WiFi-NID

About

WiFi-NID is a powerful Network Intrusion Detection tool written in Bash designed to detect various types of attacks in WiFi networks and networks in general. With WiFi-NID, you can capture live traffic and analyze captured files to identify potential security threats. This README provides an overview of the tool's features and instructions on how to use them effectively. WiFi-NID offers an innovative approach to detecting malicious activity in WiFi networks, by focusing on WiFi specific attack features to identify attacks that originate from the 802.11 layer. As WiFi-NID operates at the edge of the WiFi network, it can be easily integrated as an add-on security mechanism and may be complementary to general IDS solutions that do not focus at the WiFi layer. For more details about the tool, please refer to this paper: https://ieeexplore.ieee.org/document/10218077.

Update:

I extended my initial implementation to increase the efficiency of detection using mathematical and statistical techniques in detect_deauthentication_attacks.py. This approach can also be applied to detect Disassociation Attacks, Authentication DoS, and Fake AP Beacon Flooding. More details can be found in the related journal paper here: https://www.itu.int/pub/S-JNL-VOL5.ISSUE1-2024-A07

Installation

To install WiFi-NID, follow these steps:

Clone the repository: git clone https://github.com/panosdimitrellos/WiFi-NID.git
Change to the project directory: cd WiFi-NID
Install the required dependencies: bash install_required_packages.sh
Ensure that the pcap file you want to analyze is in the same directory as the tool.

Installation on Windows

WiFI-NID is written in Bash, so to run it on Windows you can use a Unix-like environment. Here is some popular options for Unix-like enviroments you could install and run the script.

Git Bash: Download and install Git from the official website: https://git-scm.com/.
Cygwin: Download and run the Cygwin installer from the official website: https://www.cygwin.com/.
Windows Subsystem for Linux (WSL): Follow the official Microsoft documentation to install WSL and choose a Linux distribution: https://docs.microsoft.com/en-us/windows/wsl/.

Note: Make sure the WiFI-NID has the execute permission. You can set the permission using chmod +x wifinid.sh.

Usage

Open a terminal and navigate to the WiFi-NID project directory.

Run the script: bash wifinid.sh
You will be presented with a menu. Select the appropriate options as instructed.
Depending on your selection, you may need to provide the pcap file to analyze or choose the type of attack to detect.
WiFi-NID will generate a detailed report based on the analysis of the pcap file and display it in the terminal.
Analyze already captured pcap files or capture live traffic and start analyzing them.