Method and system for actively defending a wireless LAN against attacks
원문보기
IPC분류정보
국가/구분
United States(US) Patent
등록
국제특허분류(IPC7판)
G06F-015/18
G06F-017/00
H04L-009/00
H04K-001/00
출원번호
UP-0370611
(2006-03-08)
등록번호
US-7526808
(2009-07-01)
발명자
/ 주소
Lynn, Michael T.
Hrastar, Scott
출원인 / 주소
AirDefense, Inc.
대리인 / 주소
Clements Bernard PLLC
인용정보
피인용 횟수 :
6인용 특허 :
83
초록▼
A wireless network security system including a system data store capable of storing network default and configuration data, a wireless transmitter and a system processor. The system processor performs a network security method. An active defense request signal is received, typically from an intrusio
A wireless network security system including a system data store capable of storing network default and configuration data, a wireless transmitter and a system processor. The system processor performs a network security method. An active defense request signal is received, typically from an intrusion detection system. The received request signal includes an indicator of an access point within the wireless computer network that is potentially compromised. In response to the received an active defense of the wireless network is triggered. The triggered active defense may be on or more of transmitting a jamming signal, transmitting a signal to introduce CRC errors, transmitting a signal to increase the difficulty associated with breaking the network encryption (typically by including in the signal packet appearing legitimate but containing randomized payloads, or transmitting a channel change request to the potentially compromised access point.
대표청구항▼
What is claimed is: 1. A network security system, the system comprising: a system data store configured to store risk criteria data, network default data, and network performance and usage data; a first communication interface comprising a receiver that receives inbound communications from a commun
What is claimed is: 1. A network security system, the system comprising: a system data store configured to store risk criteria data, network default data, and network performance and usage data; a first communication interface comprising a receiver that receives inbound communications from a communication channel associated with the communication interface; a system processor comprising one or more processing elements, wherein the system processor is in communication with the system data store and wherein the system processor is programmed or adapted to perform the steps comprising: receiving data corresponding to a frame transmitted over a wireless computer network and the signal used to transmit the frame via the communication interface; detecting a violation by applying a plurality of intrusion detection tests that each compare the received data with data in the system data store or information derived therefrom; generating an alarm signal upon detecting a violation. 2. The system of claim 1, wherein the system data store comprises a statistics data store that stores historical data regarding the wireless computer network. 3. The system of claim 2, wherein the system processor applies a statistical anomaly test during violation detection that compares the received data with network default data in the system data store, information derived therefrom, data in the statistics data store, information derived therefrom, or risk criteria data stored in the system data store. 4. The system of claim 2, wherein the system processor is further programmed or adapted to perform the step comprising updating the statistics data store based upon the received data. 5. The system of claim 1, wherein the first communication interface's receiver receives signals corresponding to a frame transmitted between stations and access points within the wireless computer network and forwards data corresponding to the frame to the system processor. 6. The system of claim 5, wherein the first communication interface's receiver is a wireless receiver. 7. The system of claim 5, wherein the signals received by the first communication interface's receiver originate from an access point within the wireless computer network, from a station within the wireless computer network, or from one or more sensors located within an area serviced by the wireless computer network. 8. The system of claim 7, further comprising one or more sensors located within an area serviced by the wireless network, wherein each of the one or more sensors comprise a wireless receiver capable of receiving frames transmitted over the wireless computer network and a transmitter capable of transmitting data associated with received frames over the communication channel to the first communication interface. 9. The system of claim 8, wherein each sensor further comprise at least one processing element of the system processor and wherein the at least one processing element is programmed or adapted to cause the sensor's transmitter to forward data associated with received frames in response to reception of received frames by the sensor's wireless receiver. 10. The system of claim 9, wherein each sensor's transmitter is a wireless transmitter or wherein each sensor further comprises a wireless transmitter, and wherein each sensor's at least one processor is further programmed or adapted to perform the step comprising triggering an active defense of the wireless computer network in response to a generated alarm. 11. The system of claim 5, wherein the first communication interface further comprises a transmitter that transmits outbound communications to the communication channel. 