Intrusion detection system for wireless networks

US 20040162995A1
Filed: 04/09/2004
Published: 08/19/2004
Est. Priority Date: 04/11/2002
Status: Active Grant

First Claim

Patent Images

1. A system for detecting intrusion into a wireless network, the system comprising:

a monitoring station, having a first transceiver, the first transceiver comprising;

a first receiver front end for receiving and demodulating a first signal, a first transmitter for sending a first communication, and a first processor coupled to said first receiver front end for processing the first signal, and coupled to said first transmitter for controlling the first transmitter; and

a fusion station, having a second transceiver, the second transceiver comprising;

a second receiver front end for receiving and demodulating said first communication;

a second transmitter for sending a second communication, and a second processor coupled to said second receiver front end for processing the first communication from said monitoring station, and said second processor coupled to the second transmitter for controlling the second transmitter.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A method and system (FIG. 2) for facilitating detection of intruders into a wireless network, through the use of physical layer anomalies. One or more monitoring stations (22, 24, 26) can be distributed across the potential intruder'"'"'s sign transmission region. They process these transmissions and extract attributes of the signals, which can then transmit to one or more fusion stations (28), which correlate the calculated attributes with stored attributes of signals of known, authorized users of the network, and transmit alert messages in the case that these signal attributes do not match those of known, authorized users. Signal attributes in accordance with the instant invention include the carrier frequency, spurious emissions, and power-on and power-down transients. Also in accordance with the instant invention are methods and systems using both direct and multipath received signal strength, signal-to-noise ratio, and geometric characteristics such as direction/angle of arrival (AOA), time of arrival, position/range, time dispersion, Doppler shift and polarization.

80 Citations

View as Search Results

19 Claims

1. A system for detecting intrusion into a wireless network, the system comprising:
- a monitoring station, having a first transceiver, the first transceiver comprising;
  
  a first receiver front end for receiving and demodulating a first signal, a first transmitter for sending a first communication, and a first processor coupled to said first receiver front end for processing the first signal, and coupled to said first transmitter for controlling the first transmitter; and
  
  a fusion station, having a second transceiver, the second transceiver comprising;
  
  a second receiver front end for receiving and demodulating said first communication;
  
  a second transmitter for sending a second communication, and a second processor coupled to said second receiver front end for processing the first communication from said monitoring station, and said second processor coupled to the second transmitter for controlling the second transmitter.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9)
- - 2. The system of claim 1, wherein the second processor stores attributes of an expected signal;
    - the first receiver front end receives and demodulates the first signal;
      
      the first processor calculates attributes of the first signal;
      
      the first transmitter transmits the first communication containing the attributes of the first signal;
      
      the second receiver front end receives and demodulates the first communication;
      
      the second processor compares the attributes of the first signal with the stored attributes of the expected signal to determine whether the attributes of the first signal deviate from the stored attributes of the expected signal; and
      
      the second transmitter transmits alert messages if the attributes of the first signal deviate from the stored attributes of the expected signal.
  - 3. The system of claim 2, wherein the second processor compares a frequency content of power-on transient of the first signal, with a frequency content of power-on transient of the expected signal.
  - 4. The system of claim 2, wherein the second processor compares a stored wavelet transform of power-on transient of the first signal, with a wavelet transform of power-on transient of the expected signal.
  - 5. The system of claim 2, wherein the second processor compares a frequency content of power-down transient of the first signal, with a frequency content of power-down transient of the expected signal.
  - 6. The system of claim 2, wherein the second processor compares a stored wavelet transform of power-down transient of the first signal, with a wavelet transform of power-down transient of the expected signal.
  - 7. The system of claim 2, wherein the second processor compares a median, mean, and standard deviation of an IF signal obtained from the first signal, with a median, mean and standard deviation of an IF signal obtained from the expected signal.
  - 8. The system of claim 2, wherein the second processor compares a direct path received power from the first signal and a ratio of (multipath) power received in-chip to the direct path received power from the first signal, with a direct path received power from the expected signal and the ratio of (multipath) power received in-chip to the direct path received power from the expected signal.
  - 9. The system of claim 2, wherein the second processor compares polarization and direction of arrival of the first signal to polarization and direction of arrival of the expected signal.

10. A method for intrusion detection into a wireless network comprising the steps of:
- monitoring a first signal having attributes;
  
  receiving and demodulating a first signal having attributes;
  
  transmitting a first communication;
  
  receiving and demodulating the first communication; and
  
  sending a second communication.
- View Dependent Claims (11, 12, 13, 14, 15, 16, 17, 18, 19)
- - 11. The method of claim 10, further comprising the steps of:
    - storing an expected attribute of an expected signal;
      
      calculating an attribute of the first signal;
      
      comparing an attribute of the first signal with a stored attribute of the expected signal to determine whether the attribute of the first signal deviate from the stored attribute of the expected signal; and
      
      transmitting alert message if the attribute of the first signal deviate from the stored attribute of the expected signal.
  - 12. The method of claim 11, wherein the attribute is a frequency content of power-on transient of the signal.
  - 13. The method of claim 11, wherein the attribute is a wavelet transform of power-on transient of the signal.
  - 14. The method of claim 11, wherein the attribute is a frequency content of power-down transient of the signal.
  - 15. The method of claim 11, wherein the attribute is a wavelet transform of power-down transient of the signal.
  - 16. The method of claim 11, wherein the attribute is a calculated median, mean, or standard deviation of an IF signal obtained from the first signal.
  - 17. The method of claim 11, wherein the attribute is a calculated direct path received power from the signal and a ratio of (multipath) power received in-chip to the direct path received power from the signal.
  - 18. The method of claim 11, wherein the attribute is a calculated polarization and direction of arrival of the signal.
  - 19. The method of claim 11, wherein an attribute includes one or more attributes.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Johns Hopkins University
Original Assignee
Johns Hopkins University
Inventors
Muaddi, Albert B, Tomko, Albert A

Granted Patent

US 7,366,148 B2
Time in Patent Office

Days
Field of Search
US Class Current

713/201
CPC Class Codes

H04B 17/26   using historical data, aver...

H04L 63/1408   by monitoring network traff...

H04L 63/1416   Event detection, e.g. attac...

H04L 63/1466   Active attacks involving in...

H04W 12/12   Detection or prevention of ...

H04W 12/122   Counter-measures against at...

H04W 12/79   Radio fingerprint

H04W 24/00   Supervisory, monitoring or ...

H04W 80/04   Network layer protocols, e....

Y02D 30/70   in wireless communication n...

Intrusion detection system for wireless networks

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

80 Citations

19 Claims

Specification

Solutions

Use Cases

Quick Links

Intrusion detection system for wireless networks

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

80 Citations

19 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links