WO2008001972A1 - Procédé de prévention pro-active d'attaques sans fil et appareil associé - Google Patents

Procédé de prévention pro-active d'attaques sans fil et appareil associé Download PDF

Info

Publication number
WO2008001972A1
WO2008001972A1 PCT/KR2006/003005 KR2006003005W WO2008001972A1 WO 2008001972 A1 WO2008001972 A1 WO 2008001972A1 KR 2006003005 W KR2006003005 W KR 2006003005W WO 2008001972 A1 WO2008001972 A1 WO 2008001972A1
Authority
WO
WIPO (PCT)
Prior art keywords
wireless
intrusion
attacking
frame
terminal
Prior art date
Application number
PCT/KR2006/003005
Other languages
English (en)
Inventor
Hyo Sik Choi
Jae Cheol Ryou
Jong Hu Lee
Original Assignee
The Industry & Academic Cooperation In Chungnam National University
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by The Industry & Academic Cooperation In Chungnam National University filed Critical The Industry & Academic Cooperation In Chungnam National University
Publication of WO2008001972A1 publication Critical patent/WO2008001972A1/fr

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/14Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
    • H04L63/1441Countermeasures against malicious traffic
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/14Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
    • H04L63/1408Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic by monitoring network traffic
    • H04L63/1416Event detection, e.g. attack signature detection
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/14Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
    • H04L63/1441Countermeasures against malicious traffic
    • H04L63/1491Countermeasures against malicious traffic using deception as countermeasure, e.g. honeypots, honeynets, decoys or entrapment
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W12/00Security arrangements; Authentication; Protecting privacy or anonymity
    • H04W12/08Access security
    • H04W12/088Access security using filters or firewalls
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W12/00Security arrangements; Authentication; Protecting privacy or anonymity
    • H04W12/12Detection or prevention of fraud
    • H04W12/121Wireless intrusion detection systems [WIDS]; Wireless intrusion prevention systems [WIPS]
    • H04W12/122Counter-measures against attacks; Protection against rogue devices

