Method and system for wireless attack detection and mitigation
First Claim
1. A method for mitigating an unwanted transmission to a wireless network, the wireless network including an antenna array with a plurality of antennas associated with different directions, the antenna array configured to send and receive signals from external devices using established protocols, and a processing device coupled to the antenna array for monitoring and analyzing incoming signals, the method comprising:
- (a) receiving at least one incoming signal at the antenna array from the external devices;
(b) monitoring and analyzing the at least one incoming signal by monitoring radio frequency (RF) frames for cell entry connection requests or changes;
(c) determining whether the at least one incoming signal is an anomaly that violates the established protocols;
if the anomaly is detected, then(d) reporting the detected anomaly;
(e) determining which antenna in the antenna array is receiving the detected anomaly; and
(f) if an external device, of the external devices sending the detected anomaly, can be identified and blocked, then(1) blocking the identified external device, otherwise(2) disabling at least one antenna in the antenna array that is receiving the detected anomaly.
1 Assignment
0 Petitions
Accused Products
Abstract
A method and system for detection and mitigation of attacks on a wireless network. The wireless network includes a plurality of antennas that are associated with different directions of coverage. The antennas can include an antenna array or an antenna having beamforming capabilities. An intrusion prevention processor or device analyzes incoming signals and determines individual device or aggregate device behavior patterns. The behavior patterns are compared with known attack patterns or triggers to determine if an anomaly has occurred. Attacking signals are blocked, or antennas in the direction of the anomaly are disabled while the system stabilizes. If the system stabilizes and the anomaly clears, the antennas are enabled and monitoring continues.
-
Citations
18 Claims
-
1. A method for mitigating an unwanted transmission to a wireless network, the wireless network including an antenna array with a plurality of antennas associated with different directions, the antenna array configured to send and receive signals from external devices using established protocols, and a processing device coupled to the antenna array for monitoring and analyzing incoming signals, the method comprising:
-
(a) receiving at least one incoming signal at the antenna array from the external devices; (b) monitoring and analyzing the at least one incoming signal by monitoring radio frequency (RF) frames for cell entry connection requests or changes; (c) determining whether the at least one incoming signal is an anomaly that violates the established protocols; if the anomaly is detected, then (d) reporting the detected anomaly; (e) determining which antenna in the antenna array is receiving the detected anomaly; and (f) if an external device, of the external devices sending the detected anomaly, can be identified and blocked, then (1) blocking the identified external device, otherwise (2) disabling at least one antenna in the antenna array that is receiving the detected anomaly. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9)
-
-
10. A method for minimizing an unwanted transmission to a wireless network, the wireless network including at least one antenna having beamforming capabilities, the at least one antenna configured to send and receive signals from external devices using established protocols, and a processing device coupled to the antenna for monitoring and analyzing incoming signals, the method comprising:
-
(a) receiving at least one incoming signal at the least one antenna from the external devices; (b) monitoring and analyzing the at least one incoming signal; (c) determining whether the at least one incoming signal is an anomaly that violates the established protocols; if the anomaly is detected, then, (d) logging the detected anomaly and reporting the detected anomaly; (e) using the beamforming capabilities of the antenna to determine a direction of the external device that is sending the anomaly; and (f) if an external device, of the external devices sending the anomaly, can be identified and blocked, then (1) blocking the identified external device; and (2) disabling a receiving of incoming signals in a direction of the detected anomaly using the beamforming capabilities of the at least one antenna; (3) waiting an amount of time after disabling the antenna in the direction of the detected anomaly in step (2); (4) determining if the wireless network has stabilized; (5) if the wireless network has not stabilized, then continuing to disable the antenna in the direction of the detected anomaly in accordance with step (2); (6) if the wireless network has stabilized, then (i) sending the direction of the external device to a wireless network administrator; (ii) waiting for the wireless network administrator to reset anomaly conditions; (iii) enabling the previously disabled beamforming antenna in the direction of the detected anomaly; (iv) resume monitoring in step (b). - View Dependent Claims (11, 12, 13, 14)
-
-
15. A system for mitigating the reception of unwanted signals in a wireless network from external devices, the system comprising:
-
an antenna array having a plurality of individual antennas, with each individual antenna associated with a different signal direction, and at least one antenna for receiving incoming signals associated with a transmission direction; a mechanism for disabling at least a portion of the at least one antenna associated with the transmission direction; and a processor coupled to the at least one antenna for analyzing the incoming signals, the analysis including behavior patterns of the external devices; and a storage device for storing behavior patterns of the external devices and signature patterns of unwanted signals, wherein the behavior patterns of the external devices are compared to the signature patterns of the unwanted signals to determine if an anomaly has occurred, and if the anomaly is detected, then at least a portion of the at least one antenna is disabled in a direction associated with the detected anomaly. - View Dependent Claims (16, 17)
-
-
18. A system for mitigating the reception of unwanted signals in a wireless network from external devices, the system comprising:
-
at least one antenna for receiving incoming signals associated with a transmission direction having beam forming capabilities for selectively receiving signals in different directions; a mechanism for disabling at least a portion of the at least one antenna associated with the transmission direction; a processor coupled to the at least one antenna for analyzing the incoming signals, the analysis including behavior patterns of the external devices; and a storage device for including behavior patterns of the external devices and signature patterns of unwanted signals, wherein the behavior patterns of the external devices are compared to the signature patterns of the unwanted signals to determine if an anomaly has occurred, and if the anomaly is detected, then at least a portion of the at least one antenna having beam forming capabilities is disabled in the direction associated with the detected anomaly.
-
Specification