WO2016159396A1 - Wips sensor and method for blocking terminal using same - Google Patents

Wips sensor and method for blocking terminal using same Download PDF

Info

Publication number
WO2016159396A1
WO2016159396A1 PCT/KR2015/003068 KR2015003068W WO2016159396A1 WO 2016159396 A1 WO2016159396 A1 WO 2016159396A1 KR 2015003068 W KR2015003068 W KR 2015003068W WO 2016159396 A1 WO2016159396 A1 WO 2016159396A1
Authority
WO
WIPO (PCT)
Prior art keywords
wireless communication
wips
communication terminal
mac address
sensor
Prior art date
Application number
PCT/KR2015/003068
Other languages
French (fr)
Korean (ko)
Inventor
이상준
함성윤
손민기
Original Assignee
주식회사 유넷시스템
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by 주식회사 유넷시스템 filed Critical 주식회사 유넷시스템
Priority to PCT/KR2015/003068 priority Critical patent/WO2016159396A1/en
Priority to JP2018500247A priority patent/JP2018511282A/en
Priority to CN201580078218.1A priority patent/CN107431971A/en
Publication of WO2016159396A1 publication Critical patent/WO2016159396A1/en

Links

Images

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W12/00Security arrangements; Authentication; Protecting privacy or anonymity
    • H04W12/12Detection or prevention of fraud
    • H04W12/121Wireless intrusion detection systems [WIDS]; Wireless intrusion prevention systems [WIPS]
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W48/00Access restriction; Network selection; Access point selection
    • H04W48/02Access restriction performed under specific conditions

