awid3 dataset

1. COMPARATIVE EFFICACY OF MCDM-BASED FEATURE
SELECTION AGAINST TRADITIONAL METHODS FOR NETWORK
INTRUSION DETECTION USING LIGHT-GBM ON AWID3
DATASET
Presented by:
Piyush Kumar (2023PGCSIS04)
Supervised by:
Dr. Binod Kumar Singh (Associate Professor)
Department of Computer Science & Engineering
National Institute of Technology
Jamshedpur-831014 (India)

2. CONTENT
1. INTRODUCTION
2. OBJECTIVE
3. LITERATURE SURVEY
4. PROPOSED WORKS
5. RESULTS & COMPARISION
6. CONCLUSION
7. FUTURE WORKS
8. REFERENCES
2

3.  Attacker gets unauthorized access to system.
 Observes network traffic for malicious transactions and sends immediate alerts
 Build a predictive model capable of distinguishing between ‘bad’ (attacks) and ‘good’ (normal)
connections.
 The 'behind-the-firewall' placement allows the IDS with high visibility of incoming network traffic
and will not receive unnecessary traffic between users and network.
3
Introduction
N.I.D.S.

4. 1.Yahoo-Data breaches and security issues
damaged brand.
2.Spambot leaked records.
3.Jerico. Pictures got filed lawsuits against
them. ’USDoD’ named user leaked in dark
web. 4
Attacks Statistics

5. Sl No. Author & Reference Title Abstract
1 Yonbawi et al.
Transferability Evaluation
in Wi-Fi IDS Through ML
AND DL
This paper discusses only DE-authentication type attack using
CNN,MLP implementing Gini Index(1-).
2
Warhekar et al. A Wireless Intrusion
Detection System using
Feature Selection
In this paper, authors used Information Gain Ratio( Ratio of
diff of entropy) and Random Forest(ensemble of DT with
random subset of dataset and random no. of features) to
predict network attacks.
3
Kamble
&Kshirsagar
Feature Selection in
Wireless Intrusion
Detection System for Evil
Twin Attack Detection
In this paper, authors introduced Feature selection method
Gini Index and predicted Evil Twin attack using Random
Forest.
4
Khalid et al. An investigation of feature
reduction, transferability,
and AWID datasets for
secure Wi-Fi networks
In this paper ,authors used CNN and Recursive feature
elimination(impact calculation on model performance) to
predict 5 types of intrusions.
5
Chatzoglou et al. Empirical Evaluation of
Attacks Against IEEE
802.11 Enterprise
Networks: The AWID3
Dataset", 2022
In the paper, authors have explained how AWID3 dataset is
collected and explained all attacks in detail. Then they used
Extra Tress(ensemble of DT with F.S. method in using features
in different trees).
5
Literature Review

6. Sl No.
Author &
Reference
Title Abstract
6
Kambourakis et
al.
Best of Both Worlds:
Detecting Application Layer
Attacks
In this paper, authors tried large dataset with bagging
classifier (ensemble of DT with bootstrap
sampling(replacement) uses all features) which in result gave
less accurate model but more threats were predicted.
7
Mohammad
Abrar, Abdu Salam,
Faizan Ullah
Performance Analysis of
Machine and Deep Learning
Techniques for IDS Using
Synthetic Data
LSTM is used with federated learning with large no of features
and ANOVA as feature selector.
8
Salah & Elsoud Enhancing Intrusion
Detection in 5G and IoT
Environments
LR ,the most basic method is used to predict with very small
dataset.
9
Tomer
Doitshman, Yuval
Elovici
Intrusion Detection Based on
Federated Learning: A
Systematic Review
Ensemble of autoencoders ith incremental clustering is used
with incremental statistics tracking.
`10
Shahadate
Rezvy, Yuan Luo,
Miltos Petridis
An efficient deep learning
model for intrusion
classification and prediction
in 5G and IoT networks
Hybrid deep learning methods are used to predict in 36
million dataset with pre trained feature selector.
6
Contd.

