Detection of power-drain denial-of-service attacks in wireless networks

US 7,515,926 B2
Filed: 03/30/2005
Issued: 04/07/2009
Est. Priority Date: 03/30/2005
Status: Active Grant

First Claim

Patent Images

1. A method for detecting a denial-of-service (DoS) attack in a wireless network, comprising:

(a) generating a statistical measure characterizing a relationship between power consumption by a mobile unit of the wireless network and data transmitted to and from the mobile unit during normal operations of the wireless network;

(b) comparing the statistical measure to a current measure of the relationship; and

(c) detecting the DoS attack if the current measure differs from the statistical measure by more than a specified threshold.

View all claims

14 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

In a wireless network, an architecture for wireless attack resistance (AWARE) detects power-drain denial-of-service (DoS) attacks by generating statistical measures relating the power consumption by a mobile unit and data transmitted to and from the mobile unit during normal operations of the wireless network. The AWARE architecture compares those statistical measures to current measures to detect a DoS attack if the current measure differs from the statistical measure by more than a specified threshold. If a DoS attack is detected, then the AWARE architecture can inhibit communications with the mobile unit to prevent the mobile from consuming too much power. The statistical measure may be an energy efficiency ratio relating the number of bits of data transmitted to or from the mobile unit over a specified time interval to the amount of power consumed by the mobile unit during that time interval.

Citations

20 Claims

1. A method for detecting a denial-of-service (DoS) attack in a wireless network, comprising:
- (a) generating a statistical measure characterizing a relationship between power consumption by a mobile unit of the wireless network and data transmitted to and from the mobile unit during normal operations of the wireless network;
  
  (b) comparing the statistical measure to a current measure of the relationship; and
  
  (c) detecting the DoS attack if the current measure differs from the statistical measure by more than a specified threshold.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15)
- - 2. The invention of claim 1, wherein the statistical measure is based on a ratio of the amount of data transmitted to or from the mobile unit within a specified time interval to the amount of power consumed by the mobile unit during the specified time interval.
  - 3. The invention of claim 2, wherein the ratio is an energy efficiency ratio EER given by:
    - $EER = \frac{\sum_{t = 0}^{T} D_{i}}{\sum_{t = 0}^{T} P_{i}}$ where D_iis data size in bits of each packet i that is sent or received during the time interval T and P_iis the amount of power consumed by the mobile unit during the transmission or reception of the ith packet.
  - 4. The invention of claim 1, wherein:
    - the wireless network comprises an access node that provides access between the mobile unit and an internet; and
      
      the DoS attack is initiated via the internet or from a mobile within the wireless network.
  - 5. The invention of claim 1, further comprising the step of inhibiting at least certain communications with the mobile unit if the DoS attack is detected.
  - 6. The invention of claim 5, wherein selection of the certain communications is based on source of packets associated with the certain communications.
  - 7. The invention of claim 1, wherein the method is implemented by an architecture for wireless attack resistance within the wireless network.
  - 8. The invention of claim 7, wherein:
    - the wireless network comprises an access node that provides access between the mobile unit and an internet; and
      
      the architecture is implemented between the access node and the internet.
  - 9. The invention of claim 1, wherein steps (a) and (b) are implemented for each mobile user in the wireless network.
  - 10. The invention of claim 1, wherein the power consumption by the mobile unit is estimated by an architecture for wireless attack resistance of the wireless network based on packet arrival pattern for the mobile unit.
  - 11. The invention of claim 1, wherein statistical measures are generated for each of two or more different applications implemented by the mobile unit.
  - 12. The invention of claim 1, wherein statistical measures are generated for each of two or more different servers accessed by the mobile unit.
  - 13. The invention of claim 1, wherein the statistical measure is aggregated for an application implemented by two or more different mobile units.
  - 14. The invention of claim 1, wherein the statistical measure is aggregated for a server serving two or more different mobile units.
  - 15. The invention of claim 1, wherein:
    - the statistical measure is based on a ratio of the amount of data transmitted to or from the mobile unit within a specified time interval to the amount of power consumed by the mobile unit during the specified time interval;
      
      the ratio is an energy efficiency ratio EER given by;
      