Definitions

  • the present invention relates to a method of proactively detecting and preventing an attack according to an intrusion which may occur in a wireless network, and a system for performing the method.
  • LAN wireless local area network
  • the attacks may occur in the wireless LAN which uses neither an appropriate encryption algorithm nor an authentication mechanism.
  • the attacks may occur in any network which uses the wireless LAN.
  • a measure against the attacks is passive, a serious availability problem may occur in the wireless LAN which is operated based on user convenience.
  • a current signature-based detection may not construct a safe wireless LAN against an intrusion.
  • a wireless intrusion detection system (IDS) and a wireless intrusion prevention system (IPS) have been domestically introduced to detect an attack against a wireless LAN.
  • methods for prevention and intrusion reflect an existing wired policy (detection according to a defined rule, prevention via a Media Access Control (MAC) address, and the like).
  • the methods do not reflect intrusion prevention methods which are specialized for an attack against a wireless LAN.
  • DoS Denial of Service
  • a key technology of an intrusion prevention system associated with a wireless LAN is structured to prevent traffic.
  • a small number of rules for detecting an attack on a wireless LAN are currently available.
  • an attack in the wireless LAN is based on a MAC address, not an Internet Protocol (IP) address, and an attacking location may not be traced due to properties of the wireless LAN.
  • IP Internet Protocol
  • a different policy and technology from a wired line must be reflected in the wireless LAN, for example, the Institute of Electrical and Electronics Engineers (IEEE) 802.11 standard.
  • IEEE Institute of Electrical and Electronics Engineers
  • a safety function is based on a Wired Equivalent Privacy (WEP) protocol which has weak encryption, and an authentication protocol is based on 802. Ix.
  • WEP Wired Equivalent Privacy
  • an IPS may not be employed.
  • ESM Enterprise Security Management
  • Bluetooth was in the spotlight as a local communication method, but became unpopular due to a module price.
  • Bluetooth is utilized for various technology developments, such as Enhanced Data Rate (EDR), and the like.
  • EDR Enhanced Data Rate
  • OEM Original Equipment Manufacturer
  • PDA personal digital assistant
  • Bluetooth is being released in an Original Equipment Manufacturer (OEM) form, as a basic communication medium of a notebook computer, a personal digital assistant (PDA), a mobile telephone, and the like.
  • OEM Original Equipment Manufacturer
  • PDA personal digital assistant
  • Bluetooth communication traffic using Bluetooth is also on the rise.
  • a Bluetooth communication technology including a Code Division Multiplex Access (CDMA) network may also be more frequently utilized.
  • CDMA Code Division Multiplex Access
  • the Korean government is required to pay more attention to a wireless LAN and Bluetooth as key local wireless network technologies.
  • the Korean government is required to study technologies which can cope with future possible hacking.
  • Bluetooth has a tendency to be used for a DoS attack in a similar form to a wireless LAN and attack a vulnerable point of an application which is installed in a PDA or a mobile phone.
  • a study about a future safe communication method is required.
  • the hacker may utilize the wireless network without submitting to an authentication process, or interfering with a normal connection of the wireless terminal, which normally receives a wireless service, with the hacker's own developed code or a known open-source-based tool.
  • the conventional wireless intrusion prevention system registers a corresponding MAC address to a blacklist.
  • the conventional wireless intrusion prevention system prevents the hacker from using an Internet service without authentication from the wireless network.
  • such an attempt to use the Internet service without an authentication may be attempted at any time while changing an intrusion method a little. Accordingly, the conventional wireless intrusion prevention system may not become a fundamental solution.
  • the present invention provides a method and system for proactively detecting and preventing a possible intrusion into a wireless network including a wireless LAN and Bluetooth.
  • a method of detecting and preventing an intrusion into a wireless network including: detecting an occurrence of the intrusion, based on a database which stores information associated with the intrusion; acquiring additional attack information associated with the intrusion by recognizing a wireless terminal, which generates the intrusion, as an attacking terminal and guiding the attacking terminal to a predetermined virtual device; preventing the attacking terminal from accessing the wireless network by transmitting a proactive blocking attack to the attacking terminal after storing the additional attack information; and reporting all information associated with the intrusion to a network manager terminal of the wireless network.
  • the wireless network includes a wireless local area network (LAN) or Bluetooth
  • the detecting may include: periodically collecting a frame associated with the wireless network; searching the database to check whether the frame corresponds to an attacking frame; and comparing information associated with the frame, and information associated with the intrusion, which is stored in the database, and when identical, recognizing the frame as the attacking frame and detecting the occurrence of the intrusion.
  • LAN wireless local area network
  • Bluetooth Bluetooth
  • the virtual device includes a wireless honeypot
  • the acquiring may include: guiding an attacking frame to the virtual device by transmitting the attacking frame, which has been received from the attacking terminal, to the virtual device; and acquiring the additional attack information associated with the intrusion via the virtual device, the virtual device providing an attacker of the attacking terminal with an identical service to a normal service which is received in a destination of the attacking terminal.
  • the proactive blocking attack comprises a proactive Denial of Service (DoS) attack
  • the preventing may include: preventing the attacking terminal, which performs the intrusion, from accessing the wireless network via the proactive DoS attack; extracting a Media Access Control (MAC) address, and adding the extracted MAC address to a blacklist; and preventing the attacking terminal from accessing the wireless network by continuously monitoring the wireless network with reference to the blacklist.
  • DoS proactive Denial of Service
  • a proactive wireless intrusion preventing system including: a collection unit periodically collecting attack signature information which is included in a frame for Bluetooth equipment, a wireless terminal, and an access point corresponding to components of a wireless network; a database storing the collected attack signature information; a search unit searching the database to check whether the frame corresponds to an attacking frame; a comparison unit comparing the attack signature information, which is stored in the database, and information associated with the frame; a guide unit guiding the frame, which is determined as the attacking frame, to a wireless honeypot; a processing unit preventing a wireless terminal from accessing the wireless network by transmitting a proactive blocking frame to the wireless terminal which transmits the attacking frame; a reporting unit reporting information associated with the attacking frame to a network manager terminal of the wireless network via an email and/or a Short Message Service (SMS) message; and a storage unit storing information about the intrusion associated with the attacking frame, and information about an additional intrusion, which is not stored in the database, to provide additional attack signature
