Electromagnetic threat detection and mitigation in the Internet of Things

US 10,104,098 B2
Filed: 06/02/2015
Issued: 10/16/2018
Est. Priority Date: 06/02/2014
Status: Active Grant

First Claim

Patent Images

1. A method for threat detection from electromagnetic signatures, comprising:

receiving radio frequency signals using a plurality of sensors, wherein the plurality of sensors comprise radio receivers;

generating, within the radio receivers, data samples representing at least a portion of the radio frequency signals;

generating feature vectors comprising at least a portion of the data samples;

combining the feature vectors from two or more of the radio receivers to form aggregate feature vectors;

incorporating attribute information into the aggregate feature vectors, wherein the attribute information describes one or more features of a communicated signal within the radio frequency signals;

identifying radio frequency signatures, comprising behaviors and characteristics, from one or more of the aggregate feature vectors;

establishing a baseline electromagnetic environment from the radio frequency signatures;

monitoring the radio frequency signatures over time to detect variations from the baseline electromagnetic environment;

identifying potential threat characteristics and potential threat behaviors within the variations from the baseline electromagnetic environment;

evaluating the potential threat characteristics and the potential threat behaviors against characteristics and behaviors associated with stored threat signatures;

classifying a wireless attack in response to evaluating the potential threat characteristics and the potential threat behaviors;

determining a risk level associated with the wireless attack; and

presenting, via one or more operator interfaces, an indication of the determined risk level.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

Systems and methods can support threat detection using electromagnetic signatures. One or more sensors comprising radio receivers may receive radio frequency signals within an electromagnetic environment. Radio frequency signatures may be identified from one or more of the radio frequency signals. A baseline electromagnetic environment may be established from the radio frequency signatures. The radio frequency signatures may be monitored over time to detect variations from the baseline electromagnetic environment. Variations in the electromagnetic environment may be evaluated against stored threat signatures. Operator interfaces may present indications of threats determined from evaluating the variations in the electromagnetic environment.

14 Citations

View as Search Results

20 Claims

1. A method for threat detection from electromagnetic signatures, comprising:
- receiving radio frequency signals using a plurality of sensors, wherein the plurality of sensors comprise radio receivers;
  
  generating, within the radio receivers, data samples representing at least a portion of the radio frequency signals;
  
  generating feature vectors comprising at least a portion of the data samples;
  
  combining the feature vectors from two or more of the radio receivers to form aggregate feature vectors;
  
  incorporating attribute information into the aggregate feature vectors, wherein the attribute information describes one or more features of a communicated signal within the radio frequency signals;
  
  identifying radio frequency signatures, comprising behaviors and characteristics, from one or more of the aggregate feature vectors;
  
  establishing a baseline electromagnetic environment from the radio frequency signatures;
  
  monitoring the radio frequency signatures over time to detect variations from the baseline electromagnetic environment;
  
  identifying potential threat characteristics and potential threat behaviors within the variations from the baseline electromagnetic environment;
  
  evaluating the potential threat characteristics and the potential threat behaviors against characteristics and behaviors associated with stored threat signatures;
  
  classifying a wireless attack in response to evaluating the potential threat characteristics and the potential threat behaviors;
  
  determining a risk level associated with the wireless attack; and
  
  presenting, via one or more operator interfaces, an indication of the determined risk level.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10)
- - 2. The method of claim 1, wherein evaluating the potential threat characteristics and the potential threat behaviors comprises generating an electromagnetic persona comprising one or more of the radio frequency signatures and matching the generated electromagnetic persona against stored personas associated with the stored threat signatures.
  - 3. The method of claim 1, further comprising estimating positions of radio transmitters associated with the detected variations from the baseline electromagnetic environment.
  - 4. The method of claim 1, wherein the stored threat signatures comprise signatures associated with unauthorized wireless network access points.
  - 5. The method of claim 1, wherein the stored threat signatures comprise signatures associated with unauthorized cellular base stations.
  - 6. The method of claim 1, wherein the stored threat signatures comprise behaviors associated with spoofing sensors associated with security or controls.
  - 7. The method of claim 1, wherein the stored threat signatures comprise behaviors associated with skimming payment credentials.
  - 8. The method of claim 1, wherein the stored threat signatures comprise behaviors associated with access control exploits.
  - 9. The method of claim 1, wherein the stored threat signatures comprise one or more attack templates.
  - 10. The method of claim 1, wherein the stored threat signatures are retrieved from an updatable analysis database.

