Selecting the Best Set of Features for Efficient Intrusion Detection in 802.11 Networks

Intrusion Detection Systems (IDS) are a major line of defense for protecting network resources from illegal penetrations. A common approach in intrusion detection models, specifically in anomaly detection models, is to use classifiers as detectors. Selecting the best set of features is very central to ensure the performance, speed of learning, accuracy, reliability of these detectors and to remove noise from the set of features used to construct the classifiers. In most current systems, the features used for training and testing the intrusion detection systems are basic information related to TCP/IP header, with no considerable attention to the features associated with lower level protocol frames. The resulting detectors were efficient and accurate in detecting network attacks at the network and transport layers, but unfortunately, not capable of detecting 802.11 specific attacks such as de-authentication attack or MAC layer DoS attacks. In this paper, we propose a hybrid model that efficiently selects the optimal set of features in order to detect 802.11 specific intrusions. Our model of feature selection uses the information gain ratio measure as a mean to compute the relevance of each feature and the k-means classifier to select the optimal set of MAC layer features that can improve the accuracy of intrusion detection systems while reducing the learning time of their learning algorithm.