  • SMS Short Message Service
  • FIG. 1 is a schematic diagram illustrating a proactive wireless intrusion preventing system according to an exemplary embodiment of the present invention
  • FIG. 2 is a flowchart illustrating a method of detecting an intrusion into a wireless network and proactively preventing the detected intrusion according to an exemplary embodiment of the present invention
  • FIG. 3 is a flowchart illustrating an example of a proactive wireless intrusion preventing method according to an exemplary embodiment of the present invention
  • FIG. 4 is a block diagram illustrating a configuration of a proactive wireless intrusion preventing system according to an exemplary embodiment of the present invention.
  • FIG. 1 is a schematic diagram illustrating a proactive wireless intrusion preventing system 110 according to an exemplary embodiment of the present invention.
  • the proactive wireless intrusion preventing system 110 includes a frame capture module 111, a frame analysis module 112, a proactive intrusion prevention module 113, and an alarm module 114.
  • the frame capture module 111 captures a frame which is transmitted from a wireless LAN terminal and a Bluetooth terminal within a range of the proactive wireless intrusion preventing system 110.
  • the frame includes a control frame and a management frame which are used for transmitting data. Also, the frame is mapped with a wireless vulnerability database 121, and captured and utilized to determine whether the frame is transmitted for an attack against an access point or a wireless terminal which are corresponding components of a wireless network. In addition, the frame goes through a common formatting process, to be easily analyzed by the frame analysis module 112 when capturing the frame.
  • the frame analysis module 112 determines whether the frame, which went through the formatting process and was received from the frame capture module 111, was transmitted for a normal wireless use.
  • an analysis target i.e. the frame
  • the frame of the frame analysis module 112 includes a frame which is associated with Layer 2 in an Open Systems Interconnection (OSI) 7 Layer-Model, and a packet which is associated with a layer higher than Layer 3 that is transmitted from a wireless LAN or Bluetooth.
  • the frame analysis module 112 determines whether the frame corresponds to an attacking frame of an attacker via the wireless vulnerability database 121. When the frame does not correspond to the attacking frame, the frame analysis module 112 allows a corresponding wireless LAN terminal to use the access point, and connect a Bluetooth terminal to another Bluetooth terminal which requests a connection. However, when the frame corresponds to the attacking frame, the frame analysis module 112 transmits information to the intrusion prevention module 113 to notify the same of the intrusion.
  • OSI Open Systems Interconnection
  • the intrusion prevention module 113 proactively removes a frame, which is determined as an attacking terminal by the frame analysis module 112, from a network.
  • the intrusion prevention module 113 forwards a corresponding connection to a wireless honeypot 130, and provides an environment as if the attacking terminal of the attacker associated with the attack is normally connected to the wireless network.
  • the attacker may continue to perform an attack via the attacking terminal.
  • the proactive wireless intrusion preventing system 110 acquires detailed information about the attack.
  • the attacking frame includes a Denial of Service (DoS) attack which is provided by the intrusion prevention module 113.
  • DoS Denial of Service
  • information of the prevented attacking terminal is registered to a list of access denial hosts so as to fundamentally prevent a continuous attack of the attacking terminal.
  • DoS Denial of Service
  • the alarm module 114 transmits information associated with a current status of a serious attack to a terminal of a network manager 140, so that the network manager 140 may prepare against an additional attack.
  • the information may be transferred from the alarm module 114 to a terminal of the network manager 140 via an email and/or a Short Messaging Service (SMS).
  • SMS Short Messaging Service
  • the proactive wireless intrusion preventing system of the present invention functions to incapacitate any access attempt of an attacking terminal by proactively performing a DoS attack against the attacking terminal, based on a great amount of detection rules.
  • the detection rules are more systematically arranged than an existing system with respect to a wireless intrusion.
  • the proactive wireless intrusion preventing system guides the attacking terminal to a wireless honeypot by using a honeypot technology, so as to prevent future attacks and acquire detailed information about the attack.
  • the proactive wireless intrusion preventing system may prevent an attempt for using the Internet without authentication, and also prevent the attack of the attacking terminal which may be connected to a DoS attack against components, for example, an access point and a wireless terminal, of the wireless network. Accordingly, when applying the proactive wireless intrusion preventing system, it is possible to construct a wireless LAN which is safe from the attack.
  • the proactive wireless intrusion preventing system may similarly operate to detect and prevent an attack of the attacking terminal.
  • the proactive wireless intrusion preventing system may be manufactured as a single hardware chip or expanded into a single sensor of a sensor network in a mobile environment.
  • the proactive wireless intrusion preventing system generally includes four components.
  • a first component may be a wireless vulnerability database.
  • the wireless vulnerability database is a systematically well-arranged wireless attack detection rule, and may detect an attack against almost all wireless LANs and Bluetooth. Patterns of attacks against the wireless LANs may be classified into a Wired Equivalent Privacy (WEP) cracking attack, a DoS attack, a session hijacking attack, a fake access point (AP) attack, and a sniffing attack. Each of the classified attacks may be further classified. Also, patterns of attacks against Bluetooth may be classified into a DoS attack and an application vulnerability attack.
  • WEP Wired Equivalent Privacy
  • attacks which may be expanded from a wired line into a wireless line are included in the proactive wireless intrusion preventing system. The attacks may be utilized as a tool for preventing an additional attack from expanding into the wired line.
  • a second component may be a reporting system including a reporting tool.
  • the reporting system may report data, which is arranged with respect to an intrusion into the wireless LAN, to a management system.
  • a network manager may make a determination on the intrusion and make a preparation against future attacks, based on the reported data.
  • a third component may be a proactive wireless prevention module.
