This disclosure relates to wireless network security systems and methods, and more particularly to systems and methods for using spectrum and power measurement analysis for intrusion detection in wireless networks. The proposed methods may be used for identifying and locating sources of interference as well as improving channel monitoring to detect intrusions and unauthorized wireless activity.
Wireless Local Area Networks (WLANs) offer a quick and effective extension of a wired network or standard local area network (LAN). WLAN devices comprise a combination of wireless access points (APs), WLAN cards, and other devices. WLAN devices comprise a wireless radio configured to tune to a specified wireless channel to transmit and receive packets. The channels correspond to a center frequency and bandwidth of the wireless spectrum.
WLANs have proliferated due to the standardization of the Institute of Electrical and Electronics Engineers (IEEE) 802.11 family of protocols and the availability of license free radio frequency (RF) spectrum for communication across the globe. WLANs typically use the 2.4 GHz and 5 GHz bands for communications in the United States. In the United States, the Federal Communications Commission (FCC) has designated these bands along with the 900 MHz band for license-free Industrial, Scientific and Medical (ISM). While WLANs offer flexibility and ease of use, the unlicensed spectrum that they use often result in degraded performance due to interference from other ISM band devices such as, for example, cordless phones, microwave ovens, baby monitors, and Bluetooth devices.
Existing Wireless Intrusion Prevention Systems (WIPS) are configured to detect and terminate unauthorized devices from a WLAN. However, unauthorized devices may attempt to channel hop whereby they move from one channel to another to avoid detection and termination. Thus, a persistent unauthorized device may hop to different channels to escape detection from the WIPS. Since WLANs may have multiple channels, WIPS can encounter difficulty in determining to which channel the unauthorized device has moved. Spectrum analysis may provide a means to narrow down which channels are in use, allowing a WIPS to monitor these channels for the unauthorized device.
Existing systems and methods exist for frequency analysis. However, such systems and methods involve additional equipment such as a spectrum analyzer. Spectrum analyzers can cost thousands of dollars and are not widely deployed in WLANs. Other systems and methods include expensive hardware solutions that use Digital Signal Processing (DSP) of time domain samples are used to perform spectral analysis. Similarly, these systems and methods involve additional hardware that is not widely deployed in WLANs.
This disclosure illustrates systems and methods for using existing wireless devices to serve as a spectrum analyzer. In addition to providing network communication, wireless radios in WLANs can be used to provide signal and noise power measurements. These measurements can be stored and analyzed by existing computers in the WLAN to provide a spectrum analysis with no additional hardware components in the WLAN.
A method for using wireless radios for spectral analysis by connecting to the wireless radios, setting a center frequency and bandwidth on the wireless radios, receiving power measurements from the plurality of wireless radios; and repeating the connecting, setting and receiving steps for a number of frequencies of the wireless network.
A method for identifying interference in a wireless network based on spectral analysis by scanning channels of the wireless network for power measurements, receiving power measurements from the plurality of wireless radios, repeating the scanning and receiving steps until a predetermined time has elapsed or substantially all channels have been measured, and constructing a spectrogram based on the power measurements for the channels.
A method for using spectral analysis to determine which channels to monitor for detecting attacks and unauthorized activity on a wireless network by scanning substantially all channels of the wireless network for power measurements, identifying which channels are in use responsive to power measurements, wherein the channels in use comprise channels with high signal power measurements, and updating channel monitoring patterns responsive to which channels are in use.