Definitions

  • the present invention relates to a WIPS sensor and a terminal blocking method using the same, and more particularly, to a WIPS sensor and a terminal blocking method using the same, which can block a security policy violation access terminal in wireless communication in an 802.11w environment.
  • the WIPS sensor in the wireless network security system collects unique information (MAC address, product name, manufacturer, serial number, hardware information, etc.) of the plurality of wireless devices constituting the wireless network, and uses WIPS (Wireless Intrusion Prevention System). In addition to transmitting to the server, it monitors the intrusion, attack and abnormality of the wireless network where the wireless equipment is located, reports the details to the WIPS server, and receives the control signal for response from the WIPS server to receive the wireless network. It serves to propagate to, and the related art related to this, Republic of Korea Patent Publication No. 10-2013-0019892 (published on Feb. 27, 2013), Republic of Korea Patent Publication No. 10-1186876 (2012.10. 02. announcement).
  • WIPS Wireless Intrusion Prevention System
  • the blocking of the security policy violation terminal of the conventional WIPS sensor as shown in Figure 1, according to the control signal of the WPIS server deauthentication (deauthentication) to the AP connected to the blocking target terminal T in the WIPS sensor (S) or The AP blocks the access to the corresponding UE by transmitting a deassociation packet.
  • 802.11w a new standard of the wireless network environment, a technology for protecting communication packets through specific key sharing is added in an interworking process between an AP and a terminal for improving security of a management frame.
  • the existing WIPS sensor did not know the shared key of the AP and the terminal to which 802.11w was applied, and thus it was impossible to block the terminal (T) through the authentication release or the transmission of the de-linked packet. Necessity is emerging.
  • the present invention was made to solve the above problems, and an object of the present invention is to provide a technology capable of implementing network access blocking for a terminal in violation of a security policy even in an 802.11w environment.
  • a wireless intrusion prevention system (WIPS) sensor for monitoring the traffic of a wireless communication terminal connected to an access point (AP), the connection is blocked from a WIPS server to a specific wireless communication terminal connected to the AP
  • the WIPS sensor may be achieved by the WIPS sensor to request a new connection to the AP by changing the MAC address of the specific wireless communication terminal to its own MAC address.
  • the WIPS sensor may include: a monitoring unit configured to collect traffic between a wireless communication terminal connected to the AP and BSSID (Basic Service Set Identifierd) and MAC address information of the AP and the wireless communication terminal; An information storage unit for storing BSSID and MAC address information of the AP and the wireless communication terminal collected by the monitoring unit; A communication unit which communicates with a WIPS server and receives an access blocking control signal for a specific wireless communication terminal from the WIPS server; A MAC address conversion unit for allocating the access blocking control signal to its own MAC address by referring to the MAC address of a specific wireless communication terminal stored in the information storage unit; And an AP access unit requesting a new connection to a corresponding AP accessing a specific wireless communication terminal using the MAC address converted by the MAC address conversion unit. It includes.
  • BSSID Basic Service Set Identifierd
  • the WIPS sensor monitors the traffic of the wireless communication terminal connected to the AP (Access Point), and the BSSID (Basic Service Set Identifierd) and MAC address information of the AP and the wireless communication terminal A first step of collecting; A second step of receiving, by the WIPS sensor, an access blocking control signal of a specific wireless communication terminal transmitted from a WIPS server; A third step of the WIPS sensor extracting the MAC address of the specific wireless communication terminal from the information collected in the first step and assigning the MAC address to its own MAC address; And a fourth step of requesting a new connection from the WIPS sensor to the AP connected to the specific wireless communication terminal. It may also be achieved by a terminal blocking method using a WIPS sensor comprising a.
  • a fifth step of deeming that the AP requesting a new connection requests the new connection from the specific wireless communication terminal; And a sixth step in which the AP is interconnected by allocating a new key to the WIPS sensor. It may further include.
  • the reliability of security is increased by implementing network access blocking for a terminal that violates a security policy even in an 802.11w environment.
  • the WIPS sensor can be recycled by implementing terminal blocking in an 802.11w environment through software update or firmware update without structural change of the WIPS sensor.
  • 1 is a schematic diagram showing that the WIPS sensor according to the prior art block the terminal on the network
  • FIG. 2 is a block diagram illustrating a configuration of a WIPS sensor according to the present invention and a schematic diagram showing that the WIPS sensor blocks a terminal on a network.
  • FIG. 3 is a flowchart illustrating a flow of a terminal blocking method using a WIPS sensor according to the present invention.
  • FIG. 2 is a block diagram illustrating a configuration of a WIPS sensor according to the present invention and a schematic diagram showing that the WIPS sensor blocks a terminal on a network.
  • the WIPS sensor 100 includes a monitoring unit 10, an information storage unit 20, a communication unit 30, a MAC address conversion unit 40, and an AP connection unit 50. do.
  • the monitoring unit 10 monitors the communication traffic of the wireless communication terminal T connected to the AP, and at the same time, the BSSID (Basic Service Set Identifier) and the MAC address of the AP and the wireless communication terminal (T) through traffic monitoring. Collect information.
  • BSSID Basic Service Set Identifier
  • the collected BSSID and MAC address which are unique information of the AP and the wireless communication terminal T, are used to block a specific wireless communication terminal to be described later.
  • the information storage unit 20 stores BSSID and MAC address information of the AP and the wireless communication terminal T collected by the monitoring unit 10, and the information stored in the information storage unit 20 controls access blocking. When a signal is received, it is referred to and used by the MAC address conversion unit 40 to be described later.
  • the communication unit 30 implements mutual communication between the WIPS sensor 100 and the WIPS server 200, and various report signals of the WIPS sensor 100 are transmitted to the WIPS server 200 by the communication unit 30.
  • Various control signals of the WIPS server 200 are received by the WIPS sensor 100.
  • the WIPS sensor 100 receives the access blocking control signal for blocking the security policy violation terminal analyzed by the WIPS server 200.
  • the MAC address conversion unit 40 is configured to change the MAC address of the WIPS sensor 100 in a specific situation. Specifically, the communication unit 30 is blocked from accessing a specific wireless communication terminal T. It is activated when a control signal is received.
  • the MAC address conversion unit 40 when the MAC address conversion unit 40 receives an access blocking control signal for a specific wireless communication terminal T through the communication unit 30, the MAC address conversion unit 40 refers to the BSSID and the MAC address list stored in the information storage unit 20.
  • the BSSID and the MAC address of the specific wireless communication terminal T are extracted, and the MAC address of the extracted specific wireless communication terminal T is changed to the MAC address of the WIPS sensor 100.
  • the MAC address of the WIPS sensor 100 is set to be the same as the MAC address of the specific wireless communication terminal T to be blocked.
  • the AP access unit 50 serves to request a new connection to the AP that is accessing the specific wireless communication terminal T through the MAC address of the WIPS sensor 100 converted by the MAC address conversion unit 40.
  • the AP regards the specific wireless communication terminal T that is being connected to request a new connection and sends a new shared key to the WIPS sensor 100. Assigns and forms a security association (SA) between the AP and the WIPS sensor 100, and in this process, the connection between the AP and the AP that is being connected is blocked (the SA of the specific wireless communication terminal and the AP is disconnected). )
  • SA security association
  • the WIPS sensor 100 when the WIPS sensor 100 according to the present invention receives the access blocking control signal for the specific wireless communication terminal T connected to the AP from the WIPS server 200, the MAC address of the specific wireless communication terminal T is received. Is a new connection request to the AP by changing its MAC address, and the AP processes a new connection request (In AP, a specific wireless communication terminal is regarded as requesting a new connection, but the new connection request is actually an AP and a WIPS sensor. By blocking the connection with a specific wireless communication terminal (T) in a natural manner can be implemented to block the specific wireless communication terminal (T) in violation of the security policy.
  • FIG. 3 is a flowchart illustrating a flow of a terminal blocking method using a WIPS sensor according to the present invention.
  • the terminal blocking method using the WIPS sensor according to the present invention information collection step (first step, S10), access block control signal receiving step (second step, S20), MAC address assignment step (the first Step 3, S30), the new connection request step (fourth step, S40), the new connection request receiving step (fifth step, S50) and the new connection and the terminal blocking step (five steps, S50).
  • the WIPS sensor monitors traffic of a wireless communication terminal connected to an access point (AP), and collects BSSID (Basic Service Set Identifierd) and MAC address information of the AP and the wireless communication terminal. This step monitors the WIPS sensor.
  • the collected BSSID and MAC address information is stored in the information storage unit of the WIPS sensor.
  • Step 2 Receiving connection blocking control signal (S20)
  • the WIPS sensor receives the access blocking control signal of a specific wireless communication terminal (security policy violation terminal selected by the analysis of the WiPS server) transmitted from the WIPS server, and the access blocking control signal is transmitted from the WIPS server. It is received through the communication unit.
  • a specific wireless communication terminal security policy violation terminal selected by the analysis of the WiPS server
  • Step 3 assigning the MAC address (S30)
  • the WIPS sensor extracts the MAC address of the specific wireless communication terminal from the information collected in the first step (extracted from the information storage unit of the WIPS sensor) and assigns it to its MAC address. It is done in the converter. That is, the MAC address of the WIPS sensor is set to be the same as the MAC address of the specific wireless communication terminal through this step.
  • Step 4 New connection request step (S40)
  • the WIPS sensor requests a new connection to the AP connected to the specific wireless communication terminal. This step is performed at the AP connection part of the WIPS sensor.
  • Step 5 receiving a new connection request step (S50)
  • the AP requesting a new connection is regarded as requesting a new connection from the specific wireless communication terminal.
  • the AP determines that a new connection is requested from the specific wireless communication terminal. It is not a specific wireless communication terminal, but a WIPS sensor).
  • Step 6 New connection and terminal blocking step (S60)
  • the AP Upon request for a new connection, the AP establishes a connection with the WIPS sensor. At this stage, the AP generates and shares a new key with the newly connected WIPS sensor according to the 802.11w environment, and the SA (Security Association) between the WIPS sensor and the AP is formed and connected, and at the same time, with the specific wireless communication terminal that is already connected. The SA is disconnected, thereby disconnecting the network of a specific wireless communication terminal.
  • SA Security Association
  • the WIPS sensor and the terminal blocking method using the same As described above, the WIPS sensor and the terminal blocking method using the same according to the present invention, the reliability of the security is increased by implementing the network access blocking for the terminal in violation of the security policy even in 802.11w environment.
  • the WIPS sensor can be recycled by implementing terminal blocking in an 802.11w environment through software update or firmware update without structural change of the WIPS sensor.

Abstract

The present invention relates to a WIPS (wireless intrusion prevention system) sensor for monitoring the traffic of a wireless communication terminal connected to an AP (access point), the WIPS sensor being characterized in that, upon receiving an access blocking control signal related to a specific wireless communication terminal connected to the AP from a WIPS server, the WIPS sensor changes the MAC address of the specific wireless communication terminal to its MAC address and requests the AP to make a new connection. In addition, the present invention relates to a method for blocking a terminal using a WIPS sensor, the method being characterized by comprising: a first step for the WIPS sensor monitoring the traffic of a wireless communication terminal connected to an AP (access point) and collecting information regarding the BSSID (basic service set identifier) and MAC address of the AP and the wireless communication terminal; a second step for the WIPS sensor receiving a control signal for blocking access of a specific wireless communication terminal, which has been transmitted from a WIPS server; a third step for the WIPS sensor extracting the MAC address of the specific wireless communication terminal from the information collected in the first step and assigning same as MAC address of self; and a fourth step for the WIPS sensor requesting a new connection from the AP, which is connected to the specific wireless communication terminal. Accordingly, information collection by a portable scanner makes it possible to detect the position of wireless equipment, which exists on a specific wireless network, without constructing a wireless intrusion prevention system, and to determine whether or not to approve the detected wireless equipment on the basis thereof, thereby improving the security of the wireless network at a low cost.

