Apparatus and method for deploying a wireless network intrusion detection system to resource-constrained devices
First Claim
1. A system comprising:
- a plurality of wireless devices configured to receive data packets over a wireless medium, at least one of the wireless devices configured to detect one or more anomalies associated with a received data packet; and
a sentinel device configured to communicate a spy routine to one or more of the wireless devices in response to the detection of the one or more anomalies;
wherein the one or more wireless devices are further configured to execute the spy routine to facilitate at least one of;
a determination of whether a transmitter of the received data packet is an intruder and isolation of the transmitter.
1 Assignment
0 Petitions
Accused Products
Abstract
Wireless devices, such as field devices or repeater/relay nodes, detect the presence of anomalies in data packets that suggest intrusion. Upon detection of an anomaly, a wireless device sends a notification to a sentinel device, which determines if intrusion may be occurring. If so, the sentinel device downloads a spy routine to at least one of the wireless devices, which enables further investigation into and/or isolation of the intrusion. Since the spy routine is downloaded to the wireless devices, the spy routine can be used in conjunction with memory-constrained wireless devices. Memory-constrained wireless devices may lack adequate memory for storing both a main application executed during normal operation and the spy routine. The spy routine could overwrite one or more modules of the main application. Once executed, the spy routine could itself be overwritten by the one or more modules, allowing the wireless device to return to normal operation.
44 Citations
31 Claims
-
1. A system comprising:
-
a plurality of wireless devices configured to receive data packets over a wireless medium, at least one of the wireless devices configured to detect one or more anomalies associated with a received data packet; and a sentinel device configured to communicate a spy routine to one or more of the wireless devices in response to the detection of the one or more anomalies; wherein the one or more wireless devices are further configured to execute the spy routine to facilitate at least one of;
a determination of whether a transmitter of the received data packet is an intruder and isolation of the transmitter. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10)
-
-
11. A method comprising:
-
receiving a data packet from a transmitter at a wireless device; detecting one or more anomalies associated with the data packet; communicating a notification in response to detecting the one or more anomalies; receiving a spy routine at the wireless device; and executing the spy routine to facilitate at least one of;
a determination of whether the transmitter is an intruder and isolation of the transmitter. - View Dependent Claims (12, 13, 14, 15)
-
-
16. An apparatus comprising:
-
a wireless interface configured to receive a data packet from a transmitter; and at least one processor configured to; detect one or more anomalies associated with the data packet; initiate communication of a notification in response to detecting the one or more anomalies; receive a spy routine; and execute the spy routine to facilitate at least one of;
a determination of whether the transmitter is an intruder and isolation of the transmitter. - View Dependent Claims (17, 18, 19, 20)
-
-
21. A non-transitory computer readable medium encoded with a computer program, the computer program comprising computer readable program code for:
-
receiving a data packet from a transmitter; detecting one or more anomalies associated with the data packet; communicating a notification in response to detecting the one or more anomalies; receiving a spy routine; and executing the spy routine to facilitate at least one of;
a determination of whether the transmitter is an intruder and isolation of the transmitter.
-
-
22. A method comprising:
-
receiving a notification from one of a plurality of wireless devices, the notification associated with one or more anomalies detected by the wireless device, the one or more anomalies associated with a data packet received by the wireless device; and communicating a spy routine to at least one of the wireless devices, the spy routine facilitating at least one of;
a determination of whether a transmitter of the data packet is an intruder and isolation of the transmitter. - View Dependent Claims (23, 24, 25)
-
-
26. An apparatus comprising:
-
an interface configured to receive a notification from one of a plurality of wireless devices, the notification associated with one or more anomalies detected by the wireless device, the one or more anomalies associated with a data packet received by the wireless device; and at least one processor configured to identify at least one of the wireless devices and to initiate communication of a spy routine to the at least one wireless device, the spy routine facilitating at least one of;
a determination of whether a transmitter of the data packet is an intruder and isolation of the transmitter. - View Dependent Claims (27, 28, 29, 30)
-
-
31. A non-transitory computer readable medium encoded with a computer program, the computer program comprising computer readable program code for:
-
receiving a notification from one of a plurality of wireless devices, the notification associated with one or more anomalies detected by the wireless device, the one or more anomalies associated with a data packet received by the wireless device; and communicating a spy routine to at least one of the wireless devices, the spy routine facilitating at least one of;
a determination of whether a transmitter of the data packet is an intruder and isolation of the transmitter.
-
Specification