WPA3 Attacks Dataset
Description
WPA3 (Wi-Fi Protected Access 3) dataset is a WPA3 network traffic collected under different attack scenarios. This dataset serves to document WPA3 protocol practical vulnerabilities. WPA3 dataset is collected in a lab environment using one WPA3-Personal access point (AP) and 4 stations (STAs). Traffic is captured using Wireshark software installed on monitor node with Alfa AWUS036AXM wireless adapter. The attacker used Alfa AWUS036NHA to generate the attacks. To avoid capturing from other networks, the connection between STAs and AP was on channel 11 at 2.4 GHz with 20MHz channel bandwidth. This dataset contains normal and malicious traffic collected through 15 minutes of capturing. WPA3 dataset consists of five main categories of WPA3 attacks, containing twelve types of attacks, as follows: 1. Dragonblood related attack: SAE Authentication Flood, WPA3 Transition-Mode Downgrade Attack, and Make STA use WPA2 instead of WPA3. 2. WPA3 Denial of Service attacks: Deauthentication, Disassociation, and Beacon Frame Flooding. 3. Rogue infrastructure attacks: Rogue AP, Evil twin. 4. Frame manipulation attacks: Aggregation. 5. Higher-layer attacks: ARP spoofing, DNS spoofing, and SSL stripping. In this publication, each type of the attack is published with its CSV and PCAP file format. For the CSV files, each type of attacks has 154 features derived from Wireshark Display Filter Reference. This WPA3 dataset is designed to be used by researchers and machine learning practitioners. The primary usage lies in the development of intrusion detection systems (IDS) specifically tuned for WPA3 attacks. In this publication of the dataset, the files contain raw frame headers that allow the training of neural networks to identify subtle behavioral anomalies in this wireless protocol.
Files
Steps to reproduce
The 15-minute data collection was divided between capturing normal and malicious WPA3 traffic networks. For normal dataset capturing, different legitimate users have to produce different normal network traffic. In this data collection, there were different network scenarios to generate normal traffic. The network traffic scenarios are as follows: send/receive emails, upload/download files using Dropbox, Place a Messenger, watch a YouTube video, and download Linux, Python 3, and some PDF files. The steps that are used during 15-minute collection are as follows: 1) activate the monitoring node, 2) establish new connection between legitimate STAs and AP, 3) start normal traffic through different networking scenarios per STA, 4) initiate the attack, 5) end the attack, 6) save the recorded file in pcap format, then transfer to csv format. Each type of attack has its own way of processing and tools. To check the steps and tools for each type of the attack; a paper that explain everything in details will be publish after publishing this dataset.
Institutions
- Multimedia UniversityMelaka, Malacca