Fortinet, Inc.
INTRUSION DETECTION IN A WIRELESS NETWORK USING LOCATION INFORMATION OF WIRELESS DEVICES

Abstract:

Systems and methods for detecting and/or preventing intrusions in a wireless network based on location information of wireless devices are provided. According to one embodiment, a database is maintained by a wireless network security system that includes historical location information and a media access control (MAC) address for multiple wireless devices observed by wireless access points (APs) of a wireless network of an enterprise. Information regarding one or more probe signals originated by a wireless device of the multiple wireless devices is received by the wireless network security system from the multiple APs. A location of the wireless device is determined by the wireless network security system based on the information. A potential attack being conducted by the wireless device or in which the wireless device is involved is identified based on one or more of behavior exhibited by the wireless device, the location and the database.