12. The system of claim 11, further comprising a device housing that houses the first communication interface and at least one processing element of the system processor, thereby forming a first device, and one or more additional devices, wherein each additional device comprises a housing, a device communication interface allowing communication via the communication channel and at least one processing element of the system processor, wherein the signals received by any of the first or the additional devices' respective communication interface originate from an access point within the wireless computer network, from a station within the wireless computer network, or from a different device. 13. The system of claim 12, further comprising one or more sensors located within an area serviced by the wireless network, wherein each of the one or more sensors comprise a wireless receiver capable of receiving frames transmitted over the wireless computer network and a transmitter capable of transmitting data associated with received frames over the communication channel to the first communication interface, wherein the signals received by any of the first or the additional devices' respective communication interface may also originate from one of the one or more sensors. 14. The system of claim 1, wherein the first communication interface further comprises a transmitter that transmits outbound communications to the communication channel and wherein the system processor is programmed or adapted to perform the steps comprising triggering an active defense of the wireless computer network in response to a generated alarm. 15. The system of claim 14, wherein each generated alarm comprises a type or a severity and wherein the system processor's triggering of an active defense comprises the step of selecting an active defense based upon the type or the severity of the generated alarm to which the triggering step was responsive. 16. The system of claim 1, wherein the system processor is further programmed or adapted to perform the steps comprising: receiving configuration information; and storing the received configuration information in the system data store. 17. The system of claim 16, wherein the configuration information is received by the system processor from a configuration file, from an interactive data entry interface or from a command line. 18. The system of claim 16, wherein the received configuration information comprises network default data and risk criteria. 19. The system of claim 1, wherein the system data store comprises a station data store and wherein the system processor is further programmed or adapted to perform the step comprising updating the station data store based upon the received data. 20. The system of claim 1, wherein the system data store comprises an access point data store and wherein the system processor is further programmed or adapted to perform the step comprising updating the access point data store based upon the received data. 21. The system of claim 1, wherein the system processor is further programmed or adapted to perform the step comprising notifying an administrator of the generated alarm if a violation was detected. 22. The system of claim 1, wherein the plurality of test applied by the system processor comprises two or more tests selected from the group consisting of signature test, protocol test, statistical anomaly test and policy test. 23. The system of claim 1, wherein the system processor is further programmed or adapted to perform the step comprising mapping a station's logical identity. 24. The system of claim 23, wherein the system processor is further programmed or adapted to perform the step comprising mapping station's physical location. 25. A method for detecting wireless intruders, the wireless intruders having the potential to compromise a wired network, the method comprising: establishing risk criteria data, network default data and network performance and usage data based upon one or more of: a system administrator, a wireless network survey, or baseline wireless traffic levels; receiving data corresponding to a frame transmitted over a wireless computer network and the signal used to transmit the frame via the communication interface; detecting a policy violation by applying a plurality of intrusion detection tests, the intrusion detection tests being configured to compare the received data with one or more of the risk criteria data, the network default data, the network performance and usage data, or information derived therefrom; and generating an alarm signal upon detecting a violation, the alarm signal indicating that a potential intruder has been detected, the alarm signal being operable to alert an active defense system to defend the network against the potential intruder. 26. One or more computer readable media storing instructions configured to detect a wireless intruder, the instructions comprising: policy establishment instructions configured to establish a policy based upon risk criteria data, network default data, and network performance and usage data, wherein the risk criteria data, network default data, and network performance and usage data being based upon one or more of: input from a system administrator, a wireless network survey, or baseline wireless traffic levels; network interface logic configured to receive data corresponding to a frame transmitted over a wireless computer network and the signal used to transmit the frame via the communication interface; policy violation detection instructions configured to detect a policy violation by applying a plurality of intrusion detection tests, the intrusion detection tests being configured to compare the received data with one or more of the risk criteria data, the network default data, the network performance and usage data, or information derived therefrom; and alarm instructions configured to generate an alarm signal responsive to the policy violation detection instructions, the alarm signal indicating that a potential intruder has been detected, the alarm signal being operable to alert an active defense system to defend the network against the potential intruder.
