Mobile ad-hoc network with intrusion detection features and related methods
First Claim
1. A mobile ad-hoc network (MANET) comprising:
- a plurality of nodes for transmitting data therebetween using a media access layer (MAC), each of said nodes having a respective MAC address associated therewith; and
a policing node for detecting intrusions into the MANET by monitoring transmissions among said plurality of nodes to detect frame check sequence (FCS) errors from a MAC address; and
generating an intrusion alert based upon detecting a number of FCS errors for the MAC address exceeding a threshold.
7 Assignments
0 Petitions
Accused Products
Abstract
A mobile ad-hoc network (MANET) may include a plurality of nodes for transmitting data therebetween using a media access layer (MAC), where each of the nodes has a respective MAC address associated therewith. The MANET may also include a policing node for detecting intrusions into the MANET by monitoring transmissions among the plurality of nodes to detect frame check sequence (FCS) errors from a MAC address, and generating an intrusion alert based upon detecting a number of FCS errors for the MAC address exceeding a threshold. The policing node may also detect intrusions based upon one or more of failed MAC address authentications, illegal network allocation vector (NAV) values, and unexpected contention or contention-free operation.
-
Citations
62 Claims
-
1. A mobile ad-hoc network (MANET) comprising:
-
a plurality of nodes for transmitting data therebetween using a media access layer (MAC), each of said nodes having a respective MAC address associated therewith; and
a policing node for detecting intrusions into the MANET by monitoring transmissions among said plurality of nodes to detect frame check sequence (FCS) errors from a MAC address; and
generating an intrusion alert based upon detecting a number of FCS errors for the MAC address exceeding a threshold. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9)
-
-
10. A mobile ad-hoc network (MANET) comprising:
-
a plurality of nodes for transmitting data therebetween using a media access layer (MAC), each of said nodes having a respective MAC address associated therewith; and
a policing node for detecting intrusions into the MANET by monitoring transmissions among said plurality of nodes to detect failed attempts to authenticate MAC addresses; and
generating an intrusion alert based upon detecting a number of failed attempts to authenticate a MAC address. - View Dependent Claims (11, 12, 13, 14, 15, 16, 17)
-
-
18. A mobile ad-hoc network (MANET) comprising:
-
a plurality of nodes for transmitting data therebetween;
said plurality of nodes transmitting request to send (RTS) and clear to send (CTS) packets therebetween prior to transmitting data, the RTS and CTS packets comprising a network allocation vector (NAV) value indicating a time duration reserved for transmitting the data; and
a policing node for detecting intrusions into the MANET by monitoring RTS and CTS packets transmitted among said plurality of nodes to detect an illegal NAV value therein; and
generating an intrusion alert based upon the detected illegal NAV value. - View Dependent Claims (19, 20, 21, 22, 23)
-
-
24. A mobile ad-hoc network (MANET) comprising:
-
a plurality of nodes for transmitting data therebetween, said plurality of nodes intermittently operating in a contention-free mode during contention-free periods (CFPs) and in a contention mode outside CFPs; and
a policing node for detecting intrusions into the MANET by monitoring transmissions among said plurality of nodes to detect contention-free mode operation outside of a CFP; and
generating an intrusion alert based upon detecting contention-free mode operation outside a CFP. - View Dependent Claims (25, 26, 27)
-
-
28. A mobile ad-hoc network (MANET) comprising:
-
a plurality of nodes for transmitting data therebetween, said plurality of nodes intermittently operating in a contention-free mode during contention-free periods (CFPs) and in a contention mode outside CFPs; and
a policing node for detecting intrusions into the MANET by monitoring transmissions among said plurality of nodes to detect contention mode operation during a CFP; and
generating an intrusion alert based upon detecting contention mode operation during a CFP. - View Dependent Claims (29, 30, 31)
-
-
32. An intrusion detection method for a mobile ad-hoc network (MANET) comprising a plurality of nodes, the method comprising:
-
transmitting data between the plurality of nodes using a media access layer (MAC), each of the nodes having a respective MAC address associated therewith;
monitoring transmissions among the plurality of nodes to detect frame check sequence (FCS) errors from a MAC address; and
generating an intrusion alert based upon detecting a number of FCS errors for the MAC address exceeding a threshold. - View Dependent Claims (33, 34, 35, 36, 37, 38, 39, 40)
-
-
41. An intrusion detection method for a mobile ad-hoc network (MANET) comprising a plurality of nodes, the method comprising:
-
transmitting data between the plurality of nodes using a media access layer (MAC), each of the nodes having a respective MAC address associated therewith;
monitoring transmissions among the plurality of nodes to detect failed attempts to authenticate MAC addresses; and
generating an intrusion alert based upon detecting a number of failed attempts to authenticate a MAC address. - View Dependent Claims (42, 43, 44, 45, 46, 47, 48)
-
-
49. An intrusion detection method for a mobile ad-hoc network (MANET) comprising a plurality of nodes, the method comprising:
-
transmitting request to send (RTS) and clear to send (CTS) packets between the plurality of nodes, the RTS and CTS packets comprising a network allocation vector (NAV) value indicating a time duration reserved for transmitting data between the plurality of nodes;
transmitting data between the plurality of nodes;
monitoring the RTS and CTS packets sent between the plurality of nodes to detect an illegal NAV value therein; and
generating an intrusion alert based upon the detected illegal NAV value. - View Dependent Claims (50, 51, 52, 53, 54)
-
-
55. An intrusion detection method for a mobile ad-hoc network (MANET) comprising a plurality of nodes, the method comprising:
-
transmitting data between the plurality of nodes, the plurality of nodes intermittently operating in a contention-free mode during contention-free periods (CFPS) and in a contention mode outside CFPs;
monitoring transmissions among the plurality of nodes to detect contention-free mode operation outside of a CFP; and
generating an intrusion alert based upon detecting contention-free mode operation outside a CFP period. - View Dependent Claims (56, 57, 58)
-
-
59. An intrusion detection method for a mobile ad-hoc network (MANET) comprising a plurality of nodes, the method comprising:
-
transmitting data between the plurality of nodes, the plurality of nodes intermittently operating in a contention-free mode during contention-free periods (CFPs) and in a contention mode outside CFPs;
monitoring transmissions among the plurality of nodes to detect contention mode operation during a CFP; and
generating an intrusion alert based upon detecting contention mode operation during a CFP period. - View Dependent Claims (60, 61, 62)
-
Specification