Intrusion detection sensor detecting attacks against wireless network and system and method of detecting wireless network intrusion

US 20060150250A1
Filed: 11/29/2005
Published: 07/06/2006
Est. Priority Date: 12/20/2004
Status: Active Grant

First Claim

Patent Images

1. An intrusion detection sensor detecting an attack against a wireless network including an access point providing wireless communication to one or more wireless terminals, wherein the intrusion detection sensor examines a packet transmitted and received between the access point and the wireless terminal according to a predetermined detection rule, and in relation to an event packet including critical information on whether or not a wireless line connection between the access point and the wireless terminal is established, the packet is examined by additionally using confirmation information received from the access point on whether or not the event packet is transmitted.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

An intrusion detection system and method of a wireless network providing wireless communication to one or more wireless terminal, and an intrusion detection sensor capable of detecting attacks against wireless network are provided. The intrusion detection system of a wireless network includes: an access point providing wireless communication to a wireless terminal; and an intrusion detection sensor examining packets transmitted and received between the access point and a wireless terminal according to a predetermined detection rule. The access point transmits confirmation information on whether or not an event packet, including critical information on whether or not a wireless line connection between the access point and the wireless terminal is established, is transmitted, to the intrusion detection sensor, and the intrusion detection sensor examines an event packet by using the confirmation information. According to the system and method, a variety of attacks occurring on a wireless network can be effectively detected and systematically controlled.

68 Citations

View as Search Results

24 Claims

1. An intrusion detection sensor detecting an attack against a wireless network including an access point providing wireless communication to one or more wireless terminals, wherein the intrusion detection sensor examines a packet transmitted and received between the access point and the wireless terminal according to a predetermined detection rule, and in relation to an event packet including critical information on whether or not a wireless line connection between the access point and the wireless terminal is established, the packet is examined by additionally using confirmation information received from the access point on whether or not the event packet is transmitted.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8)
- - 2. The sensor of claim 1, wherein the event packet is any one of an 802.11 disassociation packet, a deauthentication packet, and an extensible authentication protocol (EAP)-failure packet transmitted by the access point to the wireless terminal.
  - 3. The sensor of claim 2, wherein when the access point transmits the event packet to the wireless terminal, the confirmation information is transferred, by transmitting the intention, or the event packet itself to the intrusion detection sensor.
  - 4. The sensor of claim 3, wherein the confirmation information is transmitted through a secure communication channel between the access point and the intrusion detection sensor.
  - 5. The sensor of claim 4, wherein the secure communication channel is implemented by using any one of an inter access point protocol (IAPP), an Internet protocol security protocol (IPSec), and a transport layer security (TLS) protocol.
  - 6. The sensor of claim 1, wherein the detection rule is used to detect any one of a rogue access point attack, and a man-in-the-middle attack.
  - 7. The sensor of claim 6, wherein the detection rule is used to further detect any one of an address resolution protocol (ARP) poisoning attack, an 802.11i message integrity code (MIC) failure attack, and a denial of service attack using the characteristic of an 802.11f protocol.
  - 8. The sensor of claim 1, wherein the detection rule is transmitted by a wireless security management server monitoring the security situation of distributed networks including a plurality of access points.

9. A wireless network intrusion detection system providing wireless communication to one or more wireless terminal, the system comprising:
- an access point providing wireless communication to the wireless terminal; and
  
