WO2003088532A8 - Intrusion detection system for wireless networks - Google Patents

Intrusion detection system for wireless networks

Info

Publication number
WO2003088532A8
WO2003088532A8 PCT/US2003/011107 US0311107W WO03088532A8 WO 2003088532 A8 WO2003088532 A8 WO 2003088532A8 US 0311107 W US0311107 W US 0311107W WO 03088532 A8 WO03088532 A8 WO 03088532A8
Authority
WO
WIPO (PCT)
Prior art keywords
attributes
signal
arrival
signals
instant invention
Prior art date
Application number
PCT/US2003/011107
Other languages
French (fr)
Other versions
WO2003088532A1 (en
Inventor
Albert B Muaddi
Albert A Tomko
Original Assignee
Univ Johns Hopkins
Albert B Muaddi
Albert A Tomko
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Univ Johns Hopkins, Albert B Muaddi, Albert A Tomko filed Critical Univ Johns Hopkins
Priority to US10/477,026 priority Critical patent/US7366148B2/en
Priority to AU2003223551A priority patent/AU2003223551A1/en
Publication of WO2003088532A1 publication Critical patent/WO2003088532A1/en
Publication of WO2003088532A8 publication Critical patent/WO2003088532A8/en

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/14Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
    • H04L63/1408Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic by monitoring network traffic
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04BTRANSMISSION
    • H04B17/00Monitoring; Testing
    • H04B17/20Monitoring; Testing of receivers
    • H04B17/26Monitoring; Testing of receivers using historical data, averaging values or statistics
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/14Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
    • H04L63/1408Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic by monitoring network traffic
    • H04L63/1416Event detection, e.g. attack signature detection
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/14Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
    • H04L63/1441Countermeasures against malicious traffic
    • H04L63/1466Active attacks involving interception, injection, modification, spoofing of data unit addresses, e.g. hijacking, packet injection or TCP sequence number attacks
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W12/00Security arrangements; Authentication; Protecting privacy or anonymity
    • H04W12/12Detection or prevention of fraud
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W12/00Security arrangements; Authentication; Protecting privacy or anonymity
    • H04W12/12Detection or prevention of fraud
    • H04W12/121Wireless intrusion detection systems [WIDS]; Wireless intrusion prevention systems [WIPS]
    • H04W12/122Counter-measures against attacks; Protection against rogue devices
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W12/00Security arrangements; Authentication; Protecting privacy or anonymity
    • H04W12/60Context-dependent security
    • H04W12/69Identity-dependent
    • H04W12/79Radio fingerprint
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W24/00Supervisory, monitoring or testing arrangements
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W80/00Wireless network protocols or protocol adaptations to wireless operation
    • H04W80/04Network layer protocols, e.g. mobile IP [Internet Protocol]
    • YGENERAL TAGGING OF NEW TECHNOLOGICAL DEVELOPMENTS; GENERAL TAGGING OF CROSS-SECTIONAL TECHNOLOGIES SPANNING OVER SEVERAL SECTIONS OF THE IPC; TECHNICAL SUBJECTS COVERED BY FORMER USPC CROSS-REFERENCE ART COLLECTIONS [XRACs] AND DIGESTS
    • Y02TECHNOLOGIES OR APPLICATIONS FOR MITIGATION OR ADAPTATION AGAINST CLIMATE CHANGE
    • Y02DCLIMATE CHANGE MITIGATION TECHNOLOGIES IN INFORMATION AND COMMUNICATION TECHNOLOGIES [ICT], I.E. INFORMATION AND COMMUNICATION TECHNOLOGIES AIMING AT THE REDUCTION OF THEIR OWN ENERGY USE
    • Y02D30/00Reducing energy consumption in communication networks
    • Y02D30/70Reducing energy consumption in communication networks in wireless communication networks

Abstract

A method and system (fig. 2) for facilitating detection of intruders into a wireless network, through the use of physical layer anomalies. One or more monitoring stations (22, 24, 26) can be distributed across the potential intruder's signal transmission region. They process these transmissions and extract attributes of the signals, which can then transmit to one or more fusion stations (28), which correlate the calculated attributes with stored attributes of signals of known, authorized users of the network, and transmit alert messages in the case that these signal attributes do not match those of known, authorized users. Signal attributes in accordance with the instant invention include the carrier frequency, spurious emissions, and power-on and power-down transients. Also in accordance with the instant invention are methods and systems using both direct and multipath received signal strength, signal-to-noise ratio, and geometric characteristics such as direction/angle of arrival (AOA), time of arrival, position/range, time dispersion, Doppler shift and polarization.
PCT/US2003/011107 2002-04-11 2003-04-11 Intrusion detection system for wireless networks WO2003088532A1 (en)