연구과제 타임라인
LOADING...
LOADING...
LOADING...
LOADING...
LOADING...
이 특허에 인용된 특허 (83)
Davies, Stephen W., Alarm server systems, apparatus, and processes.
Boyle John M. (Cranford NJ) Maiwald Eric S. (Southfields NY) Snow David W. (Convent Station NJ), Apparatus and method for providing multi-level security for communication among computers and terminals on a network.
Brownlie Michael,CAX ; Hillier Stephen,CAX ; Van Oorschot Paul C.,CAX, Computer network security system and method having unilateral enforceable security policy provision.
Dynarski Richard J. ; Xu Yingchun ; Bezaitis Andrew ; Cichosz Wayne A., Dynamic allocation of wireless mobile nodes over an internet protocol (IP) network.
Hilton Hong ; Juan Grau ; Arthur Coleman ; Rick R. Giles, Frequency hopping medium access control protocol for a communication system having distributed synchronization.
Bravman Richard (Smithtown NY) Wang Ynjiun P. (Meyers FL) Toedt ; III D. C. (Houston TX), Inventory management system using coded re-order information.
Kane Kevin J. ; Kolb Garrett K. ; May Nora ; Myer Daniel E. ; Rutherford Jay B. ; Shive Denise B. ; Weedon Eleanor P., Method and apparatus for automating security functions in a computer system.
Cafarelli, Dominick Anthony; Anderson, James Peter, Method and apparatus for capture, analysis and display of packet information sent in an IEEE 802.11 wireless network.
Vesuna Sarosh N., Method and apparatus for determining alternative second stationary access point in response to detecting impeded wireless connection.
Gleichauf Robert E. ; Randall William A. ; Teal Daniel M. ; Waddell Scott V. ; Ziese Kevin J., Method and system for adaptive network security using network vulnerability assessment.
Zavidniak,Paul M., Methodology for the detection of intrusion into radio frequency (RF) based networks including tactical data links and the tactical internet.
Eric David O'Brien ; James Robert Tryon, Jr., Modular framework for configuring action sets for use in dynamically processing network events in a distributed computing environment.
Gleichauf Robert ; Shanklin Steven, System and method for real-time insertion of data into a multi-dimensional database for network intrusion detection and vulnerability assessment.
O\Sullivan John D. (Ermington AUX) Daniels Graham R. (Willoughby AUX) Percival Terence M. P. (Lane Cove AUX) Ostry Diethelm I. (Petersham AUX) Deane John F. (Eastwood AUX), Wireless LAN.
Nakagawa Yoshikatsu,JPX ; Suzuki Masamitsu,JPX ; Takahashi Satoshi,JPX ; Kokaji Harumi,JPX, Wireless computer network communication system and method having at least two groups of wireless terminals.
Masamitsu Suzuki JP; Harumi Kokaji JP; Satoshi Takahashi JP; Yoshikatsu Nakagawa JP, Wireless computer network communication system and method which determines an available spreading code.
Agre Jonathan R. ; Clare Loren P. ; Marcy ; 5th Henry O. ; Twarowski Allen J. ; Kaiser William ; Mickelson Wilmer A. ; Yakos Michael D. ; Loeffelholz Christian J. ; Engdahl Jonathan R., Wireless integrated sensor network using multiple relayed communications.
Patil, Jeevan; Stieglitz, Jeremy E.; Acharya, Shripati; Foo, Ian, Techniques for providing security protection in wireless networks by switching modes.
※ AI-Helper는 부적절한 답변을 할 수 있습니다.