Description

윕스 센서 및 이를 이용한 단말 차단 방법WIPS sensor and terminal blocking method using the same
본 발명은 WIPS 센서 및 이를 이용한 단말 차단 방법에 관한 것으로서, 보다 상세하게는, 802.11w 환경에서 무선 통신에서 보안정책 위반 접속 단말을 차단할 수 있는 WIPS 센서 및 이를 이용한 단말 차단 방법에 관한 것이다.The present invention relates to a WIPS sensor and a terminal blocking method using the same, and more particularly, to a WIPS sensor and a terminal blocking method using the same, which can block a security policy violation access terminal in wireless communication in an 802.11w environment.
무선 네트워크 보안 시스템에서의 WIPS 센서는 무선 네트워크를 구성하는 복수의 무선 장비에 대한 고유정보(MAC주소, 제품명, 제조사, 일련번호, 하드웨어 정보 등)를 수집하여 WIPS(무선 침입 차단 시스템: Wireless Intrusion Prevention System)서버로 전송할 뿐만 아니라 해당 무선 장비가 위치하는 무선 네트워크에 대한 침입, 공격, 이상상태 발생 등을 모니터링하고 이에 대한 내역을 WIPS서버로 보고하여 대응을 위한 제어 신호를 WIPS서버로부터 전송받아 무선 네트워크에 전파하는 역할을 수행하며, 이에 관련된 종래 기술로는, 대한민국 공개특허공보 공개번호 제10-2013-0019892호(2013.02.27. 공개), 대한민국 등록특허공보 등록번호 제10-1186876호(2012.10.02. 공고) 등이 있었다.The WIPS sensor in the wireless network security system collects unique information (MAC address, product name, manufacturer, serial number, hardware information, etc.) of the plurality of wireless devices constituting the wireless network, and uses WIPS (Wireless Intrusion Prevention System). In addition to transmitting to the server, it monitors the intrusion, attack and abnormality of the wireless network where the wireless equipment is located, reports the details to the WIPS server, and receives the control signal for response from the WIPS server to receive the wireless network. It serves to propagate to, and the related art related to this, Republic of Korea Patent Publication No. 10-2013-0019892 (published on Feb. 27, 2013), Republic of Korea Patent Publication No. 10-1186876 (2012.10. 02. announcement).
한편, 종래의 WIPS 센서의 보안 정책 위반 단말의 차단은, 도 1 에서와 같이, WPIS 서버의 제어 신호에 따라 WIPS 센서(S)에서 차단 대상 단말(T)과 연결된 AP에 인증해제(Deauthentication) 또는 연동해제(Deassociation) 패킷을 전송하여 AP가 해당 단말에 대한 접속을 차단하는 것으로 구현되었다.On the other hand, the blocking of the security policy violation terminal of the conventional WIPS sensor, as shown in Figure 1, according to the control signal of the WPIS server deauthentication (deauthentication) to the AP connected to the blocking target terminal T in the WIPS sensor (S) or The AP blocks the access to the corresponding UE by transmitting a deassociation packet.
그러나, 무선 네트워크 환경의 새로운 표준인 802.11w 에서는 관리 프레임의 보안성 향상을 위해 AP와 단말 사이의 연동 과정에서 특정 Key 공유를 통해 상호 간의 통신 패킷을 보호하는 기술이 부가되었다.However, in 802.11w, a new standard of the wireless network environment, a technology for protecting communication packets through specific key sharing is added in an interworking process between an AP and a terminal for improving security of a management frame.
즉, 기존의 WIPS 센서로는 802.11w 가 적용된 AP와 단말의 공유 Key를 모르기 때문에 인증해제 또는 연동해체 패킷의 전송을 통한 단말(T)의 차단이 불가하였으며, 이러한 문제점을 해결하기 위한 기술 개발의 필요성이 대두되고 있는 실정이다.That is, the existing WIPS sensor did not know the shared key of the AP and the terminal to which 802.11w was applied, and thus it was impossible to block the terminal (T) through the authentication release or the transmission of the de-linked packet. Necessity is emerging.
본 발명은 상기 문제점을 개선하기 위하여 창작된 것으로서, 본 발명의 목적은, 802.11w 환경에서도 보안 정책을 위반한 단말에 대한 네트워크 접속 차단을 구현할 수 있는 기술을 제공하는 데 있다.The present invention was made to solve the above problems, and an object of the present invention is to provide a technology capable of implementing network access blocking for a terminal in violation of a security policy even in an 802.11w environment.
상기 목적은, 본 발명에 따라, AP(Access Point)와 접속된 무선통신단말의 트래픽을 모니터링하는 WIPS(Wireless Intrusion Prevention System) 센서로서, WIPS 서버로부터 AP와 접속된 특정 무선통신단말에 대한 접속 차단 제어 신호를 수신할 경우, 상기 WIPS 센서는 상기 특정 무선통신단말의 MAC 주소를 자신의 MAC 주소로 변경하여 상기 AP로 신규 연결을 요청하는 WIPS 센서에 의해 달성될 수 있다.The above object is, according to the present invention, a wireless intrusion prevention system (WIPS) sensor for monitoring the traffic of a wireless communication terminal connected to an access point (AP), the connection is blocked from a WIPS server to a specific wireless communication terminal connected to the AP When receiving the control signal, the WIPS sensor may be achieved by the WIPS sensor to request a new connection to the AP by changing the MAC address of the specific wireless communication terminal to its own MAC address.
여기서, 상기 WIPS 센서는, 상기 AP와 접속된 무선통신단말 간의 트래픽 및 상기 AP와 무선통신단말의 BSSID(Basic Service Set Identifierd) 및 MAC 주소 정보를 수집하는 모니터링부; 상기 모니터링부에서 수집된 AP와 무선통신단말의 BSSID 및 MAC 주소 정보가 저장되는 정보저장부; WIPS 서버와 통신하며, WIPS 서버로부터 특정 무선통신단말에 대한 접속 차단 제어 신호를 수신하는 통신부; 상기 접속 차단 제어 신호가 수신될 경우, 상기 정보저장부에 저장된 특정 무선통신단말의 MAC 주소를 참조하여 자신의 MAC 주소로 할당하는 MAC 주소변환부; 및 상기 MAC 주소변환부에서 변환된 MAC 주소로 특정 무선통신단말과 접속 중인 해당 AP에 신규 연결을 요청하는 AP 접속부; 를 포함한다.The WIPS sensor may include: a monitoring unit configured to collect traffic between a wireless communication terminal connected to the AP and BSSID (Basic Service Set Identifierd) and MAC address information of the AP and the wireless communication terminal; An information storage unit for storing BSSID and MAC address information of the AP and the wireless communication terminal collected by the monitoring unit; A communication unit which communicates with a WIPS server and receives an access blocking control signal for a specific wireless communication terminal from the WIPS server; A MAC address conversion unit for allocating the access blocking control signal to its own MAC address by referring to the MAC address of a specific wireless communication terminal stored in the information storage unit; And an AP access unit requesting a new connection to a corresponding AP accessing a specific wireless communication terminal using the MAC address converted by the MAC address conversion unit. It includes.