7.  Evaluate the performance of traditional feature selection techniques (Filter, Wrapper, Embedded) on
the AWID-3 dataset.
 Implement a Multi-Criteria Decision-Making (MCDM) framework (CRITIC) for selecting optimal
features across statistical, model-based, and relevance-based criteria.
 Compare the classification performance of Light-GBM using both traditional and MCDM-selected
features. Demonstrate improvements in: Intrusion detection accuracy for minority classes (e.g.,
Kr00K, Evil Twin).
 Reduction in false positives and computational overhead.
 Propose a scalable and efficient feature selection pipeline for enterprise-level Wi-Fi intrusion
detection systems.
9
Objectives

8. Preliminaries for Proposed work
 AWID3 802.11 enterprise attacks
 Space-efficient probabilistic data structure used membership testing
 Stores compact fingerprints of items in a hash table using cuckoo hashing
 Offers low false positive rates.
 Winternitz One-Time Signature Scheme (WOTS+) [18]
 OTS that relies on chaining function .
 Each public key element is computed by hashing the secret key element w times, where w is the
Winternitz parameter.
 For signing, message hash is computed and converted to base-w representation (b). Each secret key
element is then hashed b[i] times, forming the signature.
 For verification, message hash is recomputed and converted to base-w (b), and each signature
element is hashed (w − b[i]) times. The results are then compared with the public key to confirm
authenticity.

9. 9
 Novel idea of using cuckoo filter (discussed in previous slides) for public key management in a hash-
based digital signature scheme.
 Offers short signatures and quick verification at the cost of increased signing time.
 Signs a few messages per key pair
Key Generation
Input: k, n, w, S, SEED, RandomizationVector(RV)
CF = CuckooFilter(...)
Private_key=[]
for i in {0, 1, ... S-1}
private_key_segment = GeneratePrivateKey(k, n, SEEDi, RVi)
concat_SK=””
for j in {0, 1,..., k-1}
concat_SK = concat_SK + Iterative_Hash(private_key_segmentj, w-1)
CF.insert(concat_SK)
Private_key.add(private_key_segment)
Public Key: CF
Private Keys: Private_key
Proposed work-1

10. 10
Methodology

11. Contd.
Message Signing
Input: Message, k, w, index, private_key_segmentindex
hash_message = Hash(Message)
b = base_w_representation(hash_message)
signature=””
for i in {0, 1, ..., k-1}
signature = signature + Hashb[i]
(private_key_segmentindex[i])
signature_compressed = compress(signature)
return signature_compressed
Signature Verification
Input: Message, signature_compressed, k, w, Public_Key
signature = decompress(signature_compressed)
hash_message = Hash(Message)
b = base_w_representation(hash_message)
result=””
for i 0 to k
result = result + Hashw-b[i]-1
(signature[i])
isValid = Public_Key.contains(result)

12. 12
w = 4
k = 6
Base_w_representation : 3 2 0 0 2 1
Signature {sig1, sig2, ..., sig6} = {(Hash3
(SK[0])), (Hash2
(SK[1])) ... (Hash1
(SK[6]))}
Verification: Check existence of { Hash0
(sig1) || ...|| Hash2
(sig6) } in public key.
Simple example

13. Comparision
Thesis work

14.  In the work, novel hash-based digital signature scheme for post-quantum security, based on cuckoo
filter were proposed.
 Achieved a balance between security, space efficiency, and performance, addressing limitations
of several hash-based schemes.
 Demonstrated the scheme’s potential to serve as a lightweight for quantum-resistant digital signatures.
14
Conclusion

15. Future Works
 Exploring PDS options for hash-based digital signnatures that allow quicker signing &
verificaiton with low public key size.
 Optimizing the performance of hash-based signature schemes, such as reducing the size of
signatures or speeding up the signing and verification processes.

16. [1] Hülsing, A., Gazdag, S.-L., Butin, D., & Buchmann, J. (2015). Hash-based Signatures: An Outline for a New Standard. Workshop on
Cybersecurity in a Post-Quantum World (pp. 1-12). NIST.
[2] D. J. Bernstein, J. Buchmann, and E. Dahmen (eds.), “Post-Quantum Cryptography”, Springer, 2009.
[3] P. W. Shor, "Algorithms for quantum computation: discrete logarithms and factoring," Proceedings 35th Annual Symposium on
Foundations of Computer Science, 1994, pp. 124–134.
[4] L. K. Grover, "A fast quantum mechanical algorithm for database search," *Proceedings of the 28th Annual ACM Symposium on
Theory of Computing”, 1996, pp. 212–219.
[5] Li, L., Lu, X., & Wang, K. (2022). Hash-based Signature Revisited. Cybersecurity, 5(1), 13. https://doi.org/10.1186/s42400-022-
00117-w
[6] Buchmann, J., Dahmen, E., Ereth, S., Hülsing, A., & Ruckert, M. (2011). On the Security of the Winternitz One-Time Signature
Scheme. In Progress in Cryptology – AFRICACRYPT 2011
[7] Bos, J. N. E., & Chaum, D. (1992). Provably Unforgeable Signatures. In Advances in Cryptology – CRYPTO '92, 12th Annual
International Cryptology Conference (pp. 1-14). Springer.
[8] Shafieinejad, M., & Safavi-Naini, R. (2017). A Post-Quantum One Time Signature Using Bloom Filter. In 2017 IEEE Symposium on
Security and Privacy (pp. 144-157). IEEE
[9] Merkle, R. C. (1979). Secrecy, Authentication, and Public Key Systems. Technical Report No. 1979-1, Information Systems
Laboratory, Stanford Electronics Laboratories, Stanford University. 16
References

