Methodology for the detection of intrusion into radio frequency (RF) based networks including tactical data links and the tactical internet
First Claim
1. A method for detecting intrusions in a wireless network, comprising the steps of:
- researching and defining normal network behavior with the intent of ascertaining user and temporal patterns;
researching potential sources of information that will lead to the detection and classification of potentially intrusive events;
establishing a knowledge base of anomalous network activity that will form the foundation for classifying potentially intrusive events;
analyzing and evaluating the knowledge base to create an attack model;
utilizing the attack model to provide an adaptive response to intrusions in the wireless network; and
developing a recovery model to recover from an intrusion of the wireless network.
3 Assignments
0 Petitions
Accused Products
Abstract
The present invention provides strategies for detecting intrusions in wireless environments, and the strategies are based on innovative applications of information analysis as well as other information correlating techniques. The key to detecting intrusions in a RF based environment is to understand the normal spectrum of behavior so that deviations can be detected and analyzed. For a wireless communications grid, this process requires empirical knowledge about how the radios work together as components of the information grid, and how this grid network is managed. Once normal behavior has been characterized, anomalous behavior can be identified. Potential intrusions into the wireless network can be analyzed and an attack model can be created. The attack model can be utilized as the basis for initiating appropriate adaptive responses.
-
Citations
23 Claims
-
1. A method for detecting intrusions in a wireless network, comprising the steps of:
-
researching and defining normal network behavior with the intent of ascertaining user and temporal patterns; researching potential sources of information that will lead to the detection and classification of potentially intrusive events; establishing a knowledge base of anomalous network activity that will form the foundation for classifying potentially intrusive events; analyzing and evaluating the knowledge base to create an attack model; utilizing the attack model to provide an adaptive response to intrusions in the wireless network; and developing a recovery model to recover from an intrusion of the wireless network. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 15, 16, 17, 18)
-
-
12. A method for detecting intrusions in a wireless network, comprising the steps of:
-
researching and defining normal network behavior with the intent of ascertaining user and temporal patterns; researching potential sources of information that will lead to the detection and classification of potentially intrusive events; augmenting the researching step by collecting real-world information concerning intrusive events and updating the knowledge base; establishing a knowledge base of anomalous network activity that will form the foundation for classifying potentially intrusive events; analyzing and evaluating the knowledge base to create an attack model; utilizing the attack model to provide an adaptive response to intrusions in the wireless network; and developing a recovery model to recover from an intrusion of the wireless network.
-
-
13. A method for detecting intrusions in the Tactical Internet, comprising the steps of:
-
researching and defining normal network behavior with the intent of ascertaining user and temporal patterns; researching potential sources of information that will lead to the detection and classification of potentially intrusive events; establishing a knowledge base of anomalous network activity that will form the foundation for classifying potentially intrusive events, wherein the knowledge base includes data relating to suspicious events including passive eavesdropping, deception and denial of service; augmenting the researching step by collecting real-world information concerning intrusive events and updating the knowledge base; analyzing and evaluating the knowledge base to create an IW attack model; utilizing the IW attack model to provide an adaptive response to intrusions in the Tactical Internet; and developing a recovery model to recover from an intrusion of the Tactical Internet.
-
-
14. A method for detecting intrusions in a RF based tactical data link, comprising the steps of:
-
researching and defining normal network behavior with the intent of ascertaining user and temporal patterns; researching potential sources of information that will lead to the detection and classification of potentially intrusive events; establishing a knowledge base of anomalous network activity that will form the foundation for classifying potentially intrusive events, wherein the knowledge base includes data relating to suspicious events including passive eavesdropping, deception and denial of service; augmenting the researching step by collecting real-world information concerning intrusive events and updating the knowledge base; analyzing and evaluating the knowledge base to create an IW attack model; utilizing the IW attack model to provide an adaptive response to intrusions in the RF based tactical data link; and developing a recovery model to recover from an intrusion of the RF based tactical data link.
-
-
19. A method for detecting intrusions in a wireless network, comprising the steps of:
-
researching and defining normal network behavior with the intent of ascertaining user and temporal patterns; researching potential sources of information that will lead to the detection and classification of potentially intrusive events; establishing a knowledge base of anomalous network activity, comprising network performance data that includes noise, loss of service, signal quality and traffic levels; analyzing and evaluating the knowledge base to create an attack model; and utilizing the attack model to provide an adaptive response to intrusions in the wireless network.
-
-
20. A method for detecting intrusions in a RF-based radio communication system, comprising the steps of:
-
establishing a knowledge base of anomalous activity for classifying potentially intrusive events, wherein the knowledge base includes data relating to suspicious events including passive eavesdropping, deception and denial of service; analyzing and evaluating the knowledge base to create an attack model that comprises an identification of a plurality of types of hostile events and associated manifestations of anamolous network events; utilizing the attack model to provide an adaptive response to intrusions in the RF-based radio communication system; and developing a recovery model to recover from an intrusion of the RE-based radio communication system. - View Dependent Claims (21, 22, 23)
-
Specification