Solutions pertaining to improvement in the security of a Wi-Fi Protected Setup (WPS) procedure are proposed. An access point (AP) determines that a WPS procedure is activated. In response, the AP varies a transmission (Tx) power in transmitting one or more WPS management frames during the WPS procedure. Moreover, the AP configures one or more credentials to a station (STA) in response to receiving one or more management frames from the STA.

Systems and methods for tracking mobile devices are provided. One system comprises at least one processor and memory storing code which when executed by the at least one processor configure the at least one processor to perform a method of tracking a mobile device. The method comprises receiving a disassemble international mobile subscriber identity (IMSI) attach message from a base station, identifying the identified mobile device within a location area using the IMSI and LAI, receiving a decode and capture message from the base station, and identifying the unidentified mobile device as being the identified mobile device within the location area. The disassemble IMSI attach message includes an IMSI and a location area identity (LAI) associated with an identified mobile device. The decode and capture message includes a temporary mobile subscriber identity (TMSI) and LAI associated with an unidentified mobile device.

Systems and methods for tracking mobile devices are provided. One system comprises at least one processor and memory storing code which when executed by the at least one processor configure the at least one processor to perform a method of tracking a mobile device. The method comprises receiving a disassemble international mobile subscriber identity (IMSI) attach message from a base station, identifying the identified mobile device within a location area using the IMSI and LAI, receiving a decode and capture message from the base station, and identifying the unidentified mobile device as being the identified mobile device within the location area. The disassemble IMSI attach message includes an IMSI and a location area identity (LAI) associated with an identified mobile device. The decode and capture message includes a temporary mobile subscriber identity (TMSI) and LAI associated with an unidentified mobile device.

A computer-implemented method for managing a memory in a network to which a unit for detecting or preventing undesirable network intrusions is assigned. A first message is received by a user of the network in the process. If the first message is to be stored, a second message is randomly selected from the messages stored in the memory, the randomly selected second message is deleted from the memory, and the first message is stored in the memory.

Embodiments are disclosed that include systems and methods performed by vehicle-to-everything (V2X) system participant to determine whether a misbehavior condition may have occurred based on the generation and/or receipt of a V2X message. The detection of a misbehavior condition may occur if the V2X message is generated and/or received too frequently or not frequently enough. In addition, a misbehavior condition may be detected if the generated and/or received V2X message does include the appropriate security credential.

Embodiments are disclosed that include systems and methods performed by vehicle-to-everything (V2X) system participant to determine whether a misbehavior condition may have occurred based on the generation and/or receipt of a V2X message. The detection of a misbehavior condition may occur if the V2X message is generated and/or received too frequently or not frequently enough. In addition, a misbehavior condition may be detected if the generated and/or received V2X message does include the appropriate security credential.

Systems and methods are provided for managing false positives in a network anomaly detection system. The methods may include receiving a plurality of anomaly reports; extracting fields, and values for the fields, from each of the anomaly reports; grouping the anomaly reports into a plurality of groups according to association rule learning, wherein each group is defined by a respective rule; for each group, creating a cluster based on common values for the fields; and marking each cluster as a possible false positive anomaly cluster.

Provided herein are a wireless intrusion prevention system, a wireless network system including the wireless intrusion prevention system, and a method for operating the wireless network system. Of these, the wireless intrusion prevention system includes an access point, a plurality of stations configured to transmit/receive a wireless frame to/from the access point over a wireless network, and a wireless intrusion prevention system configured to monitor the wireless frame, wherein the wireless intrusion prevention system transmits a dis-association request to a specific station, among the plurality of stations, and prevents the access point from responding to the specific station.

Methods, systems, and devices for wireless communications are described. A communication device may detect vehicle-to-everything (V2X) fuzzing attacks. The communication device may receive a set of packets. Each packet of the set of packets includes a set of information element (IE) fields. The communication device determine a change to one or more IE fields of the set of IE fields and associated with at least a subset of packets of the set of packets based on comparing a respective value associated with each of the one or more IE fields to a respective default value associated with each of the one or more IE fields. As a result, the communication device may transmit a report indicating a plurality of fuzzing attacks at the communication device.

Methods, systems, and devices for wireless communications are described. A communication device may detect vehicle-to-everything (V2X) fuzzing attacks. The communication device may receive a set of packets. Each packet of the set of packets includes a set of information element (IE) fields. The communication device determine a change to one or more IE fields of the set of IE fields and associated with at least a subset of packets of the set of packets based on comparing a respective value associated with each of the one or more IE fields to a respective default value associated with each of the one or more IE fields. As a result, the communication device may transmit a report indicating a plurality of fuzzing attacks at the communication device.