{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2026,2,19]],"date-time":"2026-02-19T15:42:01Z","timestamp":1771515721281,"version":"3.50.1"},"reference-count":32,"publisher":"MDPI AG","issue":"15","license":[{"start":{"date-parts":[[2022,7,28]],"date-time":"2022-07-28T00:00:00Z","timestamp":1658966400000},"content-version":"vor","delay-in-days":0,"URL":"https:\/\/creativecommons.org\/licenses\/by\/4.0\/"}],"content-domain":{"domain":[],"crossmark-restriction":false},"short-container-title":["Sensors"],"abstract":"<jats:p>Intrusion detection in wireless and, more specifically, Wi-Fi networks is lately increasingly under the spotlight of the research community. However, the literature currently lacks a comprehensive assessment of the potential to detect application layer attacks based on both 802.11 and non-802.11 network protocol features. The investigation of this capacity is of paramount importance since Wi-Fi domains are often used as a stepping stone by threat actors for unleashing an ample variety of application layer assaults. In this setting, by exploiting the contemporary AWID3 benchmark dataset along with both shallow and deep learning machine learning techniques, this work attempts to provide concrete answers to a dyad of principal matters. First, what is the competence of 802.11-specific and non-802.11 features when used separately and in tandem in detecting application layer attacks, say, website spoofing? Second, which network protocol features are the most informative to the machine learning model for detecting application layer attacks? Without relying on any optimization or dimensionality reduction technique, our experiments, indicatively exploiting an engineered feature, demonstrate a detection performance up to 96.7% in terms of the Area under the ROC Curve (AUC) metric.<\/jats:p>","DOI":"10.3390\/s22155633","type":"journal-article","created":{"date-parts":[[2022,7,28]],"date-time":"2022-07-28T22:43:26Z","timestamp":1659048206000},"page":"5633","update-policy":"https:\/\/doi.org\/10.3390\/mdpi_crossmark_policy","source":"Crossref","is-referenced-by-count":18,"title":["Best of Both Worlds: Detecting Application Layer Attacks through 802.11 and Non-802.11 Features"],"prefix":"10.3390","volume":"22","author":[{"ORCID":"https:\/\/orcid.org\/0000-0001-6507-5052","authenticated-orcid":false,"given":"Efstratios","family":"Chatzoglou","sequence":"first","affiliation":[{"name":"Department of Information & Communication Systems Engineering, University of the Aegean, 83200 Karlovasi, Greece"}],"role":[{"role":"author","vocabulary":"crossref"}]},{"ORCID":"https:\/\/orcid.org\/0000-0001-6348-5031","authenticated-orcid":false,"given":"Georgios","family":"Kambourakis","sequence":"additional","affiliation":[{"name":"Joint Research Centre, European Commission, 21027 Ispra, Italy"}],"role":[{"role":"author","vocabulary":"crossref"}]},{"ORCID":"https:\/\/orcid.org\/0000-0001-7530-7152","authenticated-orcid":false,"given":"Christos","family":"Smiliotopoulos","sequence":"additional","affiliation":[{"name":"Department of Information & Communication Systems Engineering, University of the Aegean, 83200 Karlovasi, Greece"}],"role":[{"role":"author","vocabulary":"crossref"}]},{"ORCID":"https:\/\/orcid.org\/0000-0002-3020-291X","authenticated-orcid":false,"given":"Constantinos","family":"Kolias","sequence":"additional","affiliation":[{"name":"Department of Computer Science, University of Idaho, Idaho Falls, ID 83402, USA"}],"role":[{"role":"author","vocabulary":"crossref"}]}],"member":"1968","published-online":{"date-parts":[[2022,7,28]]},"reference":[{"key":"ref_1","doi-asserted-by":"crossref","first-page":"1833062:1","DOI":"10.1155\/2022\/1833062","article-title":"Your WAP Is at Risk: A Vulnerability Analysis on Wireless Access Point Web-Based Management Interfaces","volume":"2022","author":"Chatzoglou","year":"2022","journal-title":"Secur. Commun. Netw."