Method and system for wireless intrusion detection

US 7,778,606 B2
Filed: 05/17/2002
Issued: 08/17/2010
Est. Priority Date: 05/17/2002
Status: Active Grant

First Claim

Patent Images

1. A method comprising:

monitoring, for at least one monitoring cycle, a wireless network of interest for a plurality of signals from one or more wireless access devices;

storing results from the monitoring cycle;

encrypting the results from the monitoring cycle prior to transmitting to a data collector;

transmitting the results of the monitoring cycle to the data collector;

processing the results of the monitoring cycle to determine whether any access of the wireless network of interest has occurred; and

notifying a user of the results of the processing of the monitoring cycle.

View all claims

9 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A wireless intrusion detection system (WIDS) is disclosed for monitoring both authorized and unauthorized access to a wireless portion of a network. The WIDS consists of a collector and one or more nodes that communicate via an out of band means that is separate from the network. Unauthorized access points and unauthorized clients in the network can be detected. The WIDS can be used to monitor, for example, a network implemented using the 802.11 protocol. In addition, the WIDS can be used by one company to provide a service that monitors the wireless network of another company.

Citations

27 Claims

1. A method comprising:
- monitoring, for at least one monitoring cycle, a wireless network of interest for a plurality of signals from one or more wireless access devices;
  
  storing results from the monitoring cycle;
  
  encrypting the results from the monitoring cycle prior to transmitting to a data collector;
  
  transmitting the results of the monitoring cycle to the data collector;
  
  processing the results of the monitoring cycle to determine whether any access of the wireless network of interest has occurred; and
  
  notifying a user of the results of the processing of the monitoring cycle.
- View Dependent Claims (2, 3, 4, 5)
- - 2. The method of claim 1, further comprising:
    - detecting access points in the wireless network; and
      
      detecting clients in the wireless network.
  - 3. The method of claim 1, further comprising:
    - using a separate communications channel for the transmission of the results of the monitoring cycle to the data collector.
  - 4. The method of claim 1, further comprising:
    - performing a monitoring cycle utilizing one or more nodes.
  - 5. The method of claim 4, further comprising:
    - monitoring the status of the one or more nodes.

6. A method comprising:
- monitoring, for at least one monitoring cycle, a wireless network of interest for a plurality of signals from one or more wireless access devices;
  
  storing results from the monitoring cycle;
  
  transmitting the results of the monitoring cycle to a data collector;
  
  processing the results of the monitoring cycle to determine whether any access of the wireless network of interest has occurred;
  
  notifying a user of the results of the processing of the monitoring cycle; and
  
  tracking of authorized and unauthorized access points and clients.
- View Dependent Claims (7, 8, 9)
- - 7. The method of claim 6, further comprising:
    - locating any unauthorized devices.
  - 8. The method of claim 6, wherein the transmitting of results further comprises transmitting over a wireless communications medium.
  - 9. The method of claim 8, wherein the transmitting of results over a wireless communications medium further comprises transmitting a 900 MHz radio transmission.

10. A method comprising:
- monitoring, for at least one monitoring cycle, a wireless network of interest for a plurality of signals from one or more wireless access devices;
  
  storing results from the monitoring cycle;
  
  transmitting the results of the monitoring cycle to a data collector;
  
  processing the results of the monitoring cycle to determine whether any access of the wireless network of interest has occurred;
  
  notifying a user of the results of the processing of the monitoring cycle; and
  
  determining the status of any authorized access points.
- View Dependent Claims (11, 12, 13)
- - 11. The method of claim 10, further comprising:
    - determining whether any authorized access points have changed.
  - 12. The method of claim 10, further comprising:
    - determining whether any authorized access points are not operating.
  - 13. The method of claim 10, wherein the monitoring of signals from one or more wireless access devices further comprises monitoring for clients.

14. A method comprising:
- monitoring, for at least one monitoring cycle, a wireless network of interest for a plurality of signals from one or more wireless access devices;
  
  storing results from the monitoring cycle;
  
  transmitting the results of the monitoring cycle to a data collector;
  
  processing the results of the monitoring cycle to determine whether any access of the wireless network of interest has occurred;
  
  notifying a user of the results of the processing of the monitoring cycle; and
  
  identifying any denial of service attempts.
- View Dependent Claims (15, 16, 17, 18)
- - 15. The method of claim 14, further comprising:
    - tracking of multiple connection attempts to the wireless network by any unauthorized devices.
  - 16. The method of claim 14, further comprising:
    - notifying the user of any unauthorized attempts to access the wireless network.
  - 17. The method of claim 14, wherein the transmitting of results further comprises transmitting to a remotely located data collector.
  - 18. The method of claim 14, wherein the monitoring of signals from one or more wireless access devices further comprises monitoring for access points.