Priority Applications (2)

Application Number Priority Date Filing Date Title
US10/477,026 US7366148B2 (en) 2002-04-11 2003-04-11 Intrusion detection system for wireless networks
AU2003223551A AU2003223551A1 (en) 2002-04-11 2003-04-11 Intrusion detection system for wireless networks

Applications Claiming Priority (2)

Application Number Priority Date Filing Date Title
US37193802P 2002-04-11 2002-04-11
US60/371,938 2002-04-11

Publications (2)

Publication Number Publication Date
WO2003088532A1 WO2003088532A1 (en) 2003-10-23
WO2003088532A8 true WO2003088532A8 (en) 2004-04-29

Family

ID=29250759

Family Applications (1)

Application Number Title Priority Date Filing Date
PCT/US2003/011107 WO2003088532A1 (en) 2002-04-11 2003-04-11 Intrusion detection system for wireless networks

Country Status (3)

Country Link
US (1) US7366148B2 (en)
AU (1) AU2003223551A1 (en)
WO (1) WO2003088532A1 (en)

Families Citing this family (35)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US7058796B2 (en) * 2002-05-20 2006-06-06 Airdefense, Inc. Method and system for actively defending a wireless LAN against attacks
US7277404B2 (en) * 2002-05-20 2007-10-02 Airdefense, Inc. System and method for sensing wireless LAN activity
US20040203764A1 (en) * 2002-06-03 2004-10-14 Scott Hrastar Methods and systems for identifying nodes and mapping their locations
US7086089B2 (en) * 2002-05-20 2006-08-01 Airdefense, Inc. Systems and methods for network security
US7042852B2 (en) * 2002-05-20 2006-05-09 Airdefense, Inc. System and method for wireless LAN dynamic channel change with honeypot trap
US7532895B2 (en) * 2002-05-20 2009-05-12 Air Defense, Inc. Systems and methods for adaptive location tracking
KR100456634B1 (en) * 2002-10-31 2004-11-10 한국전자통신연구원 Alert transmission apparatus and method for policy-based intrusion detection & response
US7355996B2 (en) * 2004-02-06 2008-04-08 Airdefense, Inc. Systems and methods for adaptive monitoring with bandwidth constraints
US7409715B2 (en) * 2003-12-10 2008-08-05 Alcatel Lucent Mechanism for detection of attacks based on impersonation in a wireless network
US8196199B2 (en) 2004-10-19 2012-06-05 Airdefense, Inc. Personal wireless monitoring agent
US8249028B2 (en) * 2005-07-22 2012-08-21 Sri International Method and apparatus for identifying wireless transmitters
US7724717B2 (en) * 2005-07-22 2010-05-25 Sri International Method and apparatus for wireless network security
US7715800B2 (en) 2006-01-13 2010-05-11 Airdefense, Inc. Systems and methods for wireless intrusion detection using spectral analysis
US7971251B2 (en) 2006-03-17 2011-06-28 Airdefense, Inc. Systems and methods for wireless security using distributed collaboration of wireless clients
EP1858221A1 (en) * 2006-05-15 2007-11-21 Abb Research Ltd. Firewall and intrusion detection system
US7970013B2 (en) 2006-06-16 2011-06-28 Airdefense, Inc. Systems and methods for wireless network content filtering
US8281392B2 (en) 2006-08-11 2012-10-02 Airdefense, Inc. Methods and systems for wired equivalent privacy and Wi-Fi protected access protection
US8069483B1 (en) 2006-10-19 2011-11-29 The United States States of America as represented by the Director of the National Security Agency Device for and method of wireless intrusion detection
US9137663B2 (en) * 2006-11-02 2015-09-15 Cisco Technology, Inc. Radio frequency firewall coordination
US20080295171A1 (en) * 2007-05-23 2008-11-27 Honeywell International Inc. Intrusion Detection System For Wireless Networks
US7966660B2 (en) * 2007-05-23 2011-06-21 Honeywell International Inc. Apparatus and method for deploying a wireless network intrusion detection system to resource-constrained devices
US9042359B1 (en) * 2007-09-24 2015-05-26 Rockwell Collins, Inc. Cognitive spectrum violation detection
WO2010006035A2 (en) * 2008-07-08 2010-01-14 Interdigital Patent Holdings, Inc. Support of physical layer security in wireless local area networks
US8694624B2 (en) * 2009-05-19 2014-04-08 Symbol Technologies, Inc. Systems and methods for concurrent wireless local area network access and sensing
US10135849B2 (en) * 2012-03-16 2018-11-20 Purdue Research Foundation Securing medical devices through wireless monitoring and anomaly detection
US9166732B2 (en) * 2012-04-19 2015-10-20 At&T Mobility Ii Llc Facilitation of security employing a femto cell access point
US10111094B2 (en) 2014-09-25 2018-10-23 United States Of America, As Represented By The Secretary Of The Air Force Wireless intrusion detection and device fingerprinting through preamble manipulation
US10419458B2 (en) 2016-01-21 2019-09-17 Cyiot Ltd Distributed techniques for detecting atypical or malicious wireless communications activity
WO2018206965A1 (en) * 2017-05-12 2018-11-15 Sophos Limited Detecting iot security attacks using physical communication layer characteristics
US10432647B2 (en) 2017-06-27 2019-10-01 Honeywell International Inc. Malicious industrial internet of things node activity detection for connected plants
US11128648B2 (en) 2018-01-02 2021-09-21 Maryam AMIRMAZLAGHANI Generalized likelihood ratio test (GLRT) based network intrusion detection system in wavelet domain
JP7014041B2 (en) * 2018-05-11 2022-02-01 株式会社デンソー Radar device
US11368848B2 (en) * 2019-02-18 2022-06-21 Cisco Technology, Inc. Sensor fusion for trustworthy device identification and monitoring
WO2022012429A1 (en) * 2020-07-13 2022-01-20 华为技术有限公司 Method for implementing terminal verification, apparatus, system, device, and storage medium
US20210325508A1 (en) * 2021-06-24 2021-10-21 Intel Corporation Signal-to-Noise Ratio Range Consistency Check for Radar Ghost Target Detection

