Method and system for wireless intrusion detection
First Claim
Patent Images
1. A method comprising:
- monitoring, for at least one monitoring cycle, a wireless network of interest for a plurality of signals from one or more wireless access devices;
storing results from the monitoring cycle;
encrypting the results from the monitoring cycle prior to transmitting to a data collector;
transmitting the results of the monitoring cycle to the data collector;
processing the results of the monitoring cycle to determine whether any access of the wireless network of interest has occurred; and
notifying a user of the results of the processing of the monitoring cycle.
9 Assignments
0 Petitions
Accused Products
Abstract
A wireless intrusion detection system (WIDS) is disclosed for monitoring both authorized and unauthorized access to a wireless portion of a network. The WIDS consists of a collector and one or more nodes that communicate via an out of band means that is separate from the network. Unauthorized access points and unauthorized clients in the network can be detected. The WIDS can be used to monitor, for example, a network implemented using the 802.11 protocol. In addition, the WIDS can be used by one company to provide a service that monitors the wireless network of another company.
-
Citations
27 Claims
-
1. A method comprising:
-
monitoring, for at least one monitoring cycle, a wireless network of interest for a plurality of signals from one or more wireless access devices; storing results from the monitoring cycle; encrypting the results from the monitoring cycle prior to transmitting to a data collector; transmitting the results of the monitoring cycle to the data collector; processing the results of the monitoring cycle to determine whether any access of the wireless network of interest has occurred; and notifying a user of the results of the processing of the monitoring cycle. - View Dependent Claims (2, 3, 4, 5)
-
-
6. A method comprising:
-
monitoring, for at least one monitoring cycle, a wireless network of interest for a plurality of signals from one or more wireless access devices; storing results from the monitoring cycle; transmitting the results of the monitoring cycle to a data collector; processing the results of the monitoring cycle to determine whether any access of the wireless network of interest has occurred; notifying a user of the results of the processing of the monitoring cycle; and tracking of authorized and unauthorized access points and clients. - View Dependent Claims (7, 8, 9)
-
-
10. A method comprising:
-
monitoring, for at least one monitoring cycle, a wireless network of interest for a plurality of signals from one or more wireless access devices; storing results from the monitoring cycle; transmitting the results of the monitoring cycle to a data collector; processing the results of the monitoring cycle to determine whether any access of the wireless network of interest has occurred; notifying a user of the results of the processing of the monitoring cycle; and determining the status of any authorized access points. - View Dependent Claims (11, 12, 13)
-
-
14. A method comprising:
-
monitoring, for at least one monitoring cycle, a wireless network of interest for a plurality of signals from one or more wireless access devices; storing results from the monitoring cycle; transmitting the results of the monitoring cycle to a data collector; processing the results of the monitoring cycle to determine whether any access of the wireless network of interest has occurred; notifying a user of the results of the processing of the monitoring cycle; and identifying any denial of service attempts. - View Dependent Claims (15, 16, 17, 18)
-
-
19. A method comprising:
-
monitoring, for at least one monitoring cycle, a wireless network of interest for a plurality of signals from one or more wireless access devices; storing results from the monitoring cycle; transmitting the results of the monitoring cycle to a data collector; processing the results of the monitoring cycle to determine whether any access of the wireless network of interest has occurred; notifying a user of the results of the processing of the monitoring cycle; and tracking how long any unauthorized device has attempted to access the wireless network. - View Dependent Claims (20, 21)
-
-
22. A method for controlling a wireless intrusion detection system comprising:
-
transmitting a plurality of beacon packets from a collector; receiving one or more of the beacon packets at a node; and establishing a communications link between the collector and the node for detecting unauthorized access of a wireless network of interest; wherein the collector controls a wireless intrusion detection system by a communications link that utilizes a different means of communication than the wireless network. - View Dependent Claims (23)
-
-
24. A method comprising:
-
receiving, from a node, results, of a monitoring cycle, of a plurality of signals from one or more wireless access devices in a wireless network of interest; processing the results of the monitoring cycle to generate at least one indicator indicative of unauthorized access to the wireless network of interest, where the processing comprises applying adaptive learning techniques to evolve recognition of unauthorized access to the wireless network of interest; recognizing patterns in the results of the monitoring cycle; and refining responses to the results of the monitoring cycle based on recognized patterns. - View Dependent Claims (25)
-
-
26. A system for controlling a wireless intrusion detection system comprising:
-
means for transmitting a plurality of beacon packets from a collector; means for receiving one or more of the beacon packets at a node; and means for establishing a communications link between the collector and the node for detecting unauthorized access of a wireless network of interest; wherein the collector controls a wireless intrusion detection system by a communications link that utilizes a different means of communication than the wireless network.
-
-
27. One or more devices that store instructions executable by one or more processors, the instructions comprising:
-
one or more instructions to transmit a plurality of beacon packets from a collector; one or more instructions to receive one or more of the beacon packets at a node; and one or more instructions to establish a communications link between the collector and the node for detecting unauthorized access of a wireless network of interest; where the collector controls a wireless intrusion detection system by a communications link that utilizes a different means of communication than the wireless network.
-
Specification