Intrusion detection system for wireless networks
First Claim
1. A system for detecting intrusion into a wireless network, the system comprising:
- a monitoring station comprising;
a first transceiver for receiving and demodulating a first signal and for sending a first communication, anda first processor coupled to the first transceiver for processing the first signal and for controlling the first transceiver; and
a fusion station comprising;
a second transceiver for receiving and demodulating the first communication and for sending a second communication, anda second processor coupled to the second transceiver for processing the first communication from the monitoring station and for controlling the second transceiver, whereinthe second processor stores attributes of an expected signal;
the first processor calculates attributes of the first signal;
the first communication contains the attributes of the first signal;
the second processor compares the attributes of the first signal with the stored attributes of the expected signal to determine whether the attributes of the first signal deviate from the stored attributes of the expected signal; and
the second communication comprises an alert messages if the attributes of the first signal deviate from the stored attributes of the expected signal.
1 Assignment
0 Petitions
Accused Products
Abstract
A method and system (FIG. 2) for facilitating detection of intruders into a wireless network, through the use of physical layer anomalies. One or more monitoring stations (22, 24, 26) can be distributed across the potential intruder'"'"'s signal transmission region. They process these transmissions and extract attributes of the signals, which can then transmit to one or more fusion stations (28), which correlate the calculated attributes with stored attributes of signals of known, authorized users of the network, and transmit alert messages in the case that these signal attributes do not match those of known, authorized users. Signal attributes in accordance with the instant invention include the carrier frequency, spurious emissions, and power-on and power-down transients. Also in accordance with the instant invention are methods and systems using both direct and multipath received signal strength, signal-to-noise ratio, and geometric characteristics such as direction/angle of arrival (AOA), time of arrival, position/range, time dispersion, Doppler shift and polarization.
-
Citations
19 Claims
-
1. A system for detecting intrusion into a wireless network, the system comprising:
-
a monitoring station comprising; a first transceiver for receiving and demodulating a first signal and for sending a first communication, and a first processor coupled to the first transceiver for processing the first signal and for controlling the first transceiver; and a fusion station comprising; a second transceiver for receiving and demodulating the first communication and for sending a second communication, and a second processor coupled to the second transceiver for processing the first communication from the monitoring station and for controlling the second transceiver, wherein the second processor stores attributes of an expected signal; the first processor calculates attributes of the first signal; the first communication contains the attributes of the first signal; the second processor compares the attributes of the first signal with the stored attributes of the expected signal to determine whether the attributes of the first signal deviate from the stored attributes of the expected signal; and the second communication comprises an alert messages if the attributes of the first signal deviate from the stored attributes of the expected signal. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9)
-
-
10. A method for intrusion detection into a wireless network comprising the steps of:
-
storing an attribute of an expected signal; monitoring a first signal having attributes; receiving and demodulating a first signal having attributes; calculating an attribute of the first signal; transmitting a first communication containing the attribute of the first signal; comparing the attribute of the first signal with the stored attribute of the expected signal to determine whether the attribute of the first signal deviates from the stored attribute of the expected signal; and transmitting a second communication comprising an alert message if the attribute of the first signal deviates from the stored attribute of the expected signal. - View Dependent Claims (11, 12, 13, 14, 15, 16, 17, 18, 19)
-
Specification