A machine learning approach for detecting WPA3 downgrade attacks in next-generation Wi-Fi systems

This paper presents a hybrid adaptive approach based on machine learning (ML) for classifying incoming traffic, feature selection and thresholding, aimed at enhancing downgrade attack detection in Wi-Fi Protected Access 3 (WPA3) networks. The fast proliferation of WPA3 is regarded critical for securing modern Wi-Fi systems, which have become integral to 5G and Beyond (5G&B) Radio Access Networks (RAN) architecture. However, the wireless communication channel remains inherently susceptible to downgrade attacks, where adversaries intentionally cause networks to revert from WPA3 to WPA2, with the malicious intent of exploiting known security flaws. Traditional Intrusion Detection Systems (IDS), which rely on fixed-threshold statistical methods, often fail to adapt to changing network environments and new, sophisticated attack strategies. To address this limitation, we introduce a novel ML-based Feature Selection and Thresholding for Downgrade Attacks Detection (MFST-DAD) approach, which comprises three stages: traffic data preprocessing, baseline adaptive feature selection, and real-time detection and prevention using ML algorithms. Experimental results on a specially generated dataset demonstrate that the proposed approach detects downgrade attacks in WPA3 networks, achieving 99.8% accuracy with a Naive Bayes classifier in both WPA3 personal and enterprise transition modes. These findings confirm the effectiveness of our proposed approach in securing next-generation Wi-Fi systems.