한편, 상기 목적은, 본 발명에 따라, WIPS 센서가 AP(Access Point)와 접속된 무선통신단말의 트래픽을 모니터링 하며, 상기 AP 및 무선통신단말의 BSSID(Basic Service Set Identifierd) 및 MAC 주소 정보를 수집하는 제1단계; WIPS 센서가 WIPS 서버로부터 전송된 특정 무선통신단말의 접속 차단 제어 신호를 수신하는 제2단계; WIPS 센서가 상기 특정 무선통신단말의 MAC 주소를 상기 제1단계에서 수집된 정보에서 추출하여 자신의 MAC 주소로 할당하는 제3단계; 및 WIPS 센서가 상기 특정 무선통신단말과 접속된 AP로 신규 연결을 요청하는 제4단계; 를 포함하는 WIPS 센서를 이용한 단말 차단 방법에 의해서도 달성될 수 있다.On the other hand, according to the present invention, the WIPS sensor monitors the traffic of the wireless communication terminal connected to the AP (Access Point), and the BSSID (Basic Service Set Identifierd) and MAC address information of the AP and the wireless communication terminal A first step of collecting; A second step of receiving, by the WIPS sensor, an access blocking control signal of a specific wireless communication terminal transmitted from a WIPS server; A third step of the WIPS sensor extracting the MAC address of the specific wireless communication terminal from the information collected in the first step and assigning the MAC address to its own MAC address; And a fourth step of requesting a new connection from the WIPS sensor to the AP connected to the specific wireless communication terminal. It may also be achieved by a terminal blocking method using a WIPS sensor comprising a.
여기서, 상기 제4단계 이후에, 신규 연결을 요청받은 AP가 상기 특정 무선통신단말에서 신규 연결을 요청하는 것으로 간주하는 제5단계; 및 상기 AP가 상기 WIPS 센서에 신규 Key를 할당하여 상호 연결되는 제6단계; 를 더 포함할 수 있다.Herein, after the fourth step, a fifth step of deeming that the AP requesting a new connection requests the new connection from the specific wireless communication terminal; And a sixth step in which the AP is interconnected by allocating a new key to the WIPS sensor. It may further include.
본 발명에 의해, 802.11w 환경에서도 보안 정책을 위반한 단말에 대한 네트워크 접속 차단을 구현함으로써 보안의 신뢰성이 증대된다.According to the present invention, the reliability of security is increased by implementing network access blocking for a terminal that violates a security policy even in an 802.11w environment.
또한, WIPS 센서의 구조적 변경 없이 소프트웨어 업데이트 또는 펌웨어 업데이트를 통해 802.11w 환경에서의 단말 차단을 구현함으로써 기존의 WIPS 센서를 재활용할 수 있다.In addition, the WIPS sensor can be recycled by implementing terminal blocking in an 802.11w environment through software update or firmware update without structural change of the WIPS sensor.
첨부의 하기 도면들은, 전술한 발명의 상세한 설명과 함께 본 발명의 기술적 사상을 이해시키기 위한 것이므로, 본 발명은 하기 도면에 도시된 사항에 한정 해석되어서는 아니 된다.Since the accompanying drawings are for understanding the technical spirit of the present invention together with the detailed description of the above-described invention, the present invention should not be construed as limited to the matters shown in the following drawings.
도 1 은 종래의 기술에 따른 WIPS 센서가 네트워크 상의 단말을 차단하는 것을 나타낸 개략도이며,1 is a schematic diagram showing that the WIPS sensor according to the prior art block the terminal on the network,
도 2 는 본 발명에 따른 WIPS 센서의 구성 블럭도 및 WIPS 센서가 네트워크 상의 단말을 차단하는 것을 나타낸 개략도이며,2 is a block diagram illustrating a configuration of a WIPS sensor according to the present invention and a schematic diagram showing that the WIPS sensor blocks a terminal on a network.
도 3 은 본 발명에 따른 WIPS 센서를 이용한 단말 차단 방법의 흐름을 도시한 순서도이다.3 is a flowchart illustrating a flow of a terminal blocking method using a WIPS sensor according to the present invention.
이하, 첨부된 도면을 참조하여 본 발명의 구성을 상세히 설명하기로 한다. Hereinafter, with reference to the accompanying drawings will be described in detail the configuration of the present invention.
이에 앞서, 본 명세서 및 청구범위에 사용된 용어는 사전적인 의미로 한정 해석되어서는 아니되며, 발명자는 자신의 발명을 최선의 방법으로 설명하기 위해 용어의 개념을 적절히 정의할 수 있다는 원칙에 입각하여, 본 발명의 기술적 사상에 부합되는 의미와 개념으로 해석되어야 한다.Prior to this, the terms used in this specification and claims should not be construed in a dictionary sense, and the inventors may properly define the concept of terms in order to explain their invention in the best way. It should be construed as meaning and concept consistent with the technical spirit of the present invention.
따라서, 본 명세서에 기재된 실시예 및 도면에 도시된 구성은 본 발명의 바람직한 실시예에 불과할 뿐이고, 본 발명의 기술적 사상을 모두 표현하는 것은 아니므로, 본 출원 시점에 있어 이들을 대체할 수 있는 다양한 균등물과 변형예들이 존재할 수 있음을 이해하여야 한다.Therefore, the configurations shown in the embodiments and drawings described herein are only preferred embodiments of the present invention, and do not represent all of the technical idea of the present invention, and various equivalents may be substituted for them at the time of the present application. It is to be understood that water and variations may exist.
1. WIPS 센서에 대한 설명1. Description of WIPS Sensor
도 2 는 본 발명에 따른 WIPS 센서의 구성 블럭도 및 WIPS 센서가 네트워크 상의 단말을 차단하는 것을 나타낸 개략도이다.2 is a block diagram illustrating a configuration of a WIPS sensor according to the present invention and a schematic diagram showing that the WIPS sensor blocks a terminal on a network.
도 2 를 참조하면, 본 발명에 따른 WIPS 센서(100)는, 모니터링부(10), 정보저장부(20), 통신부(30), MAC 주소변환부(40) 및 AP 접속부(50)를 포함한다.2, the WIPS sensor 100 according to the present invention includes a monitoring unit 10, an information storage unit 20, a communication unit 30, a MAC address conversion unit 40, and an AP connection unit 50. do.
이하에서는, 본 발명에 따른 WIPS 센서(100)의 세부 구성을 설명하기로 한다. 그러나, 이하에서 설명하는 구성은 WIPS 센서를 이루는 전체적인 구성은 아니며, 종래의 WIPS 센서의 기능 및 동작을 구현하는 구성은 채택되어있는 것으로 전제하고, 발명의 명확성을 위해 본 발명의 특징 및 기술적 사상을 나타내는 구성만을 취합하여 설명함을 밝혀둔다.Hereinafter, a detailed configuration of the WIPS sensor 100 according to the present invention will be described. However, the configuration described below is not the overall configuration constituting the WIPS sensor, the configuration that implements the function and operation of the conventional WIPS sensor is assumed to be adopted, and features and technical features of the present invention for clarity of the invention. It will be clear that only the configurations shown are combined and explained.