  an intrusion detection sensor examining packets transmitted and received between the access point and a wireless terminal according to a predetermined detection rule, wherein the access point transmits confirmation information on whether or not an event packet, including critical information on whether or not a wireless line connection between the access point and the wireless terminal is established, is transmitted, to the intrusion detection sensor, and the intrusion detection sensor examines an event packet by using the confirmation information.
- View Dependent Claims (10, 14, 15, 16)
- - 10. The system of claim 9, wherein the event packet is any one of an 802.11 disassociation packet, a deauthentication packet, and an extensible authentication protocol (EAP)-failure packet transmitted by the access point to the wireless terminal.
  - 14. The system of claim 9, wherein the intrusion detection sensor detects any one of a rogue access point attack, and a man-in-the-middle attack, by using the detection rule.
  - 15. The system of claim 9, wherein the access point detects any one of an address resolution protocol (ARP) poisoning attack, an 802.11i message integrity code (MIC) failure attack, and a denial of service attack using the characteristic of an 802.11f protocol, by using the detection rule.
  - 16. The system of claim 9, further comprising:
    - a wireless security management server monitoring the security situation of distributed networks including a plurality of access points, and transmitting the detection rule to the intrusion detection sensor and the access point.

11. The system of claim 11, wherein when the access point transmits the event packet to the wireless terminal, the confirmation information is transferred, by transmitting the intention, or the event packet itself to the intrusion detection sensor.

12. The system of claim 12, wherein the confirmation information is transmitted through a secure communication channel between the access point and the intrusion detection sensor.
- View Dependent Claims (13)
- - 13. The system of claim 12, wherein the secure communication channel is implemented by using any one of an IAPP, an IPSec, and a TLS protocol.

17. A wireless network intrusion detection method providing wireless communication to one or more wireless terminal, the method comprising:
- examining ordinary packets transmitted and received between an access point providing wireless communication to the wireless terminal and the wireless terminal, according to a predetermined detection rule;
  
  identifying an event packet, including critical information on whether or not a wireless line connection between the access point and the wireless terminal is established, among the ordinary packets;
  
  if the event packet is identified, receiving confirmation information from the access point on whether or not the event packet is transmitted; and
  
  examining the event packet by using the confirmation information.
- View Dependent Claims (18, 19, 20, 21, 22, 23, 24)
- - 18. The method of claim 17, wherein the event packet is any one of an 802.11 disassociation packet, a deauthentication packet, and an extensible authentication protocol (EAP)-failure packet transmitted by the access point to the wireless terminal.
  - 19. The method of claim 18, wherein when the access point transmits the event packet to the wireless terminal, the confirmation information is transferred, by transmitting the intention, or the event packet itself to the intrusion detection sensor.
  - 20. The method of claim 19, wherein the confirmation information is transmitted through a secure communication channel between the access point and the intrusion detection sensor.
  - 21. The method of claim 20, wherein the secure communication channel is implemented by using any one of an IAPP, an IPSec, and a TLS protocol.
  - 22. The method of claim 17, wherein the detection rule is used to detect any one of a rogue access point attack, and a man-in-the-middle attack, by using the detection rule.
  - 23. The method of claim 22, wherein the detection rule is used to detect any one of an address resolution protocol (ARP) poisoning attack, an 802.11i message integrity code (MIC) failure attack, and a denial of service attack using the characteristic of an 802.11f protocol, by using the detection rule.
  - 24. The method of claim 17, wherein the detection rule is transmitted by a wireless security management server monitoring the security situation of distributed networks including a plurality of access points.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Electronics and Telecommunications Research Institute
Original Assignee
Electronics and Telecommunications Research Institute
Inventors
Kim, Sin Hyo, Lee, Sok Joon, Chung, Kyo Il, Chung, Byung Ho, Ham, Young Hwan, Oh, Kyung Hee

Granted Patent

US 7,640,585 B2
Time in Patent Office

Days
Field of Search
US Class Current

726/23
CPC Class Codes

H04L 63/1416   Event detection, e.g. attac...

H04L 63/164   at the network layer

H04L 63/166   at the transport layer

H04W 12/122   Counter-measures against at...

H04W 12/126   Anti-theft arrangements, e....

Intrusion detection sensor detecting attacks against wireless network and system and method of detecting wireless network intrusion

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

68 Citations

24 Claims

Specification

Solutions

Use Cases

Quick Links

Intrusion detection sensor detecting attacks against wireless network and system and method of detecting wireless network intrusion

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

68 Citations

24 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links