Intrusion Detection System For Wireless Networks
First Claim
1. An intrusion detection system comprising:
- a plurality of wireless nodes operating to transport packets between end devices over a wireless medium, wherein each wireless node in said plurality of wireless nodes examines a received data packet for the presence of one or more anomalies, and transmits a message packet upon the presence of said one or more anomalies; and
a sentinel device processing said message packet to determine whether a transmitter of said received data packet is a potential intruder, and causing a spy routine to be activated if said transmitter is determined to be said potential intruder,wherein operation of said spy routine communicates further with said transmitter to facilitate a determination of whether said transmitter is an actual intruder.
1 Assignment
0 Petitions
Accused Products
Abstract
A wireless node in a wireless network examines data packets directed to itself (i.e., value in destination address field indicates that the wireless node is an intended recipient)for presence of anomalies that suggest intrusion. The data packet is examined as part of the normal course of operation of the node. Upon detection of an anomaly, the wireless node sends a message packet containing details of the anomaly to a sentinel device. The sentinel device processes the anomalies to determine if a possibility of intrusion is indicated, and activates a spy routine in the wireless node. The spy routine enables further investigation into the intrusion. As components (such as wireless nodes) in the wireless network operate normally (normal operations) until an anomalous condition/event occurs, the additional power requirements for intrusion detection are reduced. If intrusion is detected, appropriate actions, such as alerting an operator, are taken to mitigate the intrusion.
33 Citations
30 Claims
-
1. An intrusion detection system comprising:
-
a plurality of wireless nodes operating to transport packets between end devices over a wireless medium, wherein each wireless node in said plurality of wireless nodes examines a received data packet for the presence of one or more anomalies, and transmits a message packet upon the presence of said one or more anomalies; and a sentinel device processing said message packet to determine whether a transmitter of said received data packet is a potential intruder, and causing a spy routine to be activated if said transmitter is determined to be said potential intruder, wherein operation of said spy routine communicates further with said transmitter to facilitate a determination of whether said transmitter is an actual intruder. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10)
-
-
11. A method of detecting intrusion by a transmitter in a wireless network, said wireless network comprising a plurality of wireless nodes, said method being implemented in each of said plurality of wireless nodes, said method comprising:
-
receiving a data packet from said transmitter in a first wireless node, wherein said data packet is directed to said first wireless node, wherein said first wireless node is contained in said plurality of wireless nodes; examining in said first wireless node said data packet to determine presence of one or more anomalies; and sending from said first wireless node a message packet to a sentinel device if said one or more anomalies are present. - View Dependent Claims (12, 13, 14, 15)
-
-
16. A method of detecting intrusion by a transmitter in a wireless network, said wireless network comprising a plurality of wireless nodes, said method being implemented in a sentinel device, said method comprising:
-
receiving a message packet from a first wireless node contained in said plurality of wireless nodes, wherein said message packet indicates one or more anomalies observed in a data packet received by said first wireless node; and transmitting a response packet indicating that a spy routine is to be activated to investigate further if a processing of said message packet indicates that said transmitter is a potential intruder. - View Dependent Claims (17, 18, 19, 20, 21)
-
-
22. A machine readable medium storing one or more sequences of instructions for enabling a wireless node in a wireless network to detect intrusion by a transmitter in said wireless network, said wireless network containing a plurality of wireless nodes, said wireless node being contained in said plurality of wireless nodes, wherein execution of said one or more sequences of instructions by one or more processors contained in said wireless node causes said wireless node to perform the actions of:
-
receiving a data packet from said transmitter, wherein said data packet is directed to said wireless node; examining said data packet to determine presence of one or more anomalies; and sending a message packet to a sentinel device if said one or more anomalies are present. - View Dependent Claims (23, 24, 25)
-
-
26. A machine readable medium storing one or more sequences of instructions for enabling a sentinel device to detect intrusion by a transmitter in a wireless network, said sentinel device being connected to said wireless network over a wireless medium, said wireless network containing a plurality of wireless nodes, wherein execution of said one or more sequences of instructions by one or more processors contained in said sentinel device causes said sentinel device to perform the actions of:
-
receiving a message packet from a first wireless node contained in said plurality of wireless nodes, wherein said message packet indicates one or more anomalies observed in data packets received by said first wireless node; and transmitting a response packet indicating that a spy routine is to be activated to investigate further if a processing of said message packet indicates that said transmitter is a potential intruder. - View Dependent Claims (27, 28, 29, 30)
-
Specification