  • the proactive wireless prevention module is utilized to perform a proactive DoS attack against a detected wireless attack, and thereby maintain the wireless network to be safe from the intrusion.
  • the wireless prevention module includes an attack function against the detected wireless terminal, and also includes a function of adding the wireless terminal to a blacklist.
  • the wireless prevention module functions to prevent the wireless terminal from accessing the wireless network via the DoS attack, and thereby prevent an additional intrusion of the wireless terminal.
  • MAC Media Access Control
  • a fourth component may be a wireless honeypot module.
  • the wireless honeypot module provides an environment as if the attacking terminal is connected to a corresponding wireless device, while preventing an attacker of the attacking terminal from recognizing the provided environment.
  • the wireless honeypot module may store attack information of the attacker and also acquire information about a predictable attack pattern.
  • FIG. 2 is a flowchart illustrating a method of detecting an intrusion into a wireless network and proactively preventing access by the detected intrusion according to an exemplary embodiment of the present invention.
  • a proactive wireless intrusion preventing system detects an occurrence of the intrusion, based on a database which stores information associated with the intrusion.
  • the database may include a wireless vulnerability database which includes an abnormal traffic database, a detailed wireless LAN intrusion detection database, and a detailed Bluetooth intrusion detection database.
  • the intrusion may include attack signature information which includes all harmful actions to the wireless network or components of the wireless network.
  • operation S210 may include operations S211 through S215.
  • the proactive wireless intrusion preventing system periodically collects a frame associated with a wireless LAN and Bluetooth, and the attack signature information.
  • the attack signature information may include a packet which includes substantial attacking pattern data as information associated with the intrusion.
  • the proactive wireless intrusion preventing system searches the database to check whether the frame corresponds to an attacking frame.
  • the proactive wireless intrusion preventing system determines whether a search result is identical to the attack signature information which is stored in the database. When identical, the proactive wireless intrusion preventing system performs operation S214. Also, when not identical, the proactive wireless intrusion preventing system performs operation S215.
  • the proactive wireless intrusion preventing system compares information associated with the frame, and information associated with the intrusion, which is stored in the database, and when identical, recognizes the frame as the attacking frame and detects an occurrence of the intrusion.
  • the proactive wireless intrusion preventing system forwards the frame to a destination of the frame.
  • the proactive wireless intrusion preventing system allows the frame access in Layer 2 with respect to a Bluetooth device.
  • the proactive wireless intrusion preventing system allows the frame for an association with respect to an access point.
  • the proactive wireless intrusion preventing system acquires additional attack information associated with the intrusion by recognizing a wireless terminal, which generates the intrusion, as an attacking terminal and guides the attacking terminal to a predetermined virtual device.
  • the proactive wireless intrusion preventing system guides the attacking frame to the wireless honeypot, and provides the attacking frame with information identical to information which may be provided in a normal service.
  • the proactive wireless intrusion preventing system misleads a user of the attacking terminal into thinking that the normal service is available, and thus transmit an additional attacking frame via the attacking terminal.
  • the additional attack information may be acquired.
  • the proactive wireless intrusion preventing system stores the additional attack information, which is acquired via the guided attacking frame to the wireless honeypot, in the database.
  • the additional attack information may be utilized as detailed information to determine an integrate Internet threat.
  • the proactive wireless intrusion preventing system prevents an access of the attacking terminal by transmitting a proactive blocking frame to the attacking terminal transmitting an attacking frame to the wireless honeypot.
  • the proactive wireless intrusion preventing system may prevent the attacking terminal, which performs the intrusion, from accessing the wireless network via the proactive DoS attack against the attacking terminal.
  • the proactive wireless intrusion preventing system may extract a MAC address of the attacking terminal, and add the extracted MAC address to a blacklist, and prevent the attacking terminal from accessing the wireless network by continuously monitoring the wireless network with reference to the blacklist.
  • the proactive wireless intrusion preventing system reports all information associated with the intrusion into a network manager terminal of the wireless network.
  • the all information may include the additional attack information which is stored in operation S230.
  • the all information may be reported to the network manager terminal via an email and/or an SMS message.
  • the proactive wireless intrusion preventing system repeats operations S210 through S250 until a termination command is transmitted from the network manager terminal in operation S260.
  • the proactive wireless intrusion preventing system may prevent an attacking terminal from accessing a wireless network by using a proactive DoS attack against the attacking terminal. Also, the proactive wireless intrusion preventing system may improve the safety of the wireless network.
  • a proactive wireless intrusion preventing method which can include attack detection technology for Bluetooth in a wireless LAN intrusion detection system, expand a wireless attack detection rule, and thereby can prevent an intrusion into a wireless LAN and a Bluetooth environment.
  • FIG. 3 is a flowchart illustrating an example of a proactive wireless intrusion preventing method according to an exemplary embodiment of the present invention.
  • a proactive wireless intrusion preventing system collects a frame in a wireless network, searches a database including attack signature information, recognizes the frame including the attack signature information as an attacking frame, and thereby, detects an intrusion into the wireless network.
  • the wireless network includes a wireless LAN and Bluetooth.
  • the attack signature information may include information associated with a WEP cracking attack, a DoS attack, a session hijacking attack, a fake AP attack, and a sniffing attack. Also, each of the attacks may be further classified. Patterns of attacks against Bluetooth may be classified into a DoS attack and an application vulnerability attack.
  • attacks which may be expanded from a wired line to a wireless line may be included in the proactive wireless intrusion preventing system.
  • the attacks may be utilized as a tool capable of preventing an additional attack from expanding into the wired line.
  • the proactive wireless intrusion preventing system performs operation S325. Also, when the attacking frame is detected, the proactive wireless intrusion preventing system performs operation S330. In operation S325, when the attacking frame is not detected, the proactive wireless intrusion preventing system allows the frame to access to Bluetooth equipment or an access point, so that the frame may normally access the wireless network.
