Skip to content

larbi1512/WLAN-Intrusion-Detection-with-AI-

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

22 Commits
assests
assests
 
 
classification
classification
 
 
README.md
README.md
 
 
anomaly_detection.ipynb
anomaly_detection.ipynb
 
 
app.py
app.py
 
 

Repository files navigation

📡 WLAN Intrusion Detection with AI – Modeling Phase

This project enhances WLAN security through machine learning models capable of detecting wireless network attacks. The modeling pipeline includes both classification and anomaly detection models trained on realistic network traffic data.

📊 Dataset

We used the IoT-23 dataset from Kaggle, which contains labeled benign and malicious network traffic. Preprocessing steps included:

  • Removing redundant and highly sparse features (>50% missing).
  • Encoding categorical features numerically.
  • Filling remaining missing values with zeros.
  • Addressing class imbalance using under- and oversampling.

🧠 Supervised Learning Pipeline

🔍 Per-Attack Preprocessing

Four attack datasets were processed individually:

  • Deauthentication
  • Evil Twin
  • KRACK
  • Rogue AP

Steps:

  • Dropped sparse features.
  • Balanced training data (undersample Normal, oversample Attack).
  • Retained top 20 features per attack using Random Forest.

🔗 Merging Datasets

  • Identified 63 common features across all attacks.
  • Merged and deduplicated Normal samples for unbalanced dataset.
  • Built a balanced merged dataset for comprehensive modeling.

⚙️ Classification Phases

1️⃣ 1-Phase Classification (Unbalanced)

  • Model: Random Forest with 63 features
  • Results: Excellent performance on Normal, poor on attacks
  • Macro F1-score: 0.42

2️⃣ 1-Phase with Feature Selection (9 Features)

  • Selected common top features across attacks
  • Improved performance on Krack
  • Macro F1-score: 0.52

3️⃣ 2-Phase Classification

🔸 Phase 1: Binary (Attack vs Normal)

  • Trained with 21 engineered features → filtered to 15 based on importance
  • Final model: n_estimators=25, max_depth=12
  • F1-scores: Attack: 1.00, Normal: 1.00
  • Accuracy: 100%

🔸 Phase 2: Multi-Class (Among Attacks)

  • Filtered dataset to only attack instances
  • Used selected features
  • F1-scores: All attack types = 1.00

✅ Combined Classifier Results

  • Overall Accuracy: ~100%
  • Perfect recall for all attacks
  • Lower precision for Rogue AP due to rare samples

🔍 Anomaly Detection

Model ROC-AUC F1-Score
Isolation Forest 0.655 0.29
One-Class SVM 0.864 0.29
Autoencoder 0.900 0.95
  • Autoencoder outperformed other models, showing strong anomaly detection capabilities using reconstruction error.

📂 Dataset Structure (Modeling Files)

File Description
X_*_train, y_*_train Per-attack raw training data
X_*_train_balanced, y_*_train_balanced Balanced attack training sets
X_train_merged, y_train_merged Merged unbalanced training data
X_train_balanced_merged, y_train_balanced_merged Final merged balanced dataset
X_test_merged, y_test_merged Unified test set for all attacks

📸 Streamlit App & Test Results

Network Attack Classifier Network Attack Classifier

🚀 Future Enhancements

  • Integrate deep learning models (e.g., LSTM, CNNs)
  • Expand dataset with more attack types
  • Build a fully automated alert & response system
  • Optimize for real-time edge deployment

👨‍💻 Authors

  • Maroua BOUDERKA
  • Larbi SAID CHIKH
  • Mira Thiziri SINIANE
  • Marouane Abdeldjalil OULAD ALI
  • Hana AFRA

About

this project enhances wlan security using ML models capable of detecting wireless networks attacks

Topics

security classification anomaly-detection wlan-traffic

Resources

Readme
Activity

Stars

5 stars

Watchers

1 watching

Forks

0 forks
Report repository

Releases

No releases published

Packages

No packages published

Contributors 3

  •  
  •  
  •  

Languages