},{"key":"ref_2","doi-asserted-by":"crossref","first-page":"34188","DOI":"10.1109\/ACCESS.2021.3061609","article-title":"Empirical Evaluation of Attacks Against IEEE 802.11 Enterprise Networks: The AWID3 Dataset","volume":"9","author":"Chatzoglou","year":"2021","journal-title":"IEEE Access"},{"key":"ref_3","first-page":"103058","article-title":"How is your Wi-Fi connection today? DoS attacks on WPA3-SAE","volume":"64","author":"Chatzoglou","year":"2022","journal-title":"J. Inf. Secur. Appl."},{"key":"ref_4","doi-asserted-by":"crossref","unstructured":"Vanhoef, M., and Ronen, E. (2020, January 18\u201321). Dragonblood: Analyzing the Dragonfly Handshake of WPA3 and EAP-pwd. Proceedings of the 2020 IEEE Symposium on Security and Privacy (SP), San Francisco, CA, USA.","DOI":"10.1109\/SP40000.2020.00031"},{"key":"ref_5","first-page":"86:1","article-title":"Application Layer Denial-of-Service Attacks and Defense Mechanisms: A Survey","volume":"54","author":"Tripathi","year":"2021","journal-title":"ACM Comput. Surv."},{"key":"ref_6","doi-asserted-by":"crossref","first-page":"15","DOI":"10.1109\/TNET.2008.925628","article-title":"Monitoring the application-layer DDoS attacks for popular websites","volume":"17","author":"Xie","year":"2009","journal-title":"IEEE\/ACM Trans. Netw."},{"key":"ref_7","doi-asserted-by":"crossref","first-page":"15:1","DOI":"10.1145\/1377488.1377489","article-title":"Mitigating application-level denial of service attacks on Web servers: A client-transparent approach","volume":"2","author":"Srivatsa","year":"2008","journal-title":"ACM Trans. Web"},{"key":"ref_8","doi-asserted-by":"crossref","first-page":"64761","DOI":"10.1109\/ACCESS.2022.3183597","article-title":"Pick quality over quantity: Expert feature selection and data preprocessing for 802.11 Intrusion Detection Systems","volume":"10","author":"Chatzoglou","year":"2022","journal-title":"IEEE Access"},{"key":"ref_9","doi-asserted-by":"crossref","unstructured":"Ge, M., Fu, X., Syed, N., Baig, Z., Teo, G., and Robles-Kelly, A. (2019, January 1\u20133). Deep Learning-Based Intrusion Detection for IoT Networks. Proceedings of the 2019 IEEE 24th Pacific Rim International Symposium on Dependable Computing (PRDC), Kyoto, Japan.","DOI":"10.1109\/PRDC47002.2019.00056"},{"key":"ref_10","doi-asserted-by":"crossref","first-page":"779","DOI":"10.1016\/j.future.2019.05.041","article-title":"Towards the development of realistic botnet dataset in the Internet of Things for network forensic analytics: Bot-IoT dataset","volume":"100","author":"Koroniotis","year":"2019","journal-title":"Future Gener. Comput. Syst."},{"key":"ref_11","doi-asserted-by":"crossref","unstructured":"Alsirhani, A., Sampalli, S., and Bodorik, P. (2018, January 13\u201316). DDoS Detection System: Utilizing Gradient Boosting Algorithm and Apache Spark. Proceedings of the 2018 IEEE Canadian Conference on Electrical Computer Engineering (CCECE), Quebec, QC, Canada.","DOI":"10.1109\/CCECE.2018.8447671"},{"key":"ref_12","unstructured":"(2022, March 24). Anonymized Internet Traces 2015. Available online: https:\/\/catalog.caida.org\/details\/dataset\/passive_2015_pcap."