed methodology is implemented on the KDD’99 and UNSW-NB15 datasets. The obtained results are compared with existing machine learning techniques. The detection model is created by using KDD’99 and UNSW-NB15 training datasets and tested on the KDD’99 and UNSW-NB15 test datasets. The obtained 99.65% and 99.17% accuracy rates are quite high when compared to leading methods in the literature. In addition, common tools were used to obtain a mix of normal activities and current attack behaviors in order to test on novel attacks within the scope of the study. The different types of attacks were captured with the Wireshark tool. Some of the captured attacks were used only in the testing phase. In this test case, the attacks were detected with an accuracy rate of 99.69%. |
| first_indexed | 2024-12-20T16:54:49Z |
| format | Article |
| id | doaj.art-5245a22f018842cdab9b8e8d3613b153 |
| institution | Directory Open Access Journal |
| issn | 2169-3536 |
| language | English |
| last_indexed | 2024-12-20T16:54:49Z |
| publishDate | 2021-01-01 |
| publisher | IEEE |
| record_format | Article |
| series | IEEE Access |
| spelling | doaj.art-5245a22f018842cdab9b8e8d3613b1532022-12-21T19:32:45ZengIEEEIEEE Access2169-35362021-01-01915763915765310.1109/ACCESS.2021.31296009622260SABADT: Hybrid Intrusion Detection Approach for Cyber Attacks Identification in WLANMerve Ozkan-Okay0https://orcid.org/0000-0002-1071-2541Omer Aslan1https://orcid.org/0000-0003-0737-1966Recep Eryigit2https://orcid.org/0000-0002-4282-6340Refik Samet3https://orcid.org/0000-0001-8720-6834Department of Computer Engineering, Ankara University, Ankara, TurkeyDepartment of Computer Technologies, Bandırma 17 Eylül University, Bandırma, TurkeyDepartment of Computer Engineering, Ankara University, Ankara, TurkeyDepartment of Computer Engineering, Ankara University, Ankara, TurkeyWith the advancement of technology, the use of wireless media and devices are increasing every day. In particular, the use of wireless local area networks (WLAN) has increased rapidly in recent years and is expected to increase further. The current state of wireless local area network technologies makes the network vulnerable to attacks ranging from passive listening to active intervention. Intrusion detection systems (IDSs) are being developed against these kinds of attacks. The IDSs play an important role in WLAN security by detecting and preventing malicious activities. However, most techniques used in IDSs cannot cope with dynamic and complex attacks. The aim of this study is to reduce the deficiencies in present IDSs for WLANs and build a more effective system which can detect unknown and complex attack variants dynamically. In this context, a methodology has been proposed. The proposed methodology basically has two contributions. The first contribution is the Feature Selection Approach (FSAP) to increase the speed of attack detection by reducing the number of used features. The second contribution is the hybrid attack detection technique, SABADT (Signature and Anomaly Based Attack Detection Technique), which detects attacks fast with high accuracy. The proposed methodology is implemented on the KDD’99 and UNSW-NB15 datasets. The obtained results are compared with existing machine learning techniques. The detection model is created by using KDD’99 and UNSW-NB15 training datasets and tested on the KDD’99 and UNSW-NB15 test datasets. The obtained 99.65% and 99.17% accuracy rates are quite high when compared to leading methods in the literature. In addition, common tools were used to obtain a mix of normal activities and current attack behaviors in order to test on novel attacks within the scope of the study. The different types of attacks were captured with the Wireshark tool. Some of the captured attacks were used only in the testing phase. In this test case, the attacks were detected with an accuracy rate of 99.69%.https://ieeexplore.ieee.org/document/9622260/Wireless LANintrusion detection systemhybrid modelsignature based techniqueanomaly based techniquemachine learning |
| spellingShingle | Merve Ozkan-Okay Omer Aslan Recep Eryigit Refik Samet SABADT: Hybrid Intrusion Detection Approach for Cyber Attacks Identification in WLAN IEEE Access Wireless LAN intrusion detection system hybrid model signature based technique anomaly based technique machine learning |
| title | SABADT: Hybrid Intrusion Detection Approach for Cyber Attacks Identification in WLAN |
| title_full | SABADT: Hybrid Intrusion Detection Approach for Cyber Attacks Identification in WLAN |
| title_fullStr | SABADT: Hybrid Intrusion Detection Approach for Cyber Attacks Identification in WLAN |
| title_full_unstemmed | SABADT: Hybrid Intrusion Detection Approach for Cyber Attacks Identification in WLAN |
| title_short | SABADT: Hybrid Intrusion Detection Approach for Cyber Attacks Identification in WLAN |
| title_sort | sabadt hybrid intrusion detection approach for cyber attacks identification in wlan |
| topic | Wireless LAN intrusion detection system hybrid model signature based technique anomaly based technique machine learning |
| url | https://ieeexplore.ieee.org/document/9622260/ |
| work_keys_str_mv | AT merveozkanokay sabadthybridintrusiondetectionapproachforcyberattacksidentificationinwlan AT omeraslan sabadthybridintrusiondetectionapproachforcyberattacksidentificationinwlan AT receperyigit sabadthybridintrusiondetectionapproachforcyberattacksidentificationinwlan AT refiksamet sabadthybridintrusiondetectionapproachforcyberattacksidentificationinwlan |