  • the proactive wireless intrusion preventing system guides the attacking frame to a wireless honeypot.
  • the wireless honeypot provides a service identical to a service which is provided in a destination of the attacking frame. Specifically, the wireless honeypot provides the attacker of the attacking terminal with the same environment as a normal service and induces the attacker continue to perform an additional attack.
  • the proactive wireless intrusion preventing system extracts additional attack information from the attacking frame which is transmitted for an additional attack, and also extracts attack information, which is included in an additionally transmitted attacking frame, from the attacking terminal of the attacker.
  • the proactive wireless intrusion preventing system prevents an access of the attacking terminal by transmitting a proactive frame to the attacking terminal.
  • the proactive wireless intrusion preventing system maintains a wireless network to be safe from the intrusion via a proactive DoS attack against the detected attacking terminal.
  • the proactive wireless intrusion preventing system includes a function of adding the attacking terminal to a blacklist.
  • the proactive wireless intrusion preventing system prevents the attacking terminal from accessing the wireless network via the DoS attack and thereby prevents an additional intrusion of the attacking terminal.
  • the proactive wireless intrusion preventing system transmits information of the prevented attacking terminal and all other information associated with the intrusion to a terminal of a network manager via an email and/or an SMS message.
  • the proactive wireless intrusion preventing system transmits information of the prevented attacking terminal and all other information associated with the intrusion to a terminal of a network manager via an email and/or an SMS message.
  • the proactive wireless intrusion preventing system may prevent the attacking terminal from accessing the wireless network by transmitting a proactive frame to the detected attacking terminal and using the DoS attack.
  • the proactive wireless intrusion preventing system may prevent the attacking terminal from accessing the wireless network by transmitting a proactive frame to the detected attacking terminal and using the DoS attack.
  • FIG. 4 is a block diagram illustrating an internal configuration of a proactive wireless intrusion preventing system according to an exemplary embodiment of the present invention.
  • the proactive wireless intrusion preventing system includes a collection unit 410, a database 420, a comparison unit 430, a guide unit 440, a processing unit 450, a reporting unit 460, and a storage unit 470.
  • the collection unit 410 periodically collects attack signature information which is included in a frame for a Bluetooth equipment, a wireless terminal, and an access point corresponding to components of a wireless network.
  • the database 420 stores the collected attack signature information.
  • the database 420 may be a wireless vulnerability database which includes an abnormal traffic database, a detailed wireless LAN intrusion detection database, and a detailed Bluetooth intrusion detection database.
  • the proactive wireless intrusion preventing system may further include a search unit (not shown).
  • the search unit searches the database 420 to check whether an attacking frame exists via the wireless frame.
  • the comparison unit 430 compares the attack signature information, which is stored in the database 420, and information associated with the frame. When identical, the frame may be determined as the attacking frame.
  • the guide unit 440 guides the frame, which is determined as the attacking frame in the comparison unit 430, to a wireless honeypot.
  • the wireless honeypot may mislead a user of the attacking terminal into thinking the user receives a normal service and thus, continues to perform an intrusion, by providing a service identical to a service which is provided in a destination of the attacking frame.
  • Attack information including additional attack signature information may be acquired from the continuous intrusion.
  • the processing unit 450 prevents a wireless terminal from accessing the wireless network by transmitting a blocking frame to the wireless terminal which transmits the attacking frame.
  • the blocking frame includes a proactive DoS attack against the attacking terminal.
  • the reporting unit 460 reports information associated with the attacking frame to a network manager terminal of the wireless network via an email and an SMS message. Through the above-described process, the network manager may prepare against an additional attack.
  • the storage unit 470 stores information about an attack including the attacking frame in the database 420.
  • the information when the information is not stored in the database 420, i.e. additional attack signature information, the information may be utilized as reference data for providing the additional attack signature information.
  • the embodiments of the present invention include computer-readable media including program instructions to implement various operations embodied by a computer.
  • the media may also include, alone or in combination with the program instructions, data files, data structures, tables, and the like.
  • the media and program instructions may be those specially designed and constructed for the purposes of the present invention, or they may be of the kind well-known and available to those having skill in the computer software arts.
  • Examples of computer-readable media include magnetic media such as hard disks, floppy disks, and magnetic tape; optical media such as CD ROM disks; magneto-optical media such as optical disks; and hardware devices that are specially configured to store and perform program instructions, such as read- only memory devices (ROM) and random access memory (RAM).
  • the media may also be a transmission medium such as optical or metallic lines, wave guides, etc. including a carrier wave transmitting signals specifying the program instructions, data structures, etc.
  • Examples of program instructions include both machine code, such as produced by a compiler, and files containing higher level code that may be executed by the computer using an interpreter.
  • a proactive wireless intrusion preventing method which can include an attack detection technology for Bluetooth in a wireless LAN intrusion detection system, expand a wireless attack detection rule, and thereby can prevent an intrusion into a wireless LAN and a
  • the present invention it is possible to prevent a possible intrusion from occurring in a wireless network and improve a safety of the wireless network by introducing a proactive wireless intrusion preventing system for performing the proactive wireless intrusion preventing method, and preventing an attacking terminal from accessing the wireless network via a proactive DoS attack against the attacking terminal.
  • the present invention it is possible to acquire detailed information about an attacker's act and thereby, analyze and prepare against an integrated Internet threat by providing a detection function and a prevention function for an attack based on a Bluetooth technology, and monitoring an attack of an attacker associated with an attacking terminal with a wireless honeypot technology.

