Recent advancements in Network Intrusion Detection Systems (NIDS) primarily focus on detecting intrusions at the network layer. However, most solutions identify malicious activities when the attacker is already inside the network. This study introduces an innovative approach to NIDS, utilizing the Wi-Fi Channel State Information (CSI) combined with machine learning to proactively detect threats at the physical and link layers. Unlike traditional methods, our system leverages physical layer data, significantly enhancing early detection capabilities.

We evaluated the performance of classical machine learning models, including SVM, Random Forest, Decision Tree, KNN, and Naive Bayes, on 800, 000 instances across three different environments: laptops, iPhones, and Android devices. The Decision Tree algorithm emerged as the most effective, achieving an accuracy and F1-score of 99.95%.

This research demonstrates that the amplitude variations of Wi-Fi signals across subcarriers during brute-force attacks are markedly distinct from benign activities, providing a robust indicator for early threat detection. To the best of our knowledge, our approach advances the state-of-the-art in NIDS by integrating data from layers 1 and 2, enabling the identification of malicious users before they associate with the target Wi-Fi network.