모니터링부(10)는 AP와 접속된 무선통신단말(T)의 통신 트래픽을 모니터링하는 역할을 수행함과 동시에 트래픽 모니터링을 통해 AP 및 무선통신단말(T)의 BSSID(Basic Service Set Identifierd) 및 MAC 주소 정보를 수집한다.The monitoring unit 10 monitors the communication traffic of the wireless communication terminal T connected to the AP, and at the same time, the BSSID (Basic Service Set Identifier) and the MAC address of the AP and the wireless communication terminal (T) through traffic monitoring. Collect information.
여기서, 수집된 AP 및 무선통신단말(T)의 고유 정보인 BSSID와 MAC 주소는 후술할 특정 무선통신단말의 차단에 이용된다.Here, the collected BSSID and MAC address, which are unique information of the AP and the wireless communication terminal T, are used to block a specific wireless communication terminal to be described later.
정보저장부(20)는 모니터링부(10)에서 수집된 AP와 무선통신단말(T)의 BSSID 및 MAC 주소 정보를 저장하는 역할을 수행하며, 정보저장부(20)에 저장된 정보는 접속 차단 제어 신호가 수신될 경우, 후술할 MAC 주소변환부(40)에 의해 참조되어 이용된다.The information storage unit 20 stores BSSID and MAC address information of the AP and the wireless communication terminal T collected by the monitoring unit 10, and the information stored in the information storage unit 20 controls access blocking. When a signal is received, it is referred to and used by the MAC address conversion unit 40 to be described later.
통신부(30)는 WIPS 센서(100)와 WIPS 서버(200) 간의 상호 통신을 구현하는 구성으로, 통신부(30)에 의해 WIPS 센서(100)의 각종 보고 신호가 WIPS 서버(200)로 전송되며, WIPS 서버(200)의 각종 제어 신호가 WIPS 센서(100)로 수신된다. 이하에서는, WIPS 서버(200)에서 분석된 보안 정책 위반 단말을 차단하기 위한 접속 차단 제어 신호를 WIPS 센서(100)가 수신하는 경우를 중점으로 설명한다.The communication unit 30 implements mutual communication between the WIPS sensor 100 and the WIPS server 200, and various report signals of the WIPS sensor 100 are transmitted to the WIPS server 200 by the communication unit 30. Various control signals of the WIPS server 200 are received by the WIPS sensor 100. Hereinafter, the case where the WIPS sensor 100 receives the access blocking control signal for blocking the security policy violation terminal analyzed by the WIPS server 200 will be described.
MAC 주소변환부(40)는 특정 상황에서 WIPS 센서(100)의 MAC 주소를 변경하는 역할을 수행하는 구성으로, 구체적으로는, 상기 통신부(30)에 특정 무선통신단말(T)에 대한 접속 차단 제어 신호가 수신될 경우 동작한다.The MAC address conversion unit 40 is configured to change the MAC address of the WIPS sensor 100 in a specific situation. Specifically, the communication unit 30 is blocked from accessing a specific wireless communication terminal T. It is activated when a control signal is received.
여기서, MAC 주소변환부(40)는 통신부(30)를 통해 특정 무선통신단말(T)에 대한 접속 차단 제어 신호가 수신될 경우, 정보저장부(20)에 저장된 BSSID와 MAC 주소 리스트를 참조하여 특정 무선통신단말(T)에 대한 BSSID와 MAC 주소를 추출하고, 추출된 특정 무선통신단말(T)에 대한 MAC 주소를 WIPS 센서(100)의 MAC 주소로 변경시키도록 마련된다.Here, when the MAC address conversion unit 40 receives an access blocking control signal for a specific wireless communication terminal T through the communication unit 30, the MAC address conversion unit 40 refers to the BSSID and the MAC address list stored in the information storage unit 20. The BSSID and the MAC address of the specific wireless communication terminal T are extracted, and the MAC address of the extracted specific wireless communication terminal T is changed to the MAC address of the WIPS sensor 100.
이러한 MAC 주소변환부(40)의 동작에 의해 WIPS 센서(100)의 MAC 주소는 차단 대상인 특정 무선통신단말(T)의 MAC 주소와 동일하게 설정된다.By the operation of the MAC address conversion unit 40, the MAC address of the WIPS sensor 100 is set to be the same as the MAC address of the specific wireless communication terminal T to be blocked.
AP 접속부(50)는 MAC 주소변환부(40)에서 변환된 WIPS 센서(100)의 MAC 주소를 통해 특정 무선통신단말(T)과 접속 중인 해당 AP에 신규 연결을 요청하는 역할을 수행한다.The AP access unit 50 serves to request a new connection to the AP that is accessing the specific wireless communication terminal T through the MAC address of the WIPS sensor 100 converted by the MAC address conversion unit 40.
또한, AP 접속부(50)에 의해 상기 해당 AP에 신규 연결이 요청되면, AP는 접속 중이던 상기 특정 무선통신단말(T)이 신규 연결을 요청하는 것으로 간주하고 새로운 공유 Key를 WIPS 센서(100)에 할당하며, AP와 WIPS 센서(100) 간의 SA(Security Association)를 형성하며, 이 과정에서 기 접속 중이던 특정 무선통신단말(T)과 AP의 접속이 차단(특정 무선통신단말과 AP의 SA가 끊김)되는 것이다.In addition, when a new connection is requested to the corresponding AP by the AP access unit 50, the AP regards the specific wireless communication terminal T that is being connected to request a new connection and sends a new shared key to the WIPS sensor 100. Assigns and forms a security association (SA) between the AP and the WIPS sensor 100, and in this process, the connection between the AP and the AP that is being connected is blocked (the SA of the specific wireless communication terminal and the AP is disconnected). )
즉, 본 발명에 따른 WIPS 센서(100)는 WIPS 서버(200)로부터 AP와 접속된 특정 무선통신단말(T)에 대한 접속 차단 제어 신호를 수신할 경우, 특정 무선통신단말(T)의 MAC 주소를 자신의 MAC 주소로 변경하여 AP로 신규 연결을 요청하고, AP에서는 신규 연결 요청을 처리하는 과정(AP에서는 특정 무선통신단말이 신규 연결을 요청하는 것으로 간주하지만 실제로 신규 연결 요청은 AP와 WIPS 센서에서 이루어짐)에서 자연스럽게 특정 무선통신단말(T)과의 접속을 차단함으로써 보안 정책을 위반한 특정 무선통신단말(T)의 차단이 구현될 수 있는 것이다.That is, when the WIPS sensor 100 according to the present invention receives the access blocking control signal for the specific wireless communication terminal T connected to the AP from the WIPS server 200, the MAC address of the specific wireless communication terminal T is received. Is a new connection request to the AP by changing its MAC address, and the AP processes a new connection request (In AP, a specific wireless communication terminal is regarded as requesting a new connection, but the new connection request is actually an AP and a WIPS sensor. By blocking the connection with a specific wireless communication terminal (T) in a natural manner can be implemented to block the specific wireless communication terminal (T) in violation of the security policy.
