METHOD FOR TRACKING OUT ATTACK DEVICE DRIVING SOFT ROGUE ACCESS POINT AND APPARATUS PERFORMING THE METHOD

US 20140130155A1
Filed: 12/28/2012
Published: 05/08/2014
Est. Priority Date: 11/05/2012
Status: Abandoned Application

First Claim

Patent Images

1. A method of tracking out an attack terminal driving a soft rogue AP, comprising:

detecting an unauthorized soft rogue AP;

collecting information about the detected soft rogue AP, information about one or more access terminals connected to the detected soft rogue AP, and information about one or more candidate attack terminals that are not connected to the detected soft rogue AP, and storing the collected information;

receiving frames related to the information about the stored soft rogue AP, and analyzing similarities between communication patterns of the access terminals and communication patterns of the candidate attack terminals based on the received frames; and

tracking out an attack terminal driving the unauthorized soft rogue AP based on the results of the analysis on the similarities between the communication patterns of the access terminals and the communication patterns of the candidate attack terminals.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A method including: detecting an unauthorized soft rogue AP; collecting information about the detected soft rogue AP, information about one or more access terminals connected to the detected soft rogue AP, and information about one or more candidate attack terminals that are not connected to the detected soft rogue AP, and storing the collected information;

receiving frames related to the information about the stored soft rogue AP, and analyzing similarities between communication patterns of the access terminals and communication patterns of the candidate attack terminals based on the received frames; and tracking out an attack terminal driving the unauthorized soft rogue AP based on the results of the analysis on the similarities between the communication patterns of the access terminals and the communication patterns of the candidate attack terminals. Accordingly, it is possible to effectively block the soft rogue AP.

23 Citations

View as Search Results

15 Claims

1. A method of tracking out an attack terminal driving a soft rogue AP, comprising:
- detecting an unauthorized soft rogue AP;
  
  collecting information about the detected soft rogue AP, information about one or more access terminals connected to the detected soft rogue AP, and information about one or more candidate attack terminals that are not connected to the detected soft rogue AP, and storing the collected information;
  
  receiving frames related to the information about the stored soft rogue AP, and analyzing similarities between communication patterns of the access terminals and communication patterns of the candidate attack terminals based on the received frames; and
  
  tracking out an attack terminal driving the unauthorized soft rogue AP based on the results of the analysis on the similarities between the communication patterns of the access terminals and the communication patterns of the candidate attack terminals.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8)
- - 2. The method of claim 1, wherein the detecting of the unauthorized soft rogue AP comprises detecting the unauthorized soft rogue AP based on at least one of a MAC address, location information, and Received Signal Strength Indication (RSSI) of a pre-stored, authorized AP.
  - 3. The method of claim 1, wherein the analyzing of the similarities between the communication patterns of the access terminals and the communication patterns of the candidate attack terminals comprises:
    - receiving frames from the access terminals and one or more candidate attack terminals selected from among the candidate attack terminals, respectively;
      
      extracting communication information from the received frames; and
      
      comparing the extracted communication information to each other, and analyzing the similarities between the communication patterns of the access terminals and communication patterns of the selected candidate attack terminals.
  - 4. The method of claim 3, wherein the extracting of the communication information from the frames comprises extracting the communication information whether or not the frames have been encrypted, in such a way to extract L2 frame information from the frames if the frames have been encrypted, or to extract L3 packet information from the frames if the frames have been not encrypted.
  - 5. The method of claim 4, wherein the L2 frame information includes at least one piece of information among a source MAC address, a destination MAC address, a frame transmission time, and a frame size, and the L3 packet information includes at least one piece of information among a source IP address, a destination IP address, a protocol number, a packet transmission time, and a packet size.
  - 6. The method of claim 1, wherein the tracking out of the attack terminal comprises repeatedly performing the analyzing of the similarities between the communication patterns of the access terminals and the communication patterns of the candidate attack terminals if there is an attack terminal that is to be additionally analyzed.
  - 7. The method of claim 1, wherein the tracking out of the attack terminal comprises:
    - determining whether the similarities between the communication patterns of the access terminals and the communication patterns of the candidate attack terminals are greater than a predetermined threshold value if there is no attack terminal that is to be additionally analyzed; and
      
      tracking out a candidate attack terminal whose communication pattern has the greatest similarity to the communication patterns of the access terminals, among candidate attack terminals whose communication patterns have greater similarities than the predetermined threshold value to the communication patterns of the access terminals, as the attack terminal driving the soft rogue AP.
  - 8. The method of claim 1, after the tracking out of the attack terminal, further comprising transmitting identification information of the attack terminal to a server capable of controlling the tracked-out attack terminal

