| 发明名称 |
Method and apparatus for network intrusion detection |
| 摘要 |
The current invention discloses a method and apparatus to detect and mitigate network intrusion by collecting a first log of wireless network traffic in the vicinity of an area and a second log of network traffic from a switch port connected to the area; pre-processing the logs; and then detecting the presence of unauthorized access points (APs) by attempting to identify matching patterns in the pre-processed first and second logs. |
| 申请公布号 |
US8752175(B2) |
申请公布日期 |
2014.06.10 |
| 申请号 |
US200813126335 |
申请日期 |
2008.10.31 |
| 申请人 |
Hewlett-Packard Development Company, L.P. |
发明人 |
Porter Richard H. |
| 分类号 |
H04L29/06 |
主分类号 |
H04L29/06 |
| 代理机构 |
|
代理人 |
|
| 主权项 |
1. A method to detect network intrusion comprising:
collecting a first log of packets in wireless network traffic in the vicinity of an area suspected to have one or more unauthorized access points (APs) and a second log of packets in network traffic from a switch port connected to the area, the first and second logs comprise at least one captured packet representing network traffic; pre-processing the first and second logs, including removing protocol overhead from the at least one captured packet in the first log and the at least one captured packet in the second log to obtain payload contents of the captured packets in the first and second logs; analyzing the payload contents of the captured packets in the pre-processed first log and the pre-processed second log to identify matching patterns, wherein sub-sequences of the at least one captured packet in the pre-processed first log are matched to sub-sequences of the captured at least one packet in the pre-processed second log; and generating a response based on a set of rules in response to an identification of matching patterns in the sub-sequences.
|
| 地址 |
Houston TX US |
