Detection of unauthorized wireless personal area network low energy devices

摘要

In an approach for determining an unauthorized device, a computer receives detection information from a computing device, wherein the detection information includes a broadcast transmission from one or more devices. The computer creates a state trajectory map based on the received detection information, wherein the state trajectory map identifies connections between at least the computing device and a first device of the one or more devices and the computing device and a second device of the one or more devices. The computer one or more anomalies within the created state trajectory map. The computer determines an unauthorized device based on the determined one or more anomalies.

主权项

1. A computer program product for determining an unauthorized device, the computer program product comprising:
one or more non-transitory computer readable storage media and program instructions stored on the one or more non-transitory computer readable storage media, the program instructions comprising: program instructions to receive detection information from a computing device, wherein the detection information includes a broadcast transmission from one or more devices that are beacons associated with an indoor positioning system; program instructions to create a state trajectory map based on the received detection information, wherein the state trajectory map identifies connections between at least the computing device and a first device of the one or more devices and the computing device and a second device of the one or more devices; program instructions to retrieve a baseline state trajectory map from memory wherein the baseline state trajectory map is based on a location of identified devices and a physical layout of a building within the indoor positioning system; program instructions to perform a comparison of the created state trajectory map to the baseline state trajectory map; program instructions to determine whether at least one state anomaly is present within the created state trajectory map based on the comparison, wherein the at least one state anomaly includes one or more of: a single state anomaly and a multiple state anomaly; program instructions to identify a connection within the created state trajectory map associated with the determined at least one state anomaly; program instructions to add the identified connection associated with the determined state anomaly to a suspicious state list; responsive to determining at least one state anomaly is present within the created state trajectory map based on the comparison, program instructions to parse the created state trajectory map into one or more sub-trajectories that identify individual connections within the created state trajectory map; program instructions to identify the parsed one or more sub-trajectories that do not include the at least one determined state anomaly; program instructions to determine whether the identified one or more sub-trajectories that do not include the at least one determined state anomaly include a transitional anomaly; program instructions to add a sub-trajectory associated with the transitional anomaly to the suspicious state list; program instructions to analyze the suspicious state list for one or more of the following: high frequency of occurrence of a universally unique identifier, and multiple connections with multiple state changes associated with a universally unique identifier; program instructions to determine an unauthorized device based on the analyzed suspicious state list; and program instructions to report the determined unauthorized device.