Method, system and program product for detecting intrusion of a wireless network
First Claim
Patent Images
1. A method for detecting intrusion of a wireless network, comprising:
- initially, monitoring for key indicator flags within a data stream, the key indicator flags including at least a time of day indicator that determines whether traffic has occurred outside of normal working hours, wherein an intrusion alert is generated if a key indicator flag is detected;
determining a validity deviation of the data stream received by a wireless network; and
determining an intrusion deviation of the data stream if the validity deviation exceeds a validity threshold, wherein intrusion is detected if the intrusion deviation is less than an intrusion threshold.
2 Assignments
0 Petitions
Accused Products
Abstract
In general, the present invention provides a method, system and program product for detecting intrusion of a wireless network. Specifically, under the present invention, a data stream received by a wireless network is monitored. A validity deviation is determined by comparing the data stream to a valid data stream. If the validity deviation exceeds a validity threshold, an intrusion deviation is determined by comparing the data stream to a known intrusion data stream. Then, if the intrusion deviation is less than an intrusion threshold, intrusion is detected and an intrusion alert is generated.
-
Citations
24 Claims
-
1. A method for detecting intrusion of a wireless network, comprising:
-
initially, monitoring for key indicator flags within a data stream, the key indicator flags including at least a time of day indicator that determines whether traffic has occurred outside of normal working hours, wherein an intrusion alert is generated if a key indicator flag is detected; determining a validity deviation of the data stream received by a wireless network; and determining an intrusion deviation of the data stream if the validity deviation exceeds a validity threshold, wherein intrusion is detected if the intrusion deviation is less than an intrusion threshold. - View Dependent Claims (2, 3, 4, 5, 6)
-
-
7. A method for detecting intrusion of a wireless network, comprising:
-
detecting a data stream received by a wireless network; initially, monitoring for key indicator flags within the data stream, the monitoring including; determining whether the data stream matches a predefined traffic pattern; determining whether the data stream has an invalid service set identifier; determining whether the data stream has an older service set identifier; determining whether the data stream has an invalid media access control; determining whether the data stream occurs outside of normal working hours; determining whether the data stream includes too many queries from a same sender; and generating an intrusion alert if a key indicator flag is detected; determining a validity deviation of the data stream by comparing the data stream to a valid data stream; determining an intrusion deviation of the data stream if the validity deviation exceeds a validity threshold by comparing the data stream to a known intrusion data stream, wherein intrusion is detected if the intrusion deviation is less than an intrusion threshold or if a key indicator flag is detected; and generating an intrusion alert if intrusion is detected. - View Dependent Claims (8, 9, 10, 11, 12)
-
-
13. A system for detecting intrusion of a wireless network, comprising:
-
a plurality of invalid access points, each of the plurality of invalid access points for generating data streams in an attempt to entice a sender of an invalid communication to access the access point; a data stream system for initially monitoring for key indicator flags within a data stream, the monitoring including; determining whether the data stream matches a predefined traffic pattern; determining whether the data stream has an invalid service set identifier; determining whether the data stream has an older service set identifier; determining whether the data stream has an invalid media access control; determining whether the data stream occurs outside of normal working hours; determining whether the data stream includes too many queries from a same sender; and generating an intrusion alert if a key indicator flag is detected; a validity deviation system for determining a validity deviation of the data stream received by a wireless network; and an intrusion deviation system for determining an intrusion deviation of the data stream if the validity deviation exceeds a validity threshold, wherein intrusion is detected if the intrusion deviation is less than an intrusion threshold. - View Dependent Claims (14, 15, 16, 17, 18)
-
-
19. A program product stored on a recordable device for detecting intrusion of a wireless network, which when executed, comprises:
-
program code for initially monitoring a data stream for key indicator flags, the key indicator flags including at least a time of day indicator that determines whether traffic has occurred outside of normal working hours, wherein an intrusion alert is generated if a key indicator flag is detected; program code for determining a validity deviation of the data stream received by a wireless network; and program code for determining an intrusion deviation of the data stream if the validity deviation exceeds a validity threshold, wherein intrusion is detected if the intrusion deviation is less than an intrusion threshold. - View Dependent Claims (20, 21, 22, 23, 24)
-
Specification