},{"key":"ref_13","doi-asserted-by":"crossref","first-page":"1326","DOI":"10.1016\/j.comnet.2010.12.002","article-title":"Can encrypted traffic be identified without port numbers, IP addresses and payload inspection?","volume":"55","author":"Alshammari","year":"2011","journal-title":"Comput. Netw."},{"key":"ref_14","doi-asserted-by":"crossref","unstructured":"Vinayakumar, R., Soman, K., and Poornachandran, P. (2017, January 13\u201316). Secure shell (ssh) traffic analysis with flow based features using shallow and deep networks. Proceedings of the 2017 International Conference on Advances in Computing, Communications and Informatics (ICACCI), Udupi, India.","DOI":"10.1109\/ICACCI.2017.8126143"},{"key":"ref_15","doi-asserted-by":"crossref","unstructured":"Li, T., Hong, Z., and Yu, L. (2020, January 9\u201311). Machine Learning-based Intrusion Detection for IoT Devices in Smart Home. Proceedings of the 2020 IEEE 16th International Conference on Control Automation (ICCA), Singapore.","DOI":"10.1109\/ICCA51439.2020.9264406"},{"key":"ref_16","doi-asserted-by":"crossref","unstructured":"Haddadi, F., Runkel, D., Zincir-Heywood, A.N., and Heywood, M.I. (2014). On Botnet Behaviour Analysis Using GP and C4.5, Association for Computing Machinery.","DOI":"10.1145\/2598394.2605435"},{"key":"ref_17","doi-asserted-by":"crossref","unstructured":"Yang, Y., Kang, C., Gou, G., Li, Z., and Xiong, G. (2018, January 28\u201330). TLS\/SSL Encrypted Traffic Classification with Autoencoder and Convolutional Neural Network. Proceedings of the 2018 IEEE 20th International Conference on High Performance Computing and Communications; IEEE 16th International Conference on Smart City; IEEE 4th International Conference on Data Science and Systems (HPCC\/SmartCity\/DSS), Exeter, UK.","DOI":"10.1109\/HPCC\/SmartCity\/DSS.2018.00079"},{"key":"ref_18","doi-asserted-by":"crossref","first-page":"3492","DOI":"10.1016\/j.eswa.2010.08.137","article-title":"Real-time anomaly detection systems for Denial-of-Service attacks by weighted k-nearest-neighbor classifiers","volume":"38","author":"Su","year":"2011","journal-title":"Expert Syst. Appl."},{"key":"ref_19","doi-asserted-by":"crossref","unstructured":"Yuan, X., Li, C., and Li, X. (2017, January 29\u201331). DeepDefense: Identifying DDoS Attack via Deep Learning. Proceedings of the 2017 IEEE International Conference on Smart Computing (SMARTCOMP), Hong Kong, China.","DOI":"10.1109\/SMARTCOMP.2017.7946998"},{"key":"ref_20","doi-asserted-by":"crossref","unstructured":"Balkanli, E., Zincir-Heywood, A.N., and Heywood, M.I. (2015, January 26\u201329). Feature selection for robust backscatter DDoS detection. Proceedings of the 2015 IEEE 40th Local Computer Networks Conference Workshops (LCN Workshops), Clearwater Beach, FL, USA.","DOI":"10.1109\/LCNW.2015.7365905"},{"key":"ref_21","doi-asserted-by":"crossref","first-page":"40281","DOI":"10.1109\/ACCESS.2022.3165809","article-title":"Edge-IIoTset: A New Comprehensive Realistic Cyber Security Dataset of IoT and IIoT Applications for Centralized and Federated Learning","volume":"10","author":"Ferrag","year":"2022","journal-title":"IEEE Access"},{"key":"ref_22","doi-asserted-by":"crossref","first-page":"107784","DOI":"10.1016\/j.comnet.2020.107784","article-title":"Towards a deep learning-driven intrusion detection approach for Internet of Things","volume":"186","author":"Ge","year":"2021","journal-title":"Comput. Netw."