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Computer Hardware Design (AREA)
  • Computing Systems (AREA)
  • General Engineering & Computer Science (AREA)
  • Data Exchanges In Wide-Area Networks (AREA)
  • Computer And Data Communications (AREA)
  • Mobile Radio Communication Systems (AREA)

Abstract

L'invention concerne un procédé de détection et de prévention d'une intrusion dans un réseau sans fil, le procédé consistant: à détecter une occurrence de l'intrusion, sur la base d'une base de données qui stocke des informations associées à l'intrusion; à acquérir des informations d'attaque supplémentaires associées à l'intrusion par reconnaissance d'un terminal sans fil, qui génère l'intrusion, en tant que terminal attaquant et guidage du terminal attaquant vers un dispositif virtuel prédéterminé; à empêcher le terminal attaquant d'accéder au réseau sans fil par transmission d'une attaque de blocage pro-active au terminal attaquant après stockage des informations d'attaque supplémentaires; et à communiquer l'ensemble des informations associées à l'intrusion à un terminal gestionnaire de réseau du réseau sans fil.
PCT/KR2006/003005 2006-06-26 2006-07-31 Procédé de prévention pro-active d'attaques sans fil et appareil associé WO2008001972A1 (fr)

Applications Claiming Priority (2)

Application Number Priority Date Filing Date Title
KR10-2006-0057554 2006-06-26
KR20060057554 2006-06-26

Publications (1)

Publication Number Publication Date
WO2008001972A1 true WO2008001972A1 (fr) 2008-01-03

Family

ID=38845718

Family Applications (1)

