Anomaly based intrusion detection for 802.11 networks with optimal features using SVM classifier

The Wireless Fidelity (WiFi) is a widely used wireless technology due to its flexibility and mobility in the presence of vulnerable security features. Several attempts to secure 802.11 standard ends up with the inadequate security mechanisms that are vulnerable to various attacks and intrusions. Thus, integration of external defense mechanism like intrusion detection system (IDS) is inevitable. An anomaly-based IDS employs machine learning algorithms to detect attacks. Selecting the best set of features is central to ensure the performance of the classifier in terms of speed of learning, accuracy, and reliability. This paper proposes a normalized gain based IDS for MAC Intrusions (NMI) to improve the IDS performance significantly. The proposed NMI includes two primary components OFSNP and DCMI. The first component is optimal feature selection using NG and PSO (OFSNP) and the second component is Detecting and Categorizing MAC 802.11 Intrusions (DCMI) using SVM classifier. The OFSNP ranks the features using an independent measure as normalized gain (NG) and selects the optimal set of features using semi-supervised clustering (SSC). The SSC is based on particle swarm optimization (PSO) that uses labeled and unlabeled features simultaneously to find a group of optimal features. Using the optimal set of features, the proposed DCMI utilizes a rapid and straightforward support vector machine (SVM) learning that classifies the attacks under the appropriate classes. Thus, the proposed NMI achieves a better trade-off between detection accuracy and learning time. The experimental results show that the NMI accurately detects and classifies the 802.11 specific intrusions and also, it reduces the false positives and computation complexity by decreasing the number of features.