11. A system for threat detection from electromagnetic signatures, comprising:
- a plurality of sensor antennas;
  
  a plurality of sensors configured to couple radio frequency signals from the sensor antennas and generate data samples representing at least a portion of the radio frequency signals; and
  
  a signal analysis engine comprising one or more processing units, and one or more processing modules configuring the one or more processing units to;
  
  receive the data samples,generate feature vectors comprising at least a portion of the data samples;
  
  combine the feature vectors from two or more of the plurality of sensors to form aggregate feature vectors;
  
  incorporate attribute information into the aggregate feature vectors, wherein the attribute information describes one or more features of a communicated signal within the radio frequency signals;
  
  identify radio frequency signatures, comprising behaviors and characteristics, from the aggregate feature vectors,establish a baseline electromagnetic environment from the radio frequency signatures,monitor the radio frequency signatures over time to detect variations from the baseline electromagnetic environment,identify potential threat characteristics and potential threat behaviors within the variations from the baseline electromagnetic environment,evaluate the potential threat characteristics and the potential threat behaviors against characteristics and behaviors associated with stored threat signatures,classify a wireless attack in response to evaluating the potential threat characteristics and the potential threat behaviors;
  
  determine a risk level associated with the wireless attack, andpresent, via one or more operator interfaces, an indication of the determined risk level.
- View Dependent Claims (12, 13, 14, 15, 16, 17, 18, 19)
- - 12. The system of claim 11, wherein evaluating the potential threat characteristics and the potential threat behaviors comprises generating an electromagnetic persona comprising one or more of the radio frequency signatures and matching the generated electromagnetic persona against stored personas associated with the stored threat signatures.
  - 13. The system of claim 11, wherein the one or more processing units are further configured to estimate positions of radio transmitters associated with the detected variations from the baseline electromagnetic environment.
  - 14. The system of claim 11, wherein the stored threat signatures comprise signatures associated with unauthorized wireless network access points.
  - 15. The system of claim 11, wherein the stored threat signatures comprise signatures associated with unauthorized cellular base stations.
  - 16. The system of claim 11, wherein the stored threat signatures comprise behaviors associated with spoofing sensors associated with security or controls.
  - 17. The system of claim 11, wherein the stored threat signatures comprise behaviors associated with skimming payment credentials.
  - 18. The system of claim 11, wherein the stored threat signatures comprise behaviors associated with access control exploits.
  - 19. The system of claim 11, wherein the stored threat signatures comprise one or more templates associated with wireless attacks.

20. A system for threat detection from electromagnetic signatures, comprising:
- a plurality of sensor antennas;
  
  one or more updatable analysis databases configured to provide stored threat signatures;
  
  one or more operator interfaces for communicating information associated with wireless devices;
  
  a plurality of software radio receivers configured to couple radio frequency signals from the plurality of sensor antennas and generate data samples representing a portion of the radio frequency signals; and
  
  a signal analysis engine comprising one or more processing units, and one or more processing modules configuring the one or more processing units to;
  
  receive the data samples,generate feature vectors comprising at least a portion of the data samples;
  
  combine the feature vectors from two or more of the software radio receivers to form aggregate feature vectors;
  
  incorporate attribute information into the aggregate feature vectors, wherein the attribute information describes one or more features of a communicated signal within the radio frequency signals;
  
  identify radio frequency signatures, comprising behaviors, from the data samples,generate electromagnetic persona associated with the radio frequency signatures,establish a baseline of electromagnetic persona behavior within an electromagnetic environment,monitor electromagnetic persona behavior over time to detect variations from the baseline of electromagnetic persona behavior,identify potential threat behaviors within the variations from the baseline electromagnetic environment,evaluate the potential threat behaviors against behaviors associated with the stored threat signatures to classify a wireless attack risk and identify attack risk levels, andpresent, via the one or more operator interfaces, an indication of identified attack risk levels.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Bastille Networks, Inc.
Original Assignee
Bastille Networks, Inc.
Inventors
Baxley, Robert John, Rouland, Christopher Jay
Primary Examiner(s)
Rahman, Mahfuzur
Assistant Examiner(s)
Victoria, Narciso

Application Number

US14/728,825
Publication Number

US 20150350228A1
Time in Patent Office

1,232 Days
Field of Search
US Class Current
CPC Class Codes

G06K 7/0095   Testing the sensing arrange...

H04B 1/0028   wherein the AD/DA conversio...

H04B 1/0064   with separate antennas for ...

H04B 7/01   Reducing phase shift

H04K 2203/34   involving multiple cooperat...

H04K 3/22   including jamming detection...

H04K 3/42   characterized by the contro...

H04K 3/44   characterized by the contro...

H04K 3/65   using deceptive jamming or ...

H04K 3/825   by jamming

H04K 3/84   related to preventing elect...

H04K 3/86   related to preventing decep...

H04K 3/88   related to allowing or prev...

H04L 63/02   for separating internal fro...

H04L 63/1416   Event detection, e.g. attac...

H04L 63/1483   service impersonation, e.g....

H04W 12/08   Access security

H04W 12/122   Counter-measures against at...

H04W 12/128   Anti-malware arrangements, ...

H04W 12/79   Radio fingerprint

H04W 72/0453 : Resources in frequency doma...

H04W 72/20 : Control channels or signall...

H04W 88/06 : adapted for operation in mu...

View All

Electromagnetic threat detection and mitigation in the Internet of Things

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

14 Citations

20 Claims

Specification

Solutions

Use Cases

Quick Links

Electromagnetic threat detection and mitigation in the Internet of Things

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

14 Citations

20 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links