WiFi 7 (IEEE 802.11be) introduces Multi-Link Operation (MLO) as a cornerstone feature, enabling devices to aggregate bandwidth and switch seamlessly across multiple frequency bands (2.4 GHz, 5 GHz, and 6 GHz). While MLO promises unprecedented speed and reliability, it also introduces significant complexity and a new attack surface. Traditional security testing methods, which rely on physical hardware, are expensive, difficult to scale, and insufficient for modeling the dynamic, multi-link nature of MLO.
This project proposes the development of a Digital Twin (DT) framework to address this challenge. We have created a high-fidelity virtual representation of a WiFi 7 MLO network environment using ns-3. This DT serves a dual purpose: first, as a scalable testbed for simulating novel security threats—specifically backoff manipulation and DoS attacks; second, as a data-generation engine for training Graph Neural Network (GNN) models. These models are designed for real-time threat prediction, identifying anomalous MLO behavior and forecasting potential attacks before they can significantly impact the network.
Our research builds upon three primary domains:
Our methodology is divided into two primary stages: Data Generation and Machine Learning Modeling.
We utilize a custom simulation environment built using ns-3 to model a Wi-Fi 7 MLO network.
bias parameter to manipulate the minimum contention window (minCw) of nodes:
bias = 0): Baseline performance.bias > 0): Simulates passive, less aggressive nodes.bias < 0): Simulates an aggressive “attack” scenario where a node monopolizes channel access.Tracer collects Key Performance Indicators (KPIs) across Network, MAC, and PHY layers, saving data in a time-windowed JSON format.The generated data drives a GNN-based anomaly detection model.
AttackGCN) in PyTorch. The model uses GCN layers to learn complex relationships between metrics over time.Normal, Positive Bias Attack, and Negative Bias Attack.The project is engineered with a clear separation of concerns:
wifi modules for IEEE 802.11be features.backoff_dataset.py: Handles data loading and preprocessing.attack_model.py: Defines the AttackGCN architecture.train_attack.py & eval.py: Scripts for training and evaluating the model.Our experiments have generated a high-quality dataset that exhibits clear, statistically significant differences between normal and attack scenarios.
The analysis reveals that backoff manipulation attacks have a severe and measurable impact on network performance. The most prominent indicators identified by our Digital Twin include:
net_avg_delay_ms).net_packet_loss_ratio).net_throughput_mbps).avg_backoff_slots), directly correlating to the aggressive nature of the attack.The GNN model demonstrates high accuracy in distinguishing between normal operations and bias-based attacks, validating the effectiveness of using graph-based learning for time-series network data.
01_Data_Profiling_Report.md and 02_Summary_Statistics.md in the repository to understand the dataset structure.python train_attack.py
Refer to 04_Modeling_Guide.md for environment setup.
python eval.py
This assesses the model’s ability to detect attacks on unseen test data.
scratch/ directory to simulate new attack vectors or network topologies.This project delivers a novel Digital Twin framework specifically designed for securing WiFi 7 MLO operations. By combining detailed ns-3 simulations with advanced Graph Neural Networks, we moved beyond theoretical analysis to provide a practical framework for threat detection. Our work provides a clear pathway for network administrators to proactively identify, test, and mitigate security risks in the next generation of wireless networks.
Future work will focus on expanding the DT’s fidelity to include more advanced 802.11be features (like EMLSR) and exploring Federated Learning.