Method and Apparatus for Detection of Malicious Behavior in Mobile Ad-Hoc Networks
First Claim
1. A method to detect malicious behavior in a mobile ad-hoc network, the method comprising:
- establishing a decoy instance of actual node operating software on an actual node in a mobile ad-hoc network; and
monitoring communications involving the decoy instance to identify malicious behavior within the mobile ad-hoc network.
1 Assignment
0 Petitions
Accused Products
Abstract
Systems and methods are provided for detecting malicious behavior in mobile ad-hoc wireless networks. The mobile ad-hoc network contains a plurality of actual nodes and a plurality of decoys that are derived from the actual nodes using duplicate instances of the operational software of the actual nodes in combination with a virtual interconnection topology created to make the decoys appear as actual nodes within the mobile ad-hoc network. The interconnection topology includes routing characteristics indicating that the most efficient path of communication to any given decoy is through at least one actual node in the network. The decoys are used to identify malicious behavior in the network and in particular to identify attempt to communicate directly with decoys in contradiction to the created interconnection topology. When the malicious behavior is associated with an identifiable node, corrective action is taken that includes quarantining that node from the other nodes in the network.
24 Citations
20 Claims
-
1. A method to detect malicious behavior in a mobile ad-hoc network, the method comprising:
-
establishing a decoy instance of actual node operating software on an actual node in a mobile ad-hoc network; and monitoring communications involving the decoy instance to identify malicious behavior within the mobile ad-hoc network. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12)
-
-
13. A method to detect malicious behavior in a mobile ad-hoc network, the method comprising:
-
establishing a plurality of decoy instances of the actual node operating software on one of a plurality of actual nodes in a mobile ad-hoc network; creating a virtual interconnection topology among the plurality of decoy instance and the plurality of actual nodes in the mobile ad-hoc network; and using the established decoy instances and the virtual interconnection topology to identify malicious behavior within the mobile ad-hoc network. - View Dependent Claims (14)
-
-
15. A node in a mobile ad-hoc network comprising:
-
at least one real system instance of the operating software for the node; at least one decoy instance of the operating software; a topology manager to manage connectivity among external nodes and the decoy instance; and an access tracker to monitor malicious behavior in the mobile ad-hoc network containing the node. - View Dependent Claims (16, 17)
-
-
18. A computer-readable medium containing a computer-readable code that when read by a computer causes the computer to perform a method to detect malicious behavior in a mobile ad-hoc network, the method comprising:
-
establishing a decoy instance of actual node operating software on an actual node in a mobile ad-hoc network; and monitoring communications involving the decoy instance to identify malicious behavior within the mobile ad-hoc network. - View Dependent Claims (19, 20)
-
Specification