Systems and methods for detecting potentially illegitimate wireless access points
First Claim
1. A computer-implemented method for detecting illegitimate wireless access points, at least a portion of the method being performed by a computing device comprising at least one processor, the method comprising:
- determining that the computing device has established a connection with a wireless access point that resembles a known wireless access point to which the computing device has previously connected;
performing, in response to determining that the computing device has established the connection with the wireless access point, an authentication process to determine the legitimacy of the wireless access point by;
identifying a network resource to which the computing device is configured to connect as part of authentication processes to determine the legitimacy of wireless access points,establishing, via the wireless access point, a connection between the computing device and the network resource,collecting, based on the connection between the computing device and the network resource, a set of network details related to a route from the computing device to the network resource via the wireless access point, the set of network details describing properties of at least one network device that facilitates the connection between the computing device and the network resource, andcomparing the set of network details related to the route from the computing device to the network resource via the wireless access point with a previously collected set of network details related to a route from the computing device to the network resource via the known wireless access point;
determining, based on the comparison, that at least a portion of the set of network details related to the route from the computing device to the network resource via the wireless access point does not match the previously collected set of network details related to the route from the computing device to the network resource via the known wireless access point;
determining that the wireless access point is illegitimate by determining, based at least in part on the portion of the set of network details related to the route from the computing device to the network resource via the wireless access point not matching the previously collected set of network details related to the route from the computing device to the network resource via the known wireless access point, that a malicious network device is spoofing the known wireless access point; and
performing, in response to determining that the wireless access point is illegitimate, a security action on the computing device to prevent the wireless access point from compromising a security state of the computing device.
6 Assignments
0 Petitions
Accused Products
Abstract
The disclosed computer-implemented method for detecting potentially illegitimate wireless access points may include (1) determining that a computing device has established a connection with a wireless access point that resembles a known wireless access point, (2) collecting a set of network details related to a route from the computing device to a network resource via the wireless access point, (3) identifying a previously collected set of network details related to a route from the computing device to the network resource via the known wireless access point, (4) determining that a portion of the set of network details related to the route via the wireless access point does not match the set of network details related to the route via the known wireless access point, and then (5) determining that the wireless access point is potentially illegitimate.
-
Citations
19 Claims
-
1. A computer-implemented method for detecting illegitimate wireless access points, at least a portion of the method being performed by a computing device comprising at least one processor, the method comprising:
-
determining that the computing device has established a connection with a wireless access point that resembles a known wireless access point to which the computing device has previously connected; performing, in response to determining that the computing device has established the connection with the wireless access point, an authentication process to determine the legitimacy of the wireless access point by; identifying a network resource to which the computing device is configured to connect as part of authentication processes to determine the legitimacy of wireless access points, establishing, via the wireless access point, a connection between the computing device and the network resource, collecting, based on the connection between the computing device and the network resource, a set of network details related to a route from the computing device to the network resource via the wireless access point, the set of network details describing properties of at least one network device that facilitates the connection between the computing device and the network resource, and comparing the set of network details related to the route from the computing device to the network resource via the wireless access point with a previously collected set of network details related to a route from the computing device to the network resource via the known wireless access point; determining, based on the comparison, that at least a portion of the set of network details related to the route from the computing device to the network resource via the wireless access point does not match the previously collected set of network details related to the route from the computing device to the network resource via the known wireless access point; determining that the wireless access point is illegitimate by determining, based at least in part on the portion of the set of network details related to the route from the computing device to the network resource via the wireless access point not matching the previously collected set of network details related to the route from the computing device to the network resource via the known wireless access point, that a malicious network device is spoofing the known wireless access point; and performing, in response to determining that the wireless access point is illegitimate, a security action on the computing device to prevent the wireless access point from compromising a security state of the computing device. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9)
-
-
10. A system for detecting illegitimate wireless access points, the system comprising:
-
a connection module, stored in memory, that determines that a computing device has established a connection with a wireless access point that resembles a known wireless access point to which the computing device has previously connected; a collection module, stored in memory, that performs, in response to the determination that the computing device has established the connection with the wireless access point, an authentication process to determine the legitimacy of the wireless access point by; identifying a network resource to which the computing device is configured to connect as part of authentication processes to determine the legitimacy of wireless access points, establishing, via the wireless access point, a connection between the computing device and the network resource, collecting, based on the connection between the computing device and the network resource, a set of network details related to a route from the computing device to the network resource via the wireless access point, the set of network details describing properties of at least one network device that facilitates the connection between the computing device and the network resource, and comparing the set of network details related to the route from the computing device to the network resource via the wireless access point with a previously collected set of network details related to a route from the computing device to the network resource via the known wireless access point; a comparison module, stored in memory, that determines, based on the comparison, that at least a portion of the set of network details related to the route from the computing device to the network resource via the wireless access point does not match the previously collected set of network details related to the route from the computing device to the network resource via the known wireless access point; a legitimacy module, stored in memory, that determines that the wireless access point is illegitimate by determining, based at least in part on the portion of the set of network details related to the route from the computing device to the network resource via the wireless access point not matching the previously collected set of network details related to the route from the computing device to the network resource via the known wireless access point, that a malicious network device is spoofing the known wireless access point; a security module, stored in memory, that performs, in response to the determination that the wireless access point is illegitimate, a security action on the computing device to prevent the wireless access point from harming a security state of the computing device; and at least one physical processor configured to execute the connection module, the collection module, the comparison module, the legitimacy module, and the security module. - View Dependent Claims (11, 12, 13, 14, 15, 16, 17, 18)
-
-
19. A non-transitory computer-readable medium comprising one or more computer-executable instructions that, when executed by at least one processor of a computing device, cause the computing device to:
-
determine that the computing device has established a connection with a wireless access point that resembles a known wireless access point to which the computing device has previously connected; perform, in response to determining that the computing device has established the connection with the wireless access point, an authentication process to determine the legitimacy of the wireless access point by; identifying a network resource to which the computing device is configured to connect as part of authentication processes to determine the legitimacy of wireless access points, establishing, via the wireless access point, a connection between the computing device and the network resource, collecting, based on the connection between the computing device and the network resource, a set of network details related to a route from the computing device to the network resource via the wireless access point, the set of network details describing properties of at least one network device that facilitates the connection between the computing device and the network resource, and comparing the set of network details related to the route from the computing device to the network resource via the wireless access point with a previously collected set of network details related to a route from the computing device to the network resource via the known wireless access point; determine, based on the comparison, that at least a portion of the set of network details related to the route from the computing device to the network resource via the wireless access point does not match the previously collected set of network details related to the route from the computing device to the network resource via the known wireless access point; determine that the wireless access point is illegitimate by determining, based at least in part on the portion of the set of network details related to the route from the computing device to the network resource via the wireless access point not matching the previously collected set of network details related to the route from the computing device to the network resource via the known wireless access point, that a malicious network device is spoofing the known wireless access point; and perform, in response to determining that the wireless access point is illegitimate, a security action on the computing device to prevent the wireless access point from harming a security state of the computing device.
-
Specification