2. WIPS 센서를 이용한 단말 차단 방법에 대한 설명2. Description of terminal blocking method using WIPS sensor
도 3 은 본 발명에 따른 WIPS 센서를 이용한 단말 차단 방법의 흐름을 도시한 순서도이다.3 is a flowchart illustrating a flow of a terminal blocking method using a WIPS sensor according to the present invention.
도 3 을 참조하면, 본 발명에 따른 WIPS 센서를 이용한 단말 차단 방법은, 정보수집단계(제1단계, S10), 접속 차단 제어신호 수신단계(제2단계, S20), MAC 주소 할당단계(제3단계, S30), 신규 연결 요청단계(제4단계, S40), 신규 연결 요청 수신단계(제5단계, S50) 및 신규 연결 및 단말 차단단계(제5단계, S50)를 포함한다.Referring to Figure 3, the terminal blocking method using the WIPS sensor according to the present invention, information collection step (first step, S10), access block control signal receiving step (second step, S20), MAC address assignment step (the first Step 3, S30), the new connection request step (fourth step, S40), the new connection request receiving step (fifth step, S50) and the new connection and the terminal blocking step (five steps, S50).
제1단계:정보수집단계(S10)First step: information collection step (S10)
WIPS 센서가 AP(Access Point)와 접속된 무선통신단말의 트래픽을 모니터링 하며, 상기 AP 및 무선통신단말의 BSSID(Basic Service Set Identifierd) 및 MAC 주소 정보를 수집하는 단계로 본 단계는 WIPS 센서의 모니터링부에 의해 이루어지며, 수집된 BSSID 및 MAC 주소 정보는 WIPS 센서의 정보저장부에 저장된다.The WIPS sensor monitors traffic of a wireless communication terminal connected to an access point (AP), and collects BSSID (Basic Service Set Identifierd) and MAC address information of the AP and the wireless communication terminal. This step monitors the WIPS sensor. The collected BSSID and MAC address information is stored in the information storage unit of the WIPS sensor.
제2단계:접속 차단 제어신호 수신단계(S20)Step 2: Receiving connection blocking control signal (S20)
WIPS 센서가 WIPS 서버로부터 전송된 특정 무선통신단말(WIPS 서버의 분석에 의해 선정된 보안 정책 위반 단말)의 접속 차단 제어 신호를 수신하는 단계이며, 접속 차단 제어 신호는 WIPS 서버로부터 전송되며 WIPS 센서의 통신부를 통해 수신된다.The WIPS sensor receives the access blocking control signal of a specific wireless communication terminal (security policy violation terminal selected by the analysis of the WiPS server) transmitted from the WIPS server, and the access blocking control signal is transmitted from the WIPS server. It is received through the communication unit.
제3단계:MAC 주소 할당단계(S30)Step 3: assigning the MAC address (S30)
WIPS 센서가 상기 특정 무선통신단말의 MAC 주소를 제1단계에서 수집된 정보에서 추출(WIPS 센서의 정보저장부에서 추출)하여 자신의 MAC 주소로 할당하는 단계로, 본 단계는 WIPS 센서의 MAC 주소변환부에서 이루어진다. 즉, 본 단계를 통해 WIPS 센서의 MAC 주소가 특정 무선통신단말의 MAC 주소와 동일하게 설정된다.The WIPS sensor extracts the MAC address of the specific wireless communication terminal from the information collected in the first step (extracted from the information storage unit of the WIPS sensor) and assigns it to its MAC address. It is done in the converter. That is, the MAC address of the WIPS sensor is set to be the same as the MAC address of the specific wireless communication terminal through this step.
제4단계:신규 연결 요청단계(S40)Step 4: New connection request step (S40)
WIPS 센서가 상기 특정 무선통신단말과 접속된 AP로 신규 연결을 요청하는 단계이며, 본 단계는 WIPS 센서의 AP 접속부에서 이루어진다. The WIPS sensor requests a new connection to the AP connected to the specific wireless communication terminal. This step is performed at the AP connection part of the WIPS sensor.
제5단계:신규 연결 요청 수신단계(S50)Step 5: receiving a new connection request step (S50)
신규 연결을 요청받은 AP가 상기 특정 무선통신단말에서 신규 연결을 요청하는 것으로 간주하는 단계로서, 본 단계에서 AP는 특정 무선통신단말에서 신규 연결이 요청된 것으로 파악(실제로 신규 연결 요청을 한 대상은 특정 무선통신단말이 아니라 WIPS 센서이다.)하고 이후 단계를 진행한다.In this step, the AP requesting a new connection is regarded as requesting a new connection from the specific wireless communication terminal. In this step, the AP determines that a new connection is requested from the specific wireless communication terminal. It is not a specific wireless communication terminal, but a WIPS sensor).
제6단계:신규 연결 및 단말 차단단계(S60)Step 6: New connection and terminal blocking step (S60)
신규 연결 요청에 따라 AP는 WIPS 센서와 연결을 설정한다. 이 단계에서 AP는 802.11w 환경에 따라 신규로 연결된 WIPS 센서와 새로운 키를 생성하여 공유하며, WIPS 센서와 AP 간의 SA(Security Association)가 형성되어 연결됨과 동시에 기 연결되어 있던 특정 무선통신단말과의 SA가 끊기며, 이에 의해 특정 무선통신단말의 네트워크 접속이 차단된다.Upon request for a new connection, the AP establishes a connection with the WIPS sensor. At this stage, the AP generates and shares a new key with the newly connected WIPS sensor according to the 802.11w environment, and the SA (Security Association) between the WIPS sensor and the AP is formed and connected, and at the same time, with the specific wireless communication terminal that is already connected. The SA is disconnected, thereby disconnecting the network of a specific wireless communication terminal.
전술한 바와 같이, 본 발명에 따른 WIPS 센서 및 이를 이용한 단말 차단 방법은, 802.11w 환경에서도 보안 정책을 위반한 단말에 대한 네트워크 접속 차단을 구현함으로써 보안의 신뢰성이 증대된다.As described above, the WIPS sensor and the terminal blocking method using the same according to the present invention, the reliability of the security is increased by implementing the network access blocking for the terminal in violation of the security policy even in 802.11w environment.
또한, WIPS 센서의 구조적 변경 없이 소프트웨어 업데이트 또는 펌웨어 업데이트를 통해 802.11w 환경에서의 단말 차단을 구현함으로써 기존의 WIPS 센서를 재활용할 수 있다.In addition, the WIPS sensor can be recycled by implementing terminal blocking in an 802.11w environment through software update or firmware update without structural change of the WIPS sensor.
이상, 본 발명은 비록 한정된 실시예와 도면에 의해 설명되었으나, 본 발명의 기술적 사상은 이러한 것에 한정되지 않으며, 본 발명이 속하는 기술분야에서 통상의 지식을 가진 자에 의해, 본 발명의 기술적 사상과 하기 될 특허청구범위의 균등범위 내에서 다양한 수정 및 변형 실시가 가능할 것이다.As mentioned above, although the present invention has been described by way of limited embodiments and drawings, the technical idea of the present invention is not limited thereto, and a person having ordinary skill in the art to which the present invention pertains, Various modifications and variations may be made without departing from the scope of the appended claims.

