Geographical intrusion response prioritization mapping through authentication and flight data correlation
First Claim
Patent Images
1. A method for displaying data associated with a cyber-attack threat against an airline, comprising:
- receiving threat data associated with a network point of an airline, wherein the threat data relates to at least one of a vulnerability or an intrusion;
retrieving flight identification data from a flight information database in response to receiving the threat data, wherein the flight identification data comprises an Internet Protocol (IP) address of the network point;
retrieving flight location data from a flight location database using the flight identification data;
correlating the threat data, the flight identification data, and the flight location data to generate a record using a processor, wherein the threat data comprises a source IP address and a destination IP address, and wherein correlating comprises associating the IP address of the flight identification data with at least one of the source IP address of the threat data and the destination IP address of the threat data; and
outputting a graphical representation reflecting the record.
9 Assignments
0 Petitions
Accused Products
Abstract
Preferred systems and methods for geographically mapping intrusions through network or authentication data and flight data correlation are described. In one aspect, methods and systems include receiving threat data, receiving network or authentication data, receiving flight location data, correlating the threat data and the network or authentication data with the flight location data to generate map data, and generating a map displaying a geographical location of the intrusion based on the map data.
-
Citations
18 Claims
-
1. A method for displaying data associated with a cyber-attack threat against an airline, comprising:
-
receiving threat data associated with a network point of an airline, wherein the threat data relates to at least one of a vulnerability or an intrusion; retrieving flight identification data from a flight information database in response to receiving the threat data, wherein the flight identification data comprises an Internet Protocol (IP) address of the network point; retrieving flight location data from a flight location database using the flight identification data; correlating the threat data, the flight identification data, and the flight location data to generate a record using a processor, wherein the threat data comprises a source IP address and a destination IP address, and wherein correlating comprises associating the IP address of the flight identification data with at least one of the source IP address of the threat data and the destination IP address of the threat data; and outputting a graphical representation reflecting the record. - View Dependent Claims (2, 3, 4, 5, 6)
-
-
7. A method for displaying data associated with a cyber-attack threat against an airline, comprising:
-
receiving threat data associated with a network point of an airline network, wherein the threat data relates to at least one of a vulnerability or an intrusion; identifying an Internet Protocol (IP) address associated with the network point; retrieving a router address corresponding to the network point from an Address Routing Protocol KARP) database using the IP address associated with the network point; retrieving a geographical location for the network point from a network location database using the router address; correlating the threat data and the geographical location to generate a map database record using a processor, wherein the threat data comprises a source IP address and a destination IP address, and wherein correlating comprises associating the geographical location with at least one of the source IP address of the threat data and the destination IP address of the threat data; and outputting the map database record. - View Dependent Claims (8, 9, 10, 11, 12)
-
-
13. A method for displaying data associated with a cyber-attack threat against an airline network, comprising:
-
receiving vulnerability information identifying a network vulnerability at a network vulnerability point; identifying, based on the vulnerability information, an Internet Protocol (IP) address associated with the network vulnerability point; retrieving, from an Address Routing Protocol (ARP) database using the IP address associated with the network vulnerability point, an address corresponding to the network vulnerability point using a processor, wherein the ARP database resides in a router on the network; retrieving, from a network location database using the address corresponding to the network vulnerability point, geographical location information associated with the network vulnerability point; storing a vulnerability record for the network vulnerability point reflecting a current status of a mitigation response to the network vulnerability; and outputting a graphical representation reflecting the vulnerability record. - View Dependent Claims (14, 15, 16, 17, 18)
-
Specification