19. A method comprising:
- monitoring, for at least one monitoring cycle, a wireless network of interest for a plurality of signals from one or more wireless access devices;
  
  storing results from the monitoring cycle;
  
  transmitting the results of the monitoring cycle to a data collector;
  
  processing the results of the monitoring cycle to determine whether any access of the wireless network of interest has occurred;
  
  notifying a user of the results of the processing of the monitoring cycle; and
  
  tracking how long any unauthorized device has attempted to access the wireless network.
- View Dependent Claims (20, 21)
- - 20. The method of claim 19, further comprising:
    - identifying attempts to spoof an authorized access point.
  - 21. The method of claim 19, further comprising:
    - notifying the user of any authorized attempts to access the wireless network.

22. A method for controlling a wireless intrusion detection system comprising:
- transmitting a plurality of beacon packets from a collector;
  
  receiving one or more of the beacon packets at a node; and
  
  establishing a communications link between the collector and the node for detecting unauthorized access of a wireless network of interest;
  
  wherein the collector controls a wireless intrusion detection system by a communications link that utilizes a different means of communication than the wireless network.
- View Dependent Claims (23)
- - 23. A method as in claim 22, the communications link being a 900 MHz radio channel.

24. A method comprising:
- receiving, from a node, results, of a monitoring cycle, of a plurality of signals from one or more wireless access devices in a wireless network of interest;
  
  processing the results of the monitoring cycle to generate at least one indicator indicative of unauthorized access to the wireless network of interest,where the processing comprises applying adaptive learning techniques to evolve recognition of unauthorized access to the wireless network of interest;
  
  recognizing patterns in the results of the monitoring cycle; and
  
  refining responses to the results of the monitoring cycle based on recognized patterns.
- View Dependent Claims (25)
- - 25. A method as in claim 24, wherein the applying adaptive learning techniques further comprises:
    - utilizing genetic algorithms.

26. A system for controlling a wireless intrusion detection system comprising:
- means for transmitting a plurality of beacon packets from a collector;
  
  means for receiving one or more of the beacon packets at a node; and
  
  means for establishing a communications link between the collector and the node for detecting unauthorized access of a wireless network of interest;
  
  wherein the collector controls a wireless intrusion detection system by a communications link that utilizes a different means of communication than the wireless network.

27. One or more devices that store instructions executable by one or more processors, the instructions comprising:
- one or more instructions to transmit a plurality of beacon packets from a collector;
  
  one or more instructions to receive one or more of the beacon packets at a node; and
  
  one or more instructions to establish a communications link between the collector and the node for detecting unauthorized access of a wireless network of interest;
  
  where the collector controls a wireless intrusion detection system by a communications link that utilizes a different means of communication than the wireless network.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Ozmo Licensing LLC
Original Assignee
Network Security Technologies, Inc. (Verizon Communications Inc.)
Inventors
McHale, Tom, Yang, Yin, Wimble, Lawrence, Doten, Rick, Ammon, Ken, Frasnelli, Dan, Mitzen, Wayne, O'Ferrell, Chris
Primary Examiner(s)
Yun; Eugene

Application Number

US10/147,308
Publication Number

US 20030217289A1
Time in Patent Office

3,014 Days
Field of Search

455/410, 455/411, 455/404.1, 455/404.2, 455/457, 455/67.11, 455/9, 455/115.1
US Class Current

455/67.11
CPC Class Codes

H04L 63/1416   Event detection, e.g. attac...

H04L 63/1425   Traffic logging, e.g. anoma...

H04L 63/18   using different networks or...

H04W 12/12   Detection or prevention of ...

H04W 12/63   Location-dependent; Proximi...

H04W 12/64   using geofenced areas

Method and system for wireless intrusion detection

First Claim

9 Assignments

0 Petitions

Accused Products

Abstract

Citations

27 Claims

Specification

Solutions

Use Cases

Quick Links

Method and system for wireless intrusion detection

First Claim

9 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

27 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links