Family Cites Families (27)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US5027383A (en) * 1987-06-12 1991-06-25 Versus Technology, Inc. Supervised, interactive alarm reporting system
US5475625A (en) * 1991-01-16 1995-12-12 Siemens Nixdorf Informationssysteme Aktiengesellschaft Method and arrangement for monitoring computer manipulations
US5682142A (en) * 1994-07-29 1997-10-28 Id Systems Inc. Electronic control system/network
US6130894A (en) * 1998-03-09 2000-10-10 Broadcom Homenetworking, Inc. Off-line broadband network interface
US6279113B1 (en) * 1998-03-16 2001-08-21 Internet Tools, Inc. Dynamic signature inspection-based network intrusion detection
US6408391B1 (en) * 1998-05-06 2002-06-18 Prc Inc. Dynamic system defense for information warfare
US6304973B1 (en) * 1998-08-06 2001-10-16 Cryptek Secure Communications, Llc Multi-level security network system
US6289462B1 (en) * 1998-09-28 2001-09-11 Argus Systems Group, Inc. Trusted compartmentalized computer operating system
US6813485B2 (en) * 1998-10-21 2004-11-02 Parkervision, Inc. Method and system for down-converting and up-converting an electromagnetic signal, and transforms for same
US6578147B1 (en) * 1999-01-15 2003-06-10 Cisco Technology, Inc. Parallel intrusion detection sensors with load balancing for high speed networks
US6420973B2 (en) * 1999-01-23 2002-07-16 James Acevedo Wireless smoke detection system
US6253064B1 (en) * 1999-02-25 2001-06-26 David A. Monroe Terminal based traffic management and security surveillance system for aircraft and other commercial vehicles
US6629151B1 (en) * 1999-03-18 2003-09-30 Microsoft Corporation Method and system for querying the dynamic aspects of wireless connection
US6609205B1 (en) * 1999-03-18 2003-08-19 Cisco Technology, Inc. Network intrusion detection signature analysis using decision graphs
US7054296B1 (en) * 1999-08-04 2006-05-30 Parkervision, Inc. Wireless local area network (WLAN) technology and applications including techniques of universal frequency translation
US6388612B1 (en) * 2000-03-26 2002-05-14 Timothy J Neher Global cellular position tracking device
IL152502A0 (en) * 2000-04-28 2003-05-29 Internet Security Systems Inc Method and system for managing computer security information
US6424673B1 (en) * 2000-11-10 2002-07-23 Motorola, Inc. Method and apparatus in a wireless communication system for facilitating detection of, and synchronization with, a predetermined synchronization signal
US20030149891A1 (en) * 2002-02-01 2003-08-07 Thomsen Brant D. Method and device for providing network security by causing collisions
US7711809B2 (en) * 2002-04-04 2010-05-04 Airmagnet, Inc. Detecting an unauthorized station in a wireless local area network
US6714605B2 (en) * 2002-04-22 2004-03-30 Cognio, Inc. System and method for real-time spectrum analysis in a communication device
US7254191B2 (en) * 2002-04-22 2007-08-07 Cognio, Inc. System and method for real-time spectrum analysis in a radio device
US7424268B2 (en) * 2002-04-22 2008-09-09 Cisco Technology, Inc. System and method for management of a shared frequency band
US7042852B2 (en) * 2002-05-20 2006-05-09 Airdefense, Inc. System and method for wireless LAN dynamic channel change with honeypot trap
US7058796B2 (en) * 2002-05-20 2006-06-06 Airdefense, Inc. Method and system for actively defending a wireless LAN against attacks
US7171161B2 (en) * 2002-07-30 2007-01-30 Cognio, Inc. System and method for classifying signals using timing templates, power templates and other techniques
US7224678B2 (en) * 2002-08-12 2007-05-29 Harris Corporation Wireless local or metropolitan area network with intrusion detection features and related methods