Claims (4)

  1. AP(Access Point)와 접속된 무선통신단말의 트래픽을 모니터링하는 WIPS(Wireless Intrusion Prevention System) 센서로서,WIPS (Wireless Intrusion Prevention System) sensor that monitors the traffic of wireless communication terminals connected to APs.
    WIPS 서버로부터 AP와 접속된 특정 무선통신단말에 대한 접속 차단 제어 신호를 수신할 경우, 상기 WIPS 센서는 상기 특정 무선통신단말의 MAC 주소를 자신의 MAC 주소로 변경하여 상기 AP로 신규 연결을 요청하는 것을 특징으로 하는When receiving an access blocking control signal for a specific wireless communication terminal connected to an AP from a WIPS server, the WIPS sensor changes the MAC address of the specific wireless communication terminal to its own MAC address and requests a new connection to the AP. Characterized by
    WIPS 센서.WIPS sensor.
  2. 제1항에 있어서,The method of claim 1,
    상기 WIPS 센서는,The WIPS sensor,
    상기 AP와 접속된 무선통신단말 간의 트래픽 및 상기 AP와 무선통신단말의 BSSID(Basic Service Set Identifierd) 및 MAC 주소 정보를 수집하는 모니터링부;A monitoring unit collecting traffic between a wireless communication terminal connected to the AP and BSSID (Basic Service Set Identifier) and MAC address information of the AP and the wireless communication terminal;
    상기 모니터링부에서 수집된 AP와 무선통신단말의 BSSID 및 MAC 주소 정보가 저장되는 정보저장부;An information storage unit for storing BSSID and MAC address information of the AP and the wireless communication terminal collected by the monitoring unit;
    WIPS 서버와 통신하며, WIPS 서버로부터 특정 무선통신단말에 대한 접속 차단 제어 신호를 수신하는 통신부;A communication unit which communicates with a WIPS server and receives an access blocking control signal for a specific wireless communication terminal from the WIPS server;
    상기 접속 차단 제어 신호가 수신될 경우, 상기 정보저장부에 저장된 특정 무선통신단말의 MAC 주소를 참조하여 자신의 MAC 주소로 할당하는 MAC 주소변환부; 및A MAC address conversion unit for allocating the access blocking control signal to its own MAC address by referring to the MAC address of a specific wireless communication terminal stored in the information storage unit; And
    상기 MAC 주소변환부에서 변환된 MAC 주소로 특정 무선통신단말과 접속 중인 해당 AP에 신규 연결을 요청하는 AP 접속부; 를 포함하는 것을 특징으로 하는An AP access unit requesting a new connection to a corresponding AP accessing a specific wireless communication terminal using the MAC address converted by the MAC address conversion unit; Characterized in that it comprises
    WIPS 센서.WIPS sensor.
  3. WIPS 센서가 AP(Access Point)와 접속된 무선통신단말의 트래픽을 모니터링 하며, 상기 AP 및 무선통신단말의 BSSID(Basic Service Set Identifierd) 및 MAC 주소 정보를 수집하는 제1단계;A first step in which a WIPS sensor monitors traffic of a wireless communication terminal connected to an access point (AP) and collects basic service set identifier (BSSID) and MAC address information of the AP and the wireless communication terminal;
    WIPS 센서가 WIPS 서버로부터 전송된 특정 무선통신단말의 접속 차단 제어 신호를 수신하는 제2단계;A second step of receiving, by the WIPS sensor, an access blocking control signal of a specific wireless communication terminal transmitted from a WIPS server;
    WIPS 센서가 상기 특정 무선통신단말의 MAC 주소를 상기 제1단계에서 수집된 정보에서 추출하여 자신의 MAC 주소로 할당하는 제3단계; 및A third step of the WIPS sensor extracting the MAC address of the specific wireless communication terminal from the information collected in the first step and assigning the MAC address to its own MAC address; And
    WIPS 센서가 상기 특정 무선통신단말과 접속된 AP로 신규 연결을 요청하는 제4단계; 를 포함하는 것을 특징으로 하는A fourth step of requesting, by a WIPS sensor, a new connection to an AP connected to the specific wireless communication terminal; Characterized in that it comprises
    WIPS 센서를 이용한 단말 차단 방법.Terminal blocking method using WIPS sensor.
  4. 제3항에 있어서,The method of claim 3,
    상기 제4단계 이후에,After the fourth step,
    신규 연결을 요청받은 AP가 상기 특정 무선통신단말에서 신규 연결을 요청하는 것으로 간주하는 제5단계; 및A fifth step of the AP requesting a new connection to be regarded as requesting a new connection from the specific wireless communication terminal; And
    상기 AP가 상기 WIPS 센서에 신규 Key를 할당하여 상호 연결되는 제6단계; 를 더 포함하는 것을 특징으로 하는A sixth step in which the AP is interconnected by assigning a new key to the WIPS sensor; Characterized in that it further comprises
    WIPS 센서를 이용한 단말 차단 방법.Terminal blocking method using WIPS sensor.
PCT/KR2015/003068 2015-03-27 2015-03-27 Wips sensor and method for blocking terminal using same WO2016159396A1 (en)

Priority Applications (3)

Application Number Priority Date Filing Date Title
PCT/KR2015/003068 WO2016159396A1 (en) 2015-03-27 2015-03-27 Wips sensor and method for blocking terminal using same
JP2018500247A JP2018511282A (en) 2015-03-27 2015-03-27 WIPS sensor and terminal blocking method using the same
CN201580078218.1A CN107431971A (en) 2015-03-27 2015-03-27 Wireless invasive system of defense sensor and the method using the sensor disconnected end

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
PCT/KR2015/003068 WO2016159396A1 (en) 2015-03-27 2015-03-27 Wips sensor and method for blocking terminal using same

Publications (1)

Publication Number Publication Date
WO2016159396A1 true WO2016159396A1 (en) 2016-10-06

Family

ID=57007331

Family Applications (1)

