EBDM: Ensemble binary detection models for multi-class wireless intrusion detection based on deep neural network

Abstract

To effectively detect network intrusions, Machine Learning (ML) based detection models usually integrate Feature Selection (FS) methods for data enhancements as the ensemble models to achieve better detection accuracy (ACC). Deep Neural Network (DNN) based detection models can detect large of attacks better than ML-based models and DNN based models usually integrate with Stack Auto Encoder (SAE) as for data enhancements. Some models adopt Random Sampling (RS) as Data Balancing (DB) method to enhance the training data and improve ACC. Aegean Wi-Fi Intrusion Dataset (AWID) is a dedicated dataset for WiFi networks and labels three different attack types: impersonation, injection, and flooding. However, the multi-class detection models cannot detect different types of wireless attacks simultaneously with the customized detection configurations for each type of attacks. Thus, we propose Ensemble Binary Detection Model (EBDM) to convert the multi-class detection as binary detection models. Each Binary Model (BM) provides dedicated binary detection for each target class instead of several classes. EBDM collects the best detection results from BMs to achieve better ACC than the classical multi-class detection model. To improve ACC, EBDM proposes new data enhancement mechanisms for FS, DB, and SAE, with the individual detection configurations for the target class in each BM. We propose Ensemble FS (EFS) consisting of three feature scoring methods, Classification And Regression Tree, Random Forest, and Extra Tree, and two feature selection methods, Support Vector Machine and Logical Regression, to provide six selected feature sets and choose the best feature set based on ACC in each BM. EBDM proposes Ensemble DB consisting of Tomek Link, SMOTE, and RS to enhance typical DB adopting RS and provide customized sampling size by the target class size in each BM. EBDM provides four Encoder Modes for SAE to determine the best feature extraction configuration for each BM. EBDM integrates Squeeze-and-Excitation block with DNN to enhance DNN performance. Based on the improved BMs with the customized configurations, EBDM selects the best p-value from BMs. The experiment results show that EBDM can detect three different types of wireless attacks in AWID more accurately than the related works in AWID based on the classical multi-class detection model