},{"key":"ref_23","doi-asserted-by":"crossref","first-page":"57","DOI":"10.1016\/j.comcom.2021.09.007","article-title":"An adaptive method and a new dataset, UKM-IDS20, for the network intrusion detection system","volume":"180","author":"Abdullah","year":"2021","journal-title":"Comput. Commun."},{"key":"ref_24","doi-asserted-by":"crossref","unstructured":"Schneider, P., and B\u00f6ttinger, K. (2018, January 15\u201319). High-Performance Unsupervised Anomaly Detection for Cyber-Physical System Networks. Proceedings of the 2018 Workshop on Cyber-Physical Systems Security and PrivaCy, Toronto, ON, Canada.","DOI":"10.1145\/3264888.3264890"},{"key":"ref_25","unstructured":"Fruehwirt, P., Schrittwieser, S., and Weippl, E. (2014, January 14\u201316). Using machine learning techniques for traffic classification and preliminary surveying of an attackers profile. Proceedings of the Talk: ASE International Conference on Privacy, Security, Risk and Trust (PASSAT), Cambridge, MA, USA."},{"key":"ref_26","doi-asserted-by":"crossref","unstructured":"Liu, H., and Lang, B. (2019). Machine Learning and Deep Learning Methods for Intrusion Detection Systems: A Survey. Appl. Sci., 9.","DOI":"10.3390\/app9204396"},{"key":"ref_27","doi-asserted-by":"crossref","first-page":"3794","DOI":"10.1016\/j.matpr.2020.06.218","article-title":"Review on intrusion detection using feature selection with machine learning techniques","volume":"33","author":"Kalimuthan","year":"2020","journal-title":"Mater. Today Proc."},{"key":"ref_28","doi-asserted-by":"crossref","first-page":"1251","DOI":"10.1016\/j.procs.2020.04.133","article-title":"Performance Analysis of Machine Learning Algorithms in Intrusion Detection System: A Review","volume":"171","author":"Saranya","year":"2020","journal-title":"Procedia Comput. Sci."},{"key":"ref_29","doi-asserted-by":"crossref","unstructured":"Huang, W., Peng, X., Shi, Z., and Ma, Y. (2020, January 9\u201311). Adversarial attack against LSTM-based DDoS intrusion detection system. Proceedings of the 2020 IEEE 32nd International Conference on Tools with Artificial Intelligence (ICTAI), Baltimore, MD, USA.","DOI":"10.1109\/ICTAI50040.2020.00110"},{"key":"ref_30","doi-asserted-by":"crossref","unstructured":"Kampourakis, V., Kambourakis, G., Chatzoglou, E., and Zaroliagis, C. (2022). Revisiting man-in-the-middle attacks against HTTPS. Netw. Secur., 2022.","DOI":"10.12968\/S1353-4858(22)70028-1"},{"key":"ref_31","doi-asserted-by":"crossref","unstructured":"Chatzoglou, E., Kouliaridis, V., Karopoulos, G., and Kambourakis, G. (2022). Revisiting QUIC attacks: A comprehensive review on QUIC security and a hands-on study. Res. Sq. Prepr., 1\u201322.","DOI":"10.21203\/rs.3.rs-1676730\/v1"},{"key":"ref_32","doi-asserted-by":"crossref","unstructured":"Kambourakis, G., and Karopoulos, G. (2022). Encrypted DNS: The good, the bad and the moot. Comput. Fraud. Secur., 2022.","DOI":"10.12968\/S1361-3723(22)70572-6"}],"container-title":["Sensors"],"original-title":[],"language":"en","link":[{"URL":"https:\/\/www.mdpi.com\/1424-8220\/22\/15\/5633\/pdf","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2025,10,10]],"date-time":"2025-10-10T23:57:54Z","timestamp":1760140674000},"score":1,"resource":{"primary":{"URL":"https:\/\/www.mdpi.com\/1424-8220\/22\/15\/5633"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2022,7,28]]},"references-count":32,"journal-issue":{"issue":"15","published-online":{"date-parts":[[2022,8]]}},"alternative-id":["s22155633"],"URL":"https:\/\/doi.org\/10.3390\/s22155633","relation":{},"ISSN":["1424-8220"],"issn-type":[{"value":"1424-8220","type":"electronic"}],"subject":[],"published":{"date-parts":[[2022,7,28]]}}}