Electromagnetic threat detection and mitigation in the Internet of Things
First Claim
1. A method for threat detection from electromagnetic signatures, comprising:
- receiving radio frequency signals using a plurality of sensors, wherein the plurality of sensors comprise radio receivers;
generating, within the radio receivers, data samples representing at least a portion of the radio frequency signals;
generating feature vectors comprising at least a portion of the data samples;
combining the feature vectors from two or more of the radio receivers to form aggregate feature vectors;
incorporating attribute information into the aggregate feature vectors, wherein the attribute information describes one or more features of a communicated signal within the radio frequency signals;
identifying radio frequency signatures, comprising behaviors and characteristics, from one or more of the aggregate feature vectors;
establishing a baseline electromagnetic environment from the radio frequency signatures;
monitoring the radio frequency signatures over time to detect variations from the baseline electromagnetic environment;
identifying potential threat characteristics and potential threat behaviors within the variations from the baseline electromagnetic environment;
evaluating the potential threat characteristics and the potential threat behaviors against characteristics and behaviors associated with stored threat signatures;
classifying a wireless attack in response to evaluating the potential threat characteristics and the potential threat behaviors;
determining a risk level associated with the wireless attack; and
presenting, via one or more operator interfaces, an indication of the determined risk level.
1 Assignment
0 Petitions
Accused Products
Abstract
Systems and methods can support threat detection using electromagnetic signatures. One or more sensors comprising radio receivers may receive radio frequency signals within an electromagnetic environment. Radio frequency signatures may be identified from one or more of the radio frequency signals. A baseline electromagnetic environment may be established from the radio frequency signatures. The radio frequency signatures may be monitored over time to detect variations from the baseline electromagnetic environment. Variations in the electromagnetic environment may be evaluated against stored threat signatures. Operator interfaces may present indications of threats determined from evaluating the variations in the electromagnetic environment.
14 Citations
20 Claims
-
1. A method for threat detection from electromagnetic signatures, comprising:
-
receiving radio frequency signals using a plurality of sensors, wherein the plurality of sensors comprise radio receivers; generating, within the radio receivers, data samples representing at least a portion of the radio frequency signals; generating feature vectors comprising at least a portion of the data samples; combining the feature vectors from two or more of the radio receivers to form aggregate feature vectors; incorporating attribute information into the aggregate feature vectors, wherein the attribute information describes one or more features of a communicated signal within the radio frequency signals; identifying radio frequency signatures, comprising behaviors and characteristics, from one or more of the aggregate feature vectors; establishing a baseline electromagnetic environment from the radio frequency signatures; monitoring the radio frequency signatures over time to detect variations from the baseline electromagnetic environment; identifying potential threat characteristics and potential threat behaviors within the variations from the baseline electromagnetic environment; evaluating the potential threat characteristics and the potential threat behaviors against characteristics and behaviors associated with stored threat signatures; classifying a wireless attack in response to evaluating the potential threat characteristics and the potential threat behaviors; determining a risk level associated with the wireless attack; and presenting, via one or more operator interfaces, an indication of the determined risk level. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10)
-
-
11. A system for threat detection from electromagnetic signatures, comprising:
-
a plurality of sensor antennas; a plurality of sensors configured to couple radio frequency signals from the sensor antennas and generate data samples representing at least a portion of the radio frequency signals; and a signal analysis engine comprising one or more processing units, and one or more processing modules configuring the one or more processing units to; receive the data samples, generate feature vectors comprising at least a portion of the data samples; combine the feature vectors from two or more of the plurality of sensors to form aggregate feature vectors; incorporate attribute information into the aggregate feature vectors, wherein the attribute information describes one or more features of a communicated signal within the radio frequency signals; identify radio frequency signatures, comprising behaviors and characteristics, from the aggregate feature vectors, establish a baseline electromagnetic environment from the radio frequency signatures, monitor the radio frequency signatures over time to detect variations from the baseline electromagnetic environment, identify potential threat characteristics and potential threat behaviors within the variations from the baseline electromagnetic environment, evaluate the potential threat characteristics and the potential threat behaviors against characteristics and behaviors associated with stored threat signatures, classify a wireless attack in response to evaluating the potential threat characteristics and the potential threat behaviors; determine a risk level associated with the wireless attack, and present, via one or more operator interfaces, an indication of the determined risk level. - View Dependent Claims (12, 13, 14, 15, 16, 17, 18, 19)
-
-
20. A system for threat detection from electromagnetic signatures, comprising:
-
a plurality of sensor antennas; one or more updatable analysis databases configured to provide stored threat signatures; one or more operator interfaces for communicating information associated with wireless devices; a plurality of software radio receivers configured to couple radio frequency signals from the plurality of sensor antennas and generate data samples representing a portion of the radio frequency signals; and a signal analysis engine comprising one or more processing units, and one or more processing modules configuring the one or more processing units to; receive the data samples, generate feature vectors comprising at least a portion of the data samples; combine the feature vectors from two or more of the software radio receivers to form aggregate feature vectors; incorporate attribute information into the aggregate feature vectors, wherein the attribute information describes one or more features of a communicated signal within the radio frequency signals; identify radio frequency signatures, comprising behaviors, from the data samples, generate electromagnetic persona associated with the radio frequency signatures, establish a baseline of electromagnetic persona behavior within an electromagnetic environment, monitor electromagnetic persona behavior over time to detect variations from the baseline of electromagnetic persona behavior, identify potential threat behaviors within the variations from the baseline electromagnetic environment, evaluate the potential threat behaviors against behaviors associated with the stored threat signatures to classify a wireless attack risk and identify attack risk levels, and present, via the one or more operator interfaces, an indication of identified attack risk levels.
-
Specification