Systems and methods for wireless security using distributed collaboration of wireless clients
First Claim
Patent Images
1. A method for distributed monitoring of a wireless network using a plurality of wireless client devices in communication with the wireless network to gather wireless data from the wireless network, the method comprising the steps of:
- loading a software agent on one or more of a plurality of wireless client devices in communication with a wireless network, wherein the software agent is configured to utilize the one or more of the plurality of wireless devices as distributed monitoring devices in the wireless network, and wherein the plurality of wireless client devices comprise authorized wireless devices on the wireless network comprising any of desktop computers, notebook computers, storage devices, printers, or processor devices equipped with a wireless radio;
directing the one or more of the plurality of wireless client devices to monitor the wireless network and collect data corresponding to wireless traffic from devices transmitting on the wireless network at a predetermined range of frequencies, and to store the data for analysis, wherein the one or more of the plurality of wireless clients are configured to analyze the stored data locally, and wherein the wireless traffic comprising wireless local area network frames;
receiving collected analyzed data from the plurality of wireless client devices at one or more servers, the servers being configured to accumulate the collected data;
storing the received data for analysis and correlation; and
analyzing the stored data received from the plurality of wireless client devices so as to identify traffic corresponding to anomalous wireless activity;
wherein the software agent directs the one or more of the plurality of wireless client devices to locally monitor, locally analyze, and transmit the stored data to the one or more servers over the wireless network based upon predetermined or programmed conditions associated with the one or more of the plurality of wireless client devices.
9 Assignments
0 Petitions
Accused Products
Abstract
Systems and methods for distributed monitoring of a wireless network using a plurality of wireless client devices in communication with the wireless network.
186 Citations
26 Claims
-
1. A method for distributed monitoring of a wireless network using a plurality of wireless client devices in communication with the wireless network to gather wireless data from the wireless network, the method comprising the steps of:
-
loading a software agent on one or more of a plurality of wireless client devices in communication with a wireless network, wherein the software agent is configured to utilize the one or more of the plurality of wireless devices as distributed monitoring devices in the wireless network, and wherein the plurality of wireless client devices comprise authorized wireless devices on the wireless network comprising any of desktop computers, notebook computers, storage devices, printers, or processor devices equipped with a wireless radio; directing the one or more of the plurality of wireless client devices to monitor the wireless network and collect data corresponding to wireless traffic from devices transmitting on the wireless network at a predetermined range of frequencies, and to store the data for analysis, wherein the one or more of the plurality of wireless clients are configured to analyze the stored data locally, and wherein the wireless traffic comprising wireless local area network frames; receiving collected analyzed data from the plurality of wireless client devices at one or more servers, the servers being configured to accumulate the collected data; storing the received data for analysis and correlation; and analyzing the stored data received from the plurality of wireless client devices so as to identify traffic corresponding to anomalous wireless activity; wherein the software agent directs the one or more of the plurality of wireless client devices to locally monitor, locally analyze, and transmit the stored data to the one or more servers over the wireless network based upon predetermined or programmed conditions associated with the one or more of the plurality of wireless client devices. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16)
-
-
17. A processor based method for monitoring a wireless network with a client equipped with a wireless device, the method comprising the steps of:
-
loading a software agent on the client, wherein the software agent is configured to utilize the client as one of a plurality of distributed monitoring devices in the wireless network, and wherein the client comprises an authorized wireless device on the wireless network comprising any of desktop computers, notebook computers, storage devices, printers, or processor devices equipped with a wireless radio; monitoring the client for an activation condition associated with the client and operation of the client on the wireless network; receiving wireless data from the wireless network responsive to the activation condition, the wireless data comprising wireless traffic transmitted to any receiver, wherein the wireless data is transmitted within a receiver range of the wireless device, and wherein the wireless data comprising wireless local area network frames transmitted by devices on the wireless network other than the wireless device; at the client and based on the activation condition, locally analyzing the data to identify relevant data, events, and statistics, the data, events, and statistics being relevant to a security profile associated with the wireless network; at the client, locally logging the relevant data, events, and statistics to a log file located on a local data store; and sending the log file to a server responsive to the wireless device having an available connection to the server, wherein the server is configured to receive a plurality of log files from a plurality of clients. - View Dependent Claims (18, 19, 20, 21, 22, 23)
-
-
24. One or more computer readable media storing instructions that upon execution by a computer cause the computer to monitor the use of a wireless device with respect to communications that are received at a wireless interface associated with the computer, wherein the monitoring of the wireless interface comprises:
-
receiving wireless data from the wireless network at a wireless device responsive to an activation condition associated with the computer and operation of the computer on the wireless network, the wireless data comprising wireless traffic transmitted to any receiver, wherein the wireless data is transmitted within a receiver range of the wireless device, and wherein the wireless data comprises wireless local area network frames transmitted by devices on the wireless network other than the wireless device; at the computer, locally analyzing the data to identify relevant data, events, and statistics, wherein the data, events, and statistics are relevant based upon a security profile associated with the wireless network; at the computer, locally logging the relevant data, events, and statistics to a log file located on a local data store; sending the log file to a server responsive to the wireless device having an available connection to the server over a secure socket link, wherein the server is configured to analyze and correlate data from a plurality of log files; and without the activation condition, operating the computer over the wireless network; wherein the computer is configured perform the receiving and locally analyzing based upon predetermined or programmed conditions associated with the computer; and wherein the computer comprises an authorized wireless device on the wireless network comprising any of desktop computers, notebook computers, storage devices, printers, or processor devices equipped with a wireless radio, the computer executing the instructions in background until the predetermined or programmed conditions.
-
-
25. A computer system having an intrusion protection system agent, the system comprising:
-
a wireless communication interface operable to receive and transmit data on a wireless network, wherein the data is included in wireless local area network frames compliant to IEEE 802.11 protocols; a data store operable to store a log file associated with analysis of the wireless network; and a system processor comprising one or more processing elements, wherein the system processor is in communication with the system data store and the wireless communication interface and wherein the system processor is programmed or adapted to; access the wireless communication interface to collect wireless data responsive to an activation condition, the wireless data being collected without consideration for the intended recipient of the data; store the collected wireless data in the data store; locally perform an analysis of the collected wireless data to identify relevant data, events, and statistics responsive to the activation condition, wherein the identified data, events, and statistics are relevant based upon a security profile associated with the wireless network; locally store a log file associated with the analysis of the collected wireless data; alert a centralized server via a network connection comprising a secure socket link based upon the analysis of the information; and without the activation condition, operate over the wireless network; wherein the wireless data compliant to IEEE 802.11 protocols is stored locally in the data store, analyzed locally by the processor is in communication with the system data store, and the log file is created and stored locally in the data store based on the analysis, and wherein the centralized server is configured to analyze and correlate data from a plurality of log files from a plurality of computer systems; wherein the computer system comprises an authorized wireless device on the wireless network comprising any of desktop computers, notebook computers, storage devices, printers, or processor devices equipped with a wireless radio, the computer system executing the intrusion protection system agent in background until the activation condition. - View Dependent Claims (26)
-
Specification