To address the challenges of detecting WPA2 protocol attacks (e.g., KRACK, Kr00k) in Wi-Fi IoT networks—namely, low detection efficacy, severe overfitting in traditional intrusion detection systems (IDS), feature redundancy, and high false-positive rates—this paper proposes a multi-class intrusion detection framework. Methodologically, it introduces a novel stacked ensemble architecture integrating noise injection, Principal Component Analysis (PCA), and meta-learning to mitigate overfitting and reduce false positives. Furthermore, it designs a lightweight, Wi-Fi-attack–semantic–aware key feature extraction paradigm, synergistically combining mRMR and SelectKBest for feature selection with dual-path base models (XGBoost and SVM). Evaluated on the AWID3 dataset, the framework achieves 98% accuracy, precision, and recall, with only a 2% false-positive rate—surpassing all existing state-of-the-art approaches.

The proliferation of IoT devices and their reliance on Wi-Fi networks have introduced significant security vulnerabilities, particularly the KRACK and Kr00k attacks, which exploit weaknesses in WPA2 encryption to intercept and manipulate sensitive data. Traditional IDS using classifiers face challenges such as model overfitting, incomplete feature extraction, and high false positive rates, limiting their effectiveness in real-world deployments. To address these challenges, this study proposes a robust multiclass machine learning based intrusion detection framework. The methodology integrates advanced feature selection techniques to identify critical attributes, mitigating redundancy and enhancing detection accuracy. Two distinct ML architectures are implemented: a baseline classifier pipeline and a stacked ensemble model combining noise injection, Principal Component Analysis (PCA), and meta learning to improve generalization and reduce false positives. Evaluated on the AWID3 data set, the proposed ensemble architecture achieves superior performance, with an accuracy of 98%, precision of 98%, recall of 98%, and a false positive rate of just 2%, outperforming existing state-of-the-art methods. This work demonstrates the efficacy of combining preprocessing strategies with ensemble learning to fortify network security against sophisticated Wi-Fi attacks, offering a scalable and reliable solution for IoT environments. Future directions include real-time deployment and adversarial resilience testing to further enhance the model's adaptability.