Features for each attack.

The widespread use of wireless networks to transfer an enormous amount of sensitive information has caused a plethora of vulnerabilities and privacy issues. The management frames, particularly authentication and association frames, are vulnerable to cyberattacks and it is a significant concern. Existing research in Wi-Fi attack detection focused on obtaining high detection accuracy while neglecting modern traffic and attack scenarios such as key reinstallation or unauthorized decryption attacks. This study proposed a novel approach using the AWID 3 dataset for cyberattack detection. The retained features were analyzed to assess their transferability, creating a lightweight and cost-effective model. A decision tree with a recursive feature elimination method was implemented for the extraction of the reduced features subset, and an additional feature wlan_radio.signal_dbm was used in combination with the extracted feature subset. Several deep learning and machine learning models were implemented, where DT and CNN achieved promising classification results. Further, feature transferability and generalizability were evaluated, and their detection performance was analyzed across different network versions where CNN outperformed other classification models. The practical implications of this research are crucial for the secure automation of wireless intrusion detection frameworks and tools in personal and enterprise paradigms.

无线网络被广泛用于传输海量敏感信息，由此引发了大量漏洞与隐私安全问题。其中管理帧——尤其是认证与关联帧——极易遭受网络攻击，这已成为一项重大安全隐患。当前Wi-Fi攻击检测领域的现有研究多聚焦于提升检测准确率，却忽视了现代流量与密钥重装攻击、未授权解密攻击等新型攻击场景。本研究提出了一种基于AWID 3数据集的新型网络攻击检测方法：首先对筛选保留的特征开展可迁移性分析，以构建轻量且高性价比的检测模型；随后采用结合递归特征消除法的决策树（Decision Tree, DT）提取精简特征子集，并额外引入wlan_radio.signal_dbm特征与该特征子集联用。本研究搭建了多种深度学习与机器学习模型，其中决策树（DT）与卷积神经网络（Convolutional Neural Network, CNN）取得了优异的分类效果。此外，研究还评估了特征的可迁移性与泛化能力，并在不同网络版本下分析了检测性能，结果显示卷积神经网络（CNN）的表现优于其他分类模型。本研究的成果对于个人与企业场景下无线入侵检测框架及工具的安全自动化具有重要的实践价值。