Geographical intrusion response prioritization mapping through authentication and flight data correlation
IPC분류정보
국가/구분
United States(US) Patent
등록
국제특허분류(IPC7판)
G06F-012/12
H04L-029/06
G06F-021/55
G08G-005/00
H04L-012/24
H04L-029/12
출원번호
US-0065333
(2013-10-28)
등록번호
US-9591004
(2017-03-07)
발명자
/ 주소
McConnell, James T.
Tucker, Steven
출원인 / 주소
Palo Alto Networks, Inc.
대리인 / 주소
Van Pelt, Yi & James LLP
인용정보
피인용 횟수 :
0인용 특허 :
56
초록▼
Preferred systems and methods for geographically mapping intrusions through network or authentication data and flight data correlation are described. In one aspect, methods and systems include receiving threat data, receiving network or authentication data, receiving flight location data, correlatin
Preferred systems and methods for geographically mapping intrusions through network or authentication data and flight data correlation are described. In one aspect, methods and systems include receiving threat data, receiving network or authentication data, receiving flight location data, correlating the threat data and the network or authentication data with the flight location data to generate map data, and generating a map displaying a geographical location of the intrusion based on the map data.
대표청구항▼
1. A method for displaying data associated with a cyber-attack threat against an airline, comprising: receiving threat data associated with a network point of an airline, wherein the threat data relates to at least one of a vulnerability or an intrusion;retrieving flight identification data from a f
1. A method for displaying data associated with a cyber-attack threat against an airline, comprising: receiving threat data associated with a network point of an airline, wherein the threat data relates to at least one of a vulnerability or an intrusion;retrieving flight identification data from a flight information database in response to receiving the threat data, wherein the flight identification data comprises an Internet Protocol (IP) address of the network point;retrieving flight location data from a flight location database using the flight identification data;correlating the threat data, the flight identification data, and the flight location data to generate a record using a processor, wherein the threat data comprises a source IP address and a destination IP address, and wherein correlating comprises associating the IP address of the flight identification data with at least one of the source IP address of the threat data and the destination IP address of the threat data; andoutputting a graphical representation reflecting the record. 2. The method of claim 1, wherein outputting the graphical representation comprises graphically distinguishing the record based on a current status of a mitigation response to the threat. 3. The method of claim 1, wherein the threat data further comprises an attack event name. 4. The method of claim 3, wherein the record comprises the attack event name, the destination IP address, and the flight location data. 5. The method of claim 1, wherein the flight identification data further comprises at least one of authentication information of a user and aircraft information. 6. The method of claim 1, wherein the flight location data comprises aircraft information and a current aircraft location. 7. A method for displaying data associated with a cyber-attack threat against an airline, comprising: receiving threat data associated with a network point of an airline network, wherein the threat data relates to at least one of a vulnerability or an intrusion;identifying an Internet Protocol (IP) address associated with the network point;retrieving a router address corresponding to the network point from an Address Routing Protocol KARP) database using the IP address associated with the network point;retrieving a geographical location for the network point from a network location database using the router address;correlating the threat data and the geographical location to generate a map database record using a processor, wherein the threat data comprises a source IP address and a destination IP address, and wherein correlating comprises associating the geographical location with at least one of the source IP address of the threat data and the destination IP address of the threat data; andoutputting the map database record. 8. The method of claim 7, further comprising indicating in the map database record when the at least one of a vulnerability or an intrusion is new. 9. The method of claim 7, wherein outputting the map database record comprises graphically distinguishing the map database record based on a current status of a mitigation response to the threat. 10. The method of claim 9, further comprising updating the map database record based on a change in the current status of the mitigation response to the threat. 11. The method of claim 7, wherein the threat data further comprises an attack event name. 12. The method of claim 7, wherein the network location database resides in a router on the airline network. 13. A method for displaying data associated with a cyber-attack threat against an airline network, comprising: receiving vulnerability information identifying a network vulnerability at a network vulnerability point;identifying, based on the vulnerability information, an Internet Protocol (IP) address associated with the network vulnerability point;retrieving, from an Address Routing Protocol (ARP) database using the IP address associated with the network vulnerability point, an address corresponding to the network vulnerability point using a processor, wherein the ARP database resides in a router on the network;retrieving, from a network location database using the address corresponding to the network vulnerability point, geographical location information associated with the network vulnerability point;storing a vulnerability record for the network vulnerability point reflecting a current status of a mitigation response to the network vulnerability; andoutputting a graphical representation reflecting the vulnerability record. 14. The method of claim 13, wherein the network vulnerability comprises a plurality of vulnerabilities corresponding to different computers on the airline network. 15. The method of claim 13, further comprising adjusting the graphical representation based on a quantity of identified network vulnerability points in a geographical area. 16. The method of claim 13, further comprising updating the current status of the mitigation response to the network vulnerability indicated by the vulnerability record. 17. The method of claim 16, further comprising adjusting the graphical representation to reflect a change of the current status of the mitigation response to the network vulnerability. 18. The method of claim 13, further comprising indicating in the vulnerability record when the network vulnerability is new.
