Detecting malicious device
First Claim
1. A method for detecting a malicious device in a network, the method comprising:
- initiating a malicious device detection mode;
transmitting a test message to neighbor devices in the network;
determining whether a test response message is received from the neighbor devices in response to the test message; and
if so, determining a corresponding neighbor device transmitting the test response message in response to the test message as a non-malicious device;
otherwise, determining the corresponding neighbor device as a malicious device,wherein the transmitting a test message to neighbor devices includes;
detecting, among the neighbor devices, candidate devices that transmit a signal with a specific service set identifier (SSID);
transmitting an associate request message to the detected candidate devices;
receiving an associate response message from the detected candidate devices;
obtaining information on the detected candidate devices from the received associate response message; and
transmitting the test message to the detected candidate devices based on the obtained information.
1 Assignment
0 Petitions
Accused Products
Abstract
A wireless access point and a method may be provided for detecting a malicious device in a network. The wireless access point may include a controller, a search unit, a message generation unit, and a determination unit. The controller may be configured to initiate a malicious device detection mode regularly at predefined intervals. The search unit may be configured to detect candidate devices broadcasting a signal with the first SSID from neighbor devices in an associated network. The message generation unit may be configured to generate a test message in the malicious device detection mode and transmit the test message to the candidate devices. The determination unit may be configured to determine a corresponding device in the candidate device as a malicious device when a test response message is not received from the corresponding device in response to the test message.
27 Citations
18 Claims
-
1. A method for detecting a malicious device in a network, the method comprising:
-
initiating a malicious device detection mode;
transmitting a test message to neighbor devices in the network;
determining whether a test response message is received from the neighbor devices in response to the test message; andif so, determining a corresponding neighbor device transmitting the test response message in response to the test message as a non-malicious device; otherwise, determining the corresponding neighbor device as a malicious device, wherein the transmitting a test message to neighbor devices includes; detecting, among the neighbor devices, candidate devices that transmit a signal with a specific service set identifier (SSID); transmitting an associate request message to the detected candidate devices; receiving an associate response message from the detected candidate devices; obtaining information on the detected candidate devices from the received associate response message; and transmitting the test message to the detected candidate devices based on the obtained information. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10)
-
-
11. A method for detecting a malicious device in a wireless local area network (WLAN) network by a wireless access point, the method comprising:
-
initiating a malicious device detection mode; transmitting a test message to neighbor devices located within a service area of the wireless access point; determining whether a test response message is received from the neighbor devices in response to the test message; and if so, determining a corresponding neighbor device transmitting the test response message as a non-malicious device; otherwise, determining the corresponding neighbor device as a malicious device, wherein the transmitting a test message includes; detecting, among the neighbor devices, candidate devices that transmit a signal with a specific service set identifier (SSID); generating a predefined test bit sequence as the test message;
including the predefined test bit sequence in an associate request message; andtransmitting the associate request message to the detected candidate devices. - View Dependent Claims (12, 13, 14, 15, 16, 17)
-
-
18. A wireless access point comprising:
- a controller configured to initiate a malicious device detection mode regularly at predefined intervals;
a search unit configured to detect candidate devices broadcasting a signal with a first specific service set identifier (SSID) from neighbor devices in an associated network;a message generation unit configured to generate a predetermined test bit sequence as a test message in the malicious device detection mode, include the predetermined test bit sequence in an associated request message, and transmit the associated request message as the test message to the detected candidate devices; a determination unit configured to determine a corresponding device in the candidate device as a malicious device when a test response message is not received from the corresponding device in response to the test message; and a notification unit configured to notify the determined malicious device to a related server so as to block the determined malicious device from access to the associated network.
- a controller configured to initiate a malicious device detection mode regularly at predefined intervals;
Specification