      $EER = \frac{\sum_{t = 0}^{T} D_{i}}{\sum_{t = 0}^{T} P_{i}}$ where D_iis data size in bits of each packet i that is sent or received during the time interval T and P_iis the amount of power consumed by the mobile unit during the transmission or reception of the ith packet;
      
      the wireless network comprises an access node that provides access between the mobile unit and an internet;
      
      the DoS attack is initiated via the internet or from a mobile within the wireless network;
      
      further comprising the step of inhibiting at least certain communications with the mobile unit if the DoS attack is detected, wherein selection of the certain communications is based on source of packets associated with the certain communications;
      
      the method is implemented by an architecture for wireless attack resistance within the wireless network;
      
      the architecture is implemented between the access node and the internet;
      
      steps (a) and (b) are implemented for each mobile user in the wireless network; and
      
      the power consumption by the mobile unit is estimated by the architecture based on packet arrival pattern for the mobile unit.

16. An architecture for detecting a denial-of-service (DoS) attack in a wireless network, the architecture adapted to:
- (a) generate a statistical measure characterizing a relationship between power consumption by a mobile unit of the wireless network and data transmitted to and from the mobile unit during normal operations of the wireless network;
  
  (b) compare the statistical measure to a current measure of the relationship; and
  
  (c) detect the DoS attack if the current measure differs from the statistical measure by more than a specified threshold.
- View Dependent Claims (17, 18, 19)
- - 17. The invention of claim 16, wherein:
    - the statistical measure is based on a ratio of the amount of data transmitted to or from the mobile unit within a specified time interval to the amount of power consumed by the mobile unit during the specified time interval; and
      
      the ratio is an energy efficiency ratio EER given by;
      
      $EER = \frac{\sum_{t = 0}^{T} D_{i}}{\sum_{t = 0}^{T} P_{i}}$ where D_iis data size in bits of each packet i that is sent or received during the time interval T and P_iis the amount of power consumed by the mobile unit during the transmission or reception of the ith packet.
  - 18. The invention of claim 16, wherein:
    - the wireless network comprises an access node that provides access between the mobile unit and an internet;
      
      the architecture is implemented between the access node and the internet;
      
      the DoS attack is initiated via the internet or from a mobile within the wireless network; and
      
      the architecture is adapted to inhibit at least certain communications with the mobile unit if the DoS attack is detected, wherein selection of the certain communications is based on source of packets associated with the certain communications.
  - 19. The invention of claim 16, wherein the architecture is adapted to estimate the power consumption by the mobile unit based on packet arrival pattern for the mobile unit.

20. A wireless network comprising:
- an access node adapted to provide access between the wireless network and an internet;
  
  one or more radio network controllers (RNCs) adapted to communicate with the access node;
  
  one or more base stations for each RNC and adapted to communicate with the RNC and with one or more mobile units; and
  
  an architecture adapted to;
  
  (a) generate a statistical measure characterizing a relationship between power consumption by a mobile unit of the wireless network and data transmitted to and from the mobile unit during normal operations of the wireless network;
  
  (b) compare the statistical measure to a current measure of the relationship; and
  
  (c) detect the DoS attack if the current measure differs from the statistical measure by more than a specified threshold.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
RPX Corporation
Original Assignee
Alcatel-Lucent USA, Inc. (Nokia Corporation)
Inventors
Norden, Samphel, Bu, Tian, Woo, Thomas Y.
Primary Examiner(s)
Anderson; Matthew D
Assistant Examiner(s)
YOUSSEF, ADEL Y

Application Number

US11/093,457
Publication Number

US 20060229022A1
Time in Patent Office

1,469 Days
Field of Search

455/552, 455/522.1, 455/436
US Class Current

455/522
CPC Class Codes

H04L 63/1458   Denial of Service

H04W 12/125   Protection against power ex...

Y02D 30/70   in wireless communication n...

Detection of power-drain denial-of-service attacks in wireless networks

First Claim

14 Assignments

0 Petitions

Accused Products

Abstract

Citations

20 Claims

Specification

Solutions

Use Cases

Quick Links

Detection of power-drain denial-of-service attacks in wireless networks

First Claim

14 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

20 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links