연구과제 타임라인
LOADING...
LOADING...
LOADING...
LOADING...
LOADING...
이 특허에 인용된 특허 (56)
Hill Douglas W. ; Lynn James T., Adaptive system and method for responding to computer network security attacks.
Grandin, Ronan Fran.cedilla.ois Daniel; Stevenson, David James; Gray, Andrew Hunter; Gray, Neil William, Apparatus and method for providing improved stress thresholds in network management systems.
Richardson,David E., Dynamically drilling-down through a health monitoring map to determine the health status and cause of health problems associated with network objects of a managed network environment.
James E. Kracht, Mechanism for determining actual physical topology of network based on gathered configuration information representing true neighboring devices.
Cochran, Charles W.; York, Justin E.; Schunicht, Geoffery A.; Hansen, Peter A., Method and apparatus for automatic monitoring of simple network management protocol manageable devices.
Cook, Mark Douglas; Valentine, Simon Peter; Jones, Paul Robert, Program method and apparatus providing elements for interrogating devices in a network.
Cohen, Alexander J.; Jung, Edward K. Y.; Lord, Robert W.; Rinaldo, Jr., John D.; Tegreene, Clarence T.; Levien, Royce A.; Malamud, Mark A., Signal routing dependent on a loading indicator of a mobile node.
Williams, John Leslie; Costello, Brian; Ravenel, John Patrick; Ritter, Stephen J.; Pelly, John; Rutherford, M. Celeste; Payne, John, System and method for automated policy audit and remediation management.
Hoyt, Travis E.; Cimijotti, Mark T.; Upchurch, II, Jack D.; Legette, Tyron; Stranathan, William T.; Lang, Robert A., System and method for management of vulnerability assessment.
McClure, Stuart C.; Kurtz, George; Keir, Robin; Beddoe, Marshall A.; Morton, Michael J.; Prosise, Christopher M.; Cole, David M.; Abad, Christopher, System and method for network vulnerability detection and reporting.
DeLuca,Steve A; Darcy,Paul B; Kiernan,Casey L; Martin,Sally J; Lee,Juhan; Hodge,Kevin A; Snover,Jeffrey P, System and method for providing a server control interface.
Du,Weimin; Rahman,Anisur; Banerjee,Raja; Gharat,Sunil, System and method for suppressing out-of-order side-effect alarms in heterogenoeus integrated wide area data and telecommunication networks.
Norman,Stuart; Halasz,David E., System and method of controlling access by a wireless client to a network that utilizes a challenge/handshake authentication protocol.
Andres, Steven G.; Cole, David M.; Cummings, Thomas Gregory; Garcia, Roberto Ramon; Kenyon, Brian Michael; Kurtz, George R.; McClure, Stuart Cartier; Moore, Christopher William; O'Dea, Michael J.; Saruwatari, Ken D., System and method of managing network security risks.
Garrett ; Sr. Charles N. (Wilmington NC) Garrett Anthony F. (Greer SC) Reed Brent W. (Greenville SC) Lovegrove William P. (Greenville SC), System for monitoring vehicles during a crisis situation.
Weinberger, Alan J.; Renton, Joseph J.; Neugaubauer, Rick, Transaction dispatcher for a passenger entertainment system, method and article of manufacture.
Park, Young-Man; Lee, Seong-Choon; Tcha, Yong-Joo, Two-factor authenticated key exchange method and authentication method using the same, and recording medium storing program including the same.
※ AI-Helper는 부적절한 답변을 할 수 있습니다.