9. An apparatus for tracking out an attack terminal, comprising:
- a wireless communication unit;
  
  an information collecting unit configured to detect an unauthorized soft rogue AP, and to collect information about one or more access terminals connected to the unauthorized soft rogue AP, and information about one or more candidate attack terminals that are not connected to the soft rogue AP, through the wireless communication unit; and
  
  an attack terminal tracking-out unit configured to analyze similarities between communication patterns of the access terminals and communication patterns of the candidate attack terminals, and to track out an attack terminal driving the soft rogue AP based on the results of the analysis.
- View Dependent Claims (10, 11, 12, 13, 14, 15)
- - 10. The apparatus of claim 9, wherein the information collecting unit detects the unauthorized soft rogue AP based on at least one of a MAC address, location information, and Received Signal Strength Indication (RSSI) of a pre-stored, authorized AP.
  - 11. The apparatus of claim 9, wherein the attack terminal tracking-out unit comprises:
    - a radio frame filtering module configured to receive frames from the access terminals and one or more candidate attack terminals selected from among the candidate attack terminals, respectively, to extract communication information from the received frames, and to provide the extracted communication information; and
      
      a communication pattern similarity analyzing module configured to compare the communication information to each other, and to analyze the similarities between the communication patterns of the access terminals and the communication patterns of the selected candidate attack terminals.
  - 12. The apparatus of claim 11, wherein the radio frame filtering module extracts L2 frame information from the frames if the frames have been encrypted, or extracts L3 packet information from the frames if the frames have been not encrypted.
  - 13. The apparatus of claim 12, wherein the L2 frame information includes at least one piece of information among a source MAC address, a destination MAC address, a frame transmission time, and a frame size, and the L3 packet information includes at least one piece of information among a source IP address, a destination IP address, a protocol number, a packet transmission time, and a packet size.
  - 14. The apparatus of claim 11, wherein the communication pattern similarity analyzing module tracks out a candidate attack terminal whose communication pattern has the greatest similarity to the communication patterns of the access terminals, among candidate attack terminals whose communication patterns have greater similarities than a predetermined threshold value to the communication patterns of the access terminals, as the attack terminal driving the soft rogue AP.
  - 15. The apparatus of claim 9, further comprising a communication interface unit configured to transmit identification information of the tracked-out attack terminal to a server capable of controlling the tracked-out attack terminal, and to receive a soft rogue AP detection policy from the server.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Electronics and Telecommunications Research Institute
Original Assignee
Electronics and Telecommunications Research Institute
Inventors
KWON, Hyeok Chan, LEE, Sok Joon, KIM, Sin Hyo, CHUNG, Byung Ho, AN, Gae Il

Application Number

US13/729,156
Publication Number

US 20140130155A1
Time in Patent Office

Days
Field of Search
US Class Current

726/22
CPC Class Codes

H04L 63/14   for detecting or protecting...

H04W 12/12   Detection or prevention of ...

H04W 12/122   Counter-measures against at...

H04W 12/73   Access point logical identity

METHOD FOR TRACKING OUT ATTACK DEVICE DRIVING SOFT ROGUE ACCESS POINT AND APPARATUS PERFORMING THE METHOD

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

23 Citations

15 Claims

Specification

Solutions

Use Cases

Quick Links

METHOD FOR TRACKING OUT ATTACK DEVICE DRIVING SOFT ROGUE ACCESS POINT AND APPARATUS PERFORMING THE METHOD

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

23 Citations

15 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links