Application Number Title Priority Date Filing Date
PCT/KR2006/003005 WO2008001972A1 (fr) 2006-06-26 2006-07-31 Procédé de prévention pro-active d'attaques sans fil et appareil associé

Country Status (1)

Country Link
WO (1) WO2008001972A1 (fr)

Cited By (14)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US8705407B2 (en) 2010-08-25 2014-04-22 University Of Florida Research Foundation, Inc. Efficient protocols against sophisticated reactive jamming attacks
WO2014172063A1 (fr) * 2013-04-19 2014-10-23 Lastline, Inc. Procedes et systemes pour la generation reciproque de listes de surveillance et de signatures de logiciel malveillant
US9231964B2 (en) 2009-04-14 2016-01-05 Microsoft Corporation Vulnerability detection based on aggregated primitives
US9280369B1 (en) 2013-07-12 2016-03-08 The Boeing Company Systems and methods of analyzing a software component
US9336025B2 (en) 2013-07-12 2016-05-10 The Boeing Company Systems and methods of analyzing a software component
US9396082B2 (en) 2013-07-12 2016-07-19 The Boeing Company Systems and methods of analyzing a software component
US9479521B2 (en) 2013-09-30 2016-10-25 The Boeing Company Software network behavior analysis and identification system
WO2017093724A1 (fr) * 2015-12-01 2017-06-08 Qatar Foundation For Education, Science And Community Development Système et procédé de détection et d'isolement d'activité réseau
US9852290B1 (en) 2013-07-12 2017-12-26 The Boeing Company Systems and methods of analyzing a software component
EP3428827A1 (fr) * 2017-07-11 2019-01-16 The Boeing Company Système de cybersécurité avec des caractéristiques d'apprentissage machine adaptatif
CN114025357A (zh) * 2021-11-04 2022-02-08 中国工商银行股份有限公司 Wi-Fi近源攻击捕获方法及装置、设备、介质和程序产品
EP3852346A4 (fr) * 2018-09-14 2022-06-08 Kabushiki Kaisha Toshiba Dispositif de commande de communication
CN115515140A (zh) * 2022-09-19 2022-12-23 西安紫光展锐科技有限公司 预防无线网络攻击的方法、装置、设备及存储介质
CN118313846A (zh) * 2024-06-07 2024-07-09 浙江正泰仪器仪表有限责任公司 电能表系统及应用于电能表系统的电子封印方法、装置

Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20030236990A1 (en) * 2002-05-20 2003-12-25 Scott Hrastar Systems and methods for network security
US20040128543A1 (en) * 2002-12-31 2004-07-01 International Business Machines Corporation Method and system for morphing honeypot with computer security incident correlation
US20050166072A1 (en) * 2002-12-31 2005-07-28 Converse Vikki K. Method and system for wireless morphing honeypot
US7042852B2 (en) * 2002-05-20 2006-05-09 Airdefense, Inc. System and method for wireless LAN dynamic channel change with honeypot trap
US7058796B2 (en) * 2002-05-20 2006-06-06 Airdefense, Inc. Method and system for actively defending a wireless LAN against attacks

Patent Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20030236990A1 (en) * 2002-05-20 2003-12-25 Scott Hrastar Systems and methods for network security
US7042852B2 (en) * 2002-05-20 2006-05-09 Airdefense, Inc. System and method for wireless LAN dynamic channel change with honeypot trap
US7058796B2 (en) * 2002-05-20 2006-06-06 Airdefense, Inc. Method and system for actively defending a wireless LAN against attacks
US20040128543A1 (en) * 2002-12-31 2004-07-01 International Business Machines Corporation Method and system for morphing honeypot with computer security incident correlation
US20050166072A1 (en) * 2002-12-31 2005-07-28 Converse Vikki K. Method and system for wireless morphing honeypot