Application Number Title Priority Date Filing Date
PCT/KR2015/003068 WO2016159396A1 (en) 2015-03-27 2015-03-27 Wips sensor and method for blocking terminal using same

Country Status (3)

Country Link
JP (1) JP2018511282A (en)
CN (1) CN107431971A (en)
WO (1) WO2016159396A1 (en)

Cited By (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN106850855A (en) * 2017-03-27 2017-06-13 嘉兴爱尔特云网络科技有限责任公司 WLAN long-distance monitoring method, server, WAP and system
CN111479271A (en) * 2020-04-03 2020-07-31 北京锐云通信息技术有限公司 Wireless security detection and protection method and system based on asset attribute mark grouping
CN112105029A (en) * 2020-08-07 2020-12-18 新华三技术有限公司 Method and device for countering illegal device

Families Citing this family (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
KR102157661B1 (en) 2020-03-11 2020-09-18 주식회사 시큐아이 Wireless intrusion prevention system, wireless network system, and operating method for wireless network system
JP7430397B2 (en) 2021-02-26 2024-02-13 サイレックス・テクノロジー株式会社 WIPS sensor, wireless communication system, wireless intrusion prevention method and wireless intrusion prevention program

Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
KR20130004172A (en) * 2011-07-01 2013-01-09 에어타이트 네트웍스 인코포레이티드 Monitoring of smart mobile devices in the wireless access networks
KR20140035600A (en) * 2012-09-14 2014-03-24 한국전자통신연구원 Dongle apparatus for preventing wireless intrusion
KR20140066312A (en) * 2012-11-23 2014-06-02 유넷시스템주식회사 System for detecting unauthorized ap and method for detecting thereof
KR20140071776A (en) * 2012-12-04 2014-06-12 한국전자통신연구원 Method and system for detecting invasion on wireless lan

Family Cites Families (8)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
JP4174392B2 (en) * 2003-08-28 2008-10-29 日本電気株式会社 Network unauthorized connection prevention system and network unauthorized connection prevention device
JP2006067174A (en) * 2004-08-26 2006-03-09 Fujitsu Ltd Control program, communication relay device control method, and communication relay device and system
CN102480729B (en) * 2010-11-22 2015-11-25 中兴通讯股份有限公司 Method and the access point of fake user is prevented in wireless access network
KR20130019892A (en) * 2011-08-18 2013-02-27 주식회사 퓨쳐시스템 Method and wips for security of wireless network
WO2013172587A1 (en) * 2012-05-15 2013-11-21 (주) 코닉글로리 Intelligent wireless intrusion prevention system and sensor using cloud sensor network
KR101382525B1 (en) * 2012-11-30 2014-04-07 유넷시스템주식회사 Wireless network security system
WO2015016627A1 (en) * 2013-07-31 2015-02-05 삼성전자 주식회사 Method and device for connecting single ap device among multiple ap devices on same network to terminal
CN103561405A (en) * 2013-10-23 2014-02-05 杭州华三通信技术有限公司 Method and device for countering Rogue AP

Patent Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
KR20130004172A (en) * 2011-07-01 2013-01-09 에어타이트 네트웍스 인코포레이티드 Monitoring of smart mobile devices in the wireless access networks
KR20140035600A (en) * 2012-09-14 2014-03-24 한국전자통신연구원 Dongle apparatus for preventing wireless intrusion
KR20140066312A (en) * 2012-11-23 2014-06-02 유넷시스템주식회사 System for detecting unauthorized ap and method for detecting thereof
KR20140071776A (en) * 2012-12-04 2014-06-12 한국전자통신연구원 Method and system for detecting invasion on wireless lan

Cited By (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN106850855A (en) * 2017-03-27 2017-06-13 嘉兴爱尔特云网络科技有限责任公司 WLAN long-distance monitoring method, server, WAP and system
CN111479271A (en) * 2020-04-03 2020-07-31 北京锐云通信息技术有限公司 Wireless security detection and protection method and system based on asset attribute mark grouping
CN111479271B (en) * 2020-04-03 2023-07-25 北京锐云通信息技术有限公司 Wireless security detection and protection method and system based on asset attribute marking grouping
CN112105029A (en) * 2020-08-07 2020-12-18 新华三技术有限公司 Method and device for countering illegal device
CN112105029B (en) * 2020-08-07 2022-07-12 新华三技术有限公司 Method and device for countering illegal device

Also Published As

Publication number Publication date
CN107431971A (en) 2017-12-01
JP2018511282A (en) 2018-04-19

Similar Documents

Publication Publication Date Title
WO2016159396A1 (en) Wips sensor and method for blocking terminal using same
WO2009151258A2 (en) Method for ue handover between home node bs
WO2014081205A1 (en) Illegal ap detection system and detection method therefor
WO2016028067A2 (en) System and method for detecting malicious code using visualization
US20100242084A1 (en) Network security monitor apparatus and network security monitor system
JP2007267139A (en) Authenticated vlan management device
WO2013100582A1 (en) Wireless communication system, and method for connecting rrc for controlling overloads in wireless communication system
WO2012070801A2 (en) Authentication system and authentication method therefor in a wireless lan environment
EP2600566B1 (en) Unauthorized access blocking control method
KR20100040792A (en) A method for neutralizing the arp spoofing attack by using counterfeit mac addresses
WO2016148483A1 (en) Apparatus and method for managing home energy using beacon in home energy management system
WO2010036054A2 (en) Method for detecting an arp attack, and system using same
WO2022255619A1 (en) Wireless intrusion prevention system and operating method therefor
JP4961996B2 (en) Communication management device monitoring system and method
WO2012057533A2 (en) System and method for dynamic channel allocation for avoiding frequency interference
KR101737893B1 (en) WIPS Sensor and Terminal block Method Using The Same
WO2013172587A1 (en) Intelligent wireless intrusion prevention system and sensor using cloud sensor network
WO2012144723A1 (en) Apparatus for protecting a web server
WO2015167061A1 (en) Communication service providing system and control method therefor
WO2014061997A1 (en) Apparatus and method for supporting multi-host access
WO2012077973A2 (en) Method for transmitting information of heavy equipment vehicle for construction
WO2012018190A2 (en) Traffic-based communication system and method
WO2021107382A1 (en) Fire detection system
WO2013065886A1 (en) Detection method for signaling dos traffic in mobile communication networks
WO2015080378A1 (en) Method for identifying sharing terminal and system therefor

Legal Events

Date Code Title Description
121 Ep: the epo has been informed by wipo that ep was designated in this application

Ref document number: 15887807

Country of ref document: EP

Kind code of ref document: A1

ENP Entry into the national phase

Ref document number: 2018500247

Country of ref document: JP

Kind code of ref document: A

NENP Non-entry into the national phase

Ref country code: DE

122 Ep: pct application non-entry in european phase

Ref document number: 15887807

Country of ref document: EP

Kind code of ref document: A1