A wireless network generally represents a communication network formed by devices communicating wirelessly over a wireless medium. Some examples of wireless networks include wireless local area networks (WLAN) and cellular communication networks.
Wireless devices forming part of a wireless network generally connect to and operate in the wireless network without requiring fixed or known locations, unlike a wired network where wired devices are generally located at known connection points. Consequently, compared to wired networks, there is generally an enhanced probability for an unauthorized or “rogue” wireless device to connect to a wireless network. In general, an “intruder” represents any system or device transmitting unauthorized (or otherwise undesirable) packets to a wireless network. These “intrusions” in a wireless network are generally undesirable, and an intrusion detection system may be employed in the wireless network to detect and/or prevent these intrusions.
In a prior intrusion detection system, a wireless security component is deployed in a wireless network, and the wireless security component monitors all or most of the communication traffic (data packets) received on the wireless network. For example, the wireless security component may store the packets and then analyze the stored packets to detect any anomalies that suggest possible intrusions.
One problem with this type of approach is that the wireless devices in a wireless network are often memory constrained and/or power constrained. This may be a particular problem in environments such as industrial process control systems. Constrained devices may include wireless field devices (such as wireless sensors) and other wireless devices (such as intermediate nodes). This problem often presents difficulties when the wireless security component must reside on and be executed by the constrained wireless devices.