Cited By (18)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US9231964B2 (en) 2009-04-14 2016-01-05 Microsoft Corporation Vulnerability detection based on aggregated primitives
US8705407B2 (en) 2010-08-25 2014-04-22 University Of Florida Research Foundation, Inc. Efficient protocols against sophisticated reactive jamming attacks
WO2014172063A1 (fr) * 2013-04-19 2014-10-23 Lastline, Inc. Procedes et systemes pour la generation reciproque de listes de surveillance et de signatures de logiciel malveillant
US8910285B2 (en) 2013-04-19 2014-12-09 Lastline, Inc. Methods and systems for reciprocal generation of watch-lists and malware signatures
US9852290B1 (en) 2013-07-12 2017-12-26 The Boeing Company Systems and methods of analyzing a software component
US9280369B1 (en) 2013-07-12 2016-03-08 The Boeing Company Systems and methods of analyzing a software component
US9336025B2 (en) 2013-07-12 2016-05-10 The Boeing Company Systems and methods of analyzing a software component
US9396082B2 (en) 2013-07-12 2016-07-19 The Boeing Company Systems and methods of analyzing a software component
US9479521B2 (en) 2013-09-30 2016-10-25 The Boeing Company Software network behavior analysis and identification system
WO2017093724A1 (fr) * 2015-12-01 2017-06-08 Qatar Foundation For Education, Science And Community Development Système et procédé de détection et d'isolement d'activité réseau
EP3428827A1 (fr) * 2017-07-11 2019-01-16 The Boeing Company Système de cybersécurité avec des caractéristiques d'apprentissage machine adaptatif
CN109246072A (zh) * 2017-07-11 2019-01-18 波音公司 具有自适应机器学习特征的网络安全系统
US10419468B2 (en) 2017-07-11 2019-09-17 The Boeing Company Cyber security system with adaptive machine learning features
EP3852346A4 (fr) * 2018-09-14 2022-06-08 Kabushiki Kaisha Toshiba Dispositif de commande de communication
CN114025357A (zh) * 2021-11-04 2022-02-08 中国工商银行股份有限公司 Wi-Fi近源攻击捕获方法及装置、设备、介质和程序产品
CN114025357B (zh) * 2021-11-04 2024-02-02 中国工商银行股份有限公司 Wi-Fi近源攻击捕获方法及装置、设备、介质和程序产品
CN115515140A (zh) * 2022-09-19 2022-12-23 西安紫光展锐科技有限公司 预防无线网络攻击的方法、装置、设备及存储介质
CN118313846A (zh) * 2024-06-07 2024-07-09 浙江正泰仪器仪表有限责任公司 电能表系统及应用于电能表系统的电子封印方法、装置

Similar Documents

Publication Publication Date Title
WO2008001972A1 (fr) Procédé de prévention pro-active d'attaques sans fil et appareil associé
JP5682083B2 (ja) 疑わしい無線アクセスポイントの検出
Hongsong et al. Security and trust research in M2M system
KR101217647B1 (ko) 특정 소스/목적지 ip 어드레스 쌍들에 기초한 ip 네트워크들에서 서비스 거부 공격들에 대한 방어 방법 및 장치
KR101038387B1 (ko) 원치 않는 트래픽 검출 방법 및 장치
US20160232349A1 (en) Mobile malware detection and user notification
CN107197456B (zh) 一种基于客户端的识别伪ap的检测方法及检测装置
US9124617B2 (en) Social network protection system
WO2003084122A1 (fr) Systeme et procede de detection par intrusion utilisant la surveillance etendue
Sharma et al. Multi-layer defense against malware attacks on smartphone wi-fi access channel
KR20080026122A (ko) 타겟 희생자 자체-식별 및 제어에 의해 ip네트워크들에서 서비스 거부 공격들에 대한 방어 방법
Chen et al. An intelligent WLAN intrusion prevention system based on signature detection and plan recognition
Agrawal et al. The performance analysis of honeypot based intrusion detection system for wireless network
BalaGanesh et al. Smart devices threats, vulnerabilities and malware detection approaches: a survey
Agrawal et al. Wireless rogue access point detection using shadow honeynet
Lovinger et al. Detection of wireless fake access points
Patel et al. A Snort-based secure edge router for smart home
JP2005134972A (ja) ファイアウォール装置
KR101186873B1 (ko) 시그니쳐 기반 무선 침입차단시스템
KR101747144B1 (ko) 비인가 ap 차단 방법 및 시스템
KR100977827B1 (ko) 악성 웹 서버 시스템의 접속탐지 장치 및 방법
CN113328976B (zh) 一种安全威胁事件识别方法、装置及设备
Hsu et al. A passive user‐side solution for evil twin access point detection at public hotspots
CN114465746B (zh) 一种网络攻击控制方法及系统
Sieka Using radio device fingerprinting for the detection of impersonation and sybil attacks in wireless networks

Legal Events

Date Code Title Description
121 Ep: the epo has been informed by wipo that ep was designated in this application

Ref document number: 06783464

Country of ref document: EP

Kind code of ref document: A1

NENP Non-entry into the national phase

Ref country code: DE

NENP Non-entry into the national phase

Ref country code: RU

122 Ep: pct application non-entry in european phase

Ref document number: 06783464

Country of ref document: EP

Kind code of ref document: A1