Also Published As

Publication number Publication date
US7366148B2 (en) 2008-04-29
US20040162995A1 (en) 2004-08-19
AU2003223551A1 (en) 2003-10-27
WO2003088532A1 (en) 2003-10-23

Similar Documents

Publication Publication Date Title
WO2003088532A8 (en) Intrusion detection system for wireless networks
AU5820700A (en) Synchronization and detection of modulation type
US5982808A (en) System and method for communicating with plural remote transmitter
EP1579722B1 (en) Monitoring changeable locations of client devices in wireless networks
WO2001037511A3 (en) Method and system for remotely configuring and monitoring a communication device
WO2002076113A3 (en) Beacon infrastructure
TW200635397A (en) Joint packet detection in a wireless communication system with one or more receiver
CA2508076A1 (en) Spatial boundary admission control for wireless networks
WO2000023956A9 (en) Method and system for providing location dependent and personal identification information to a public safety answering point
US7633391B2 (en) Robust tactical unattended ground sensor networking
EP1355164A1 (en) System and method for locating a mobile terminal, particularly for rescuing a person in distress, and device for awaking a corresponding mobile terminal
MY160804A (en) Robust equalizer lock detection in digital communication systems
US20140300467A1 (en) System for Locating Tagged Objects
EP0820205A3 (en) Detection and prevention of channel grabbing in a wireless communications system
EP1086446B1 (en) A system and method for communicating with plural remote transmitters
EP0802657A3 (en) Receiver for mobile communications systems with equalisation and differential detection
EP0788248A3 (en) System for selectively transmitting messages to passers-by
US6130914A (en) Communications system
WO2000060791A3 (en) Collision handling scheme for discrete multi-tone data communications network
CN202759454U (en) Meteorological-disaster rapid early-warning information broadcast system
JP2002517844A (en) A system and method for locating a plurality of remote transmitters on earth using communication with the plurality of remote transmitters and / or a time-independent matched filter.
CN210798572U (en) Electronic handcuffs and law enforcement recorder or police service communication linkage system
US7898408B2 (en) Voice-aided unattended surveillance sensor deployment system and associated methods
CN103368675A (en) Meteorological disaster rapid early-warning information broadcast system
Tsafack et al. Wake-Up RF Communication Node Design and Use for Communal Living and Emergency Alert in Remote Areas of Developing Countries

Legal Events

Date Code Title Description
AK Designated states

Kind code of ref document: A1

Designated state(s): AE AG AL AM AT AU AZ BA BB BG BR BY BZ CA CH CN CO CR CU CZ DE DK DM DZ EC EE ES FI GB GD GE GH GM HR HU ID IL IN IS JP KE KG KP KR KZ LC LK LR LS LT LU LV MA MD MG MK MN MW MX MZ NI NO NZ OM PH PL PT RO RU SC SD SE SG SK SL TJ TM TN TR TT TZ UA UG US UZ VC VN YU ZA ZM ZW

AL Designated countries for regional patents

Kind code of ref document: A1

Designated state(s): GH GM KE LS MW MZ SD SL SZ TZ UG ZM ZW AM AZ BY KG KZ MD RU TJ TM AT BE BG CH CY CZ DE DK EE ES FI FR GB GR HU IE IT LU MC NL PT RO SE SI SK TR BF BJ CF CG CI CM GA GN GQ GW ML MR NE SN TD TG

121 Ep: the epo has been informed by wipo that ep was designated in this application
DFPE Request for preliminary examination filed prior to expiration of 19th month from priority date (pct application filed before 20040101)
WWE Wipo information: entry into national phase

Ref document number: 10477026

Country of ref document: US

WR Later publication of a revised version of an international search report
122 Ep: pct application non-entry in european phase
NENP Non-entry into the national phase

Ref country code: JP

WWW Wipo information: withdrawn in national office

Country of ref document: JP