A Lightweight Real-Time Detection and Recovery Framework for Deauthentication Attacks in WPA3-SAE Networks

Wireless networks operating under WPA3-SAE protocols face continuous threats from deauthentication attacks which compromise their reliability and availability. Weaknesses in Wi-Fi management frames allow attackers to force legitimate users offline, resulting in denial-of-service (DoS) conditions. This paper presents the Intrusion Detection and Recovery of Deauthentication Frames (IDR-DF) framework which provides real-time detection and recovery capabilities for WPA3 networks. The timing-based anomaly detection system of IDR-DF detects harmful deauthentication patterns to start automatic recovery procedures which enable clients to maintain network connectivity without interruptions. The framework is implemented as a Python tool that runs on Linux in a WPA3 testbed. In a WPA3-SAE testbed, IDR-DF achieved 100% detection of baseline unicast deauthentication attacks with less than 2% false positives and an average client recovery time of 1.2Formula: see texts. Under more advanced multi-client spoofing and timing-jitter attacks, the detection engine maintained a 96.3% detection rate. The proposed IDR-DF system provides enhanced adaptability together with minimal computational overhead and seamless WPA3 Management Frame Protection (MFP) integration. The experimental findings validate the proposed framework as an effective solution to protect next-generation wireless networks against real-world threats.