Network traffic monitoring devices and monitoring systems include a communication module for capturing wireless communications of a wireless device. Processing circuitry is coupled with the communications module and configured to form a new cluster or refine an existing cluster from the captured wireless communications, in which the cluster includes wireless communications having one or more relevant parameters. The processing circuitry is also configured to generate/refine at least one rule set relating to the clusters, create an updated rule set by combining the one or more rule sets to current rule sets, and to compare the captured wireless communications to the updated rule set to determine whether the wireless communications pose a potential threat. Methods of monitoring network traffic are also provided.
GOVERNMENT RIGHTS STATEMENT
 The United States Government has certain rights in this invention pursuant to Contract No. DE-AC07-05ID14517 between the United States Department of Energy and Battelle Energy Alliance, LLC.