Method and system for wireless intrusion detection
First Claim
Patent Images
1. A method comprising:
- monitoring, for at least one monitoring cycle, a wireless network of interest for a plurality of signals from one or more wireless access devices;
storing results from the monitoring cycle;
transmitting the results of the monitoring cycle to a data collector;
processing the results of the monitoring cycle to determine whether any access of the wireless network of interest has occurred; and
notifying a user of the results of the processing of the monitoring cycle.
9 Assignments
0 Petitions
Accused Products
Abstract
A wireless intrusion detection system (WIDS) is disclosed for monitoring both authorized and unauthorized access to a wireless portion of a network. The WIDS consists of a collector and one or more nodes that communicate via an out of band means that is separate from the network. Unauthorized access points and unauthorized clients in the network can be detected. The WIDS can be used to monitor, for example, a network implemented using the 802.11 protocol. In addition, the WIDS can be used by one company to provide a service that monitors the wireless network of another company.
-
Citations
42 Claims
-
1. A method comprising:
-
monitoring, for at least one monitoring cycle, a wireless network of interest for a plurality of signals from one or more wireless access devices;
storing results from the monitoring cycle;
transmitting the results of the monitoring cycle to a data collector;
processing the results of the monitoring cycle to determine whether any access of the wireless network of interest has occurred; and
notifying a user of the results of the processing of the monitoring cycle. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16, 17, 18, 19, 20, 21, 22)
-
-
23. A wireless intrusion detection system, comprising:
-
one or more nodes, each node configured to monitor a wireless network of interest for signals received from at least one wireless access device; and
a collector, each of the one or more nodes in communication with the collector;
wherein the collector receives results from the monitoring cycle of signals by the one or more nodes and determines whether any unauthorized access of the wireless network of interest has occurred. - View Dependent Claims (24, 25, 26, 27)
-
-
28. A wireless intrusion detection node, comprising:
-
means for performing a monitoring cycle of a plurality of signals from one or more wireless networks, including one wireless network of interest;
means for storing results from the monitoring cycle; and
means for transmitting the results of the monitoring cycle to a data collector.
-
-
29. A wireless intrusion detection collector, comprising:
-
means for receiving from a node results of a monitoring cycle of a plurality of signals from one or more wireless networks, including one wireless network of interest;
means for processing the results of the monitoring cycle; and
means for notifying a user of the results of the monitoring cycle.
-
-
30. A method for controlling a wireless intrusion detection system comprising:
-
transmitting a plurality of beacon packets from a collector;
receiving one or more of the beacon packets at a node; and
establishing a communications link between the collector and the node for detecting unauthorized access of a wireless network of interest;
wherein the collector controls a wireless intrusion detection system by a communications link that utilizes a different means of communication than the wireless network. - View Dependent Claims (31)
-
-
32. A method comprising:
-
receiving the results of a monitoring cycle of a plurality of signals from one or more wireless networks that were previously monitored by one or more nodes;
processing the results of the monitoring cycle at a location remote from the location of the one or more nodes to generate at least one indicator indicative of unauthorized access to the wireless network of interest; and
communicating the at least one indicator to an operator that monitors the status of the wireless network of interest. - View Dependent Claims (33, 34)
-
-
35. A method comprising:
-
receiving, from a node, results of a monitoring cycle of a plurality of signals from one or more wireless access devices in a wireless network of interest;
processing the results of the monitoring cycle to generate at least one indicator indicative of unauthorized access to the wireless network of interest;
recognizing patterns in the results of the monitoring cycle; and
refining the responses to the results of the monitoring cycle based on recognized patterns. - View Dependent Claims (36, 37)
-
-
38. A method comprising:
-
receiving results from a node of a monitoring cycle of a plurality of signals from one or more wireless networks;
processing the results of the monitoring cycle to generate at least one indicator indicative of unauthorized access to the wireless network of interest; and
determining, based on the processing of the results of the monitoring cycle, a location of any unauthorized access to the wireless network of interest.
-
-
39. A system comprising:
-
means for monitoring, for at least one monitoring cycle, a wireless network of interest for a plurality of signals from one or more wireless access devices;
means for storing results from the monitoring cycle;
means for transmitting the results of the monitoring cycle to a data collector;
means for processing the results of the monitoring cycle to determine whether any access of the wireless network of interest has occurred; and
means for notifying a user of the results of the processing of the monitoring cycle.
-
-
40. A computer readable medium containing computer program instructions for:
-
monitoring, for at least one monitoring cycle, a wireless network of interest for a plurality of signals from one or more wireless access devices;
storing results from the monitoring cycle;
transmitting the results of the monitoring cycle to a data collector;
processing the results of the monitoring cycle to determine whether any access of the wireless network of interest has occurred; and
notifying a user of the results of the processing of the monitoring cycle.
-
-
41. A system for controlling a wireless intrusion detection system comprising:
-
means for transmitting a plurality of beacon packets from a collector;
means for receiving one or more of the beacon packets at a node; and
means for establishing a communications link between the collector and the node for detecting unauthorized access of a wireless network of interest;
wherein the collector controls a wireless intrusion detection system by a communications link that utilizes a different means of communication than the wireless network.
-
-
42. A computer readable medium containing computer program instructions for:
-
transmitting a plurality of beacon packets from a collector;
receiving one or more of the beacon packets at a node; and
establishing a communications link between the collector and the node for detecting unauthorized access of a wireless network of interest;
wherein the collector controls a wireless intrusion detection system by a communications link that utilizes a different means of communication than the wireless network.
-
Specification