17. [10] Lafrance, P. (2017). Digital Signature Schemes Based on Hash Functions. Master's Thesis, University of Waterloo.
[11] Reyzin, D., & Reyzin, L. (2002). Hash to Obtain Random Subset (HORS). In Advances in Cryptology – CRYPTO 2002 (pp. 545-560).
Springer.
[12] Merkle, R.C. (1990). A Certified Digital Signature. In: Brassard, G. (eds) Advances in Cryptology - CRYPTO’ 89 Proceedings.
CRYPTO 1989. Lecture Notes in Computer Science, vol 435. Springer, New York, NY. https://doi.org/10.1007/0-387-34805-0_21
[13] Erik Dahmen, Katsuyuki Okeya, Tsuyoshi Takagi, and Camille Vuillaume, "Digital Signatures Out of Second-Preimage Resistant
Hash Functions," in Post-Quantum Cryptography (PQCrypto 2008), Lecture Notes in Computer Science, vol. 5299, pp. 109-123,
2008.
[14] Johannes Buchmann, Erik Dahmen, and Andreas Hülsing, "XMSS - A Practical Forward Secure Signature Scheme based on
Minimal Security Assumptions," in Post-Quantum Cryptography (PQCrypto 2011), Lecture Notes in Computer Science, vol. 7071,
Springer, 2011, pp. 117-129.
[15] Daniel J. Bernstein, Andreas Hülsing, Stefan Kölbl, Ruben Niederhagen, Joost Rijneveld, and Peter Schwabe. 2019. The
SPHINCS+ Signature Framework. In Proceedings of the 2019 ACM SIGSAC Conference on Computer and Communications Security
(CCS '19). Association for Computing Machinery, New York, NY, USA, 2129–2146. https://doi.org/10.1145/3319535.3363229
[16] Bin Fan, Dave G. Andersen, Michael Kaminsky, and Michael D. Mitzenmacher. 2014. Cuckoo Filter: Practically Better Than
Bloom. In Proceedings of the 10th ACM International on Conference on emerging Networking Experiments and Technologies
(CoNEXT '14). Association for Computing Machinery, New York, NY, USA, 75–88. https://doi.org/10.1145/2674005.2674994
17
References

18. References
[17] L. Lamport, “Constructing Digital Signatures from a One Way Function”, Technical Report CSL-98, SRI International, 1979.
[18] A. Hülsing, “WOTS+ -- Shorter Signatures for Hash-Based Signature Schemes,” Cryptology ePrint Archive, Paper 2017/965,
2017.
[19] R. Steinwandt and V. I. Villányi, “A one-time signature using run-length encoding,” Information Processing Letters, vol. 108, no.
4, pp. 179–185, 2008.
[20] Bernstein DJ, Hopwood D, Hülsing A, Lange T, Niederhagen R, Papachristodoulou L, Schneider M, Schwabe P, Wilcox O.**
2015. SPHINCS: Practical stateless hash-based signatures. In *Proceedings of the 2015 IEEE Symposium on Security and Privacy
(SP)*, p. 368–384. IEEE.
[21] Butin D, Hülsing A, Rijneveld J. 2017. Post-quantum zero-knowledge and signatures from symmetric-key primitives. In
*Proceedings of the 22nd ACM SIGSAC Conference on Computer and Communications Security (CCS), p. 1501–1517. ACM.

19. Additional work
Summer Research Work (2024)
Alekha Kumar Mishra & Jatindra Nath Mishra, “4D Playfair Cipher: A quadgraph-based approach for
privacy-preserving data communication with enhanced cryptographic resilience against cyber
threats”. Manuscript communicated to Cryptologia.

20. 20
Q & A