LiteSOC Blog
Back to all articles
Case Study

Understanding Impossible Travel Detection

Deep dive into how LiteSOC detects impossible travel attacks using the Haversine formula and behavioral analysis.

February 25, 2026
2 min read
Share on X
Understanding Impossible Travel Detection

Impossible travel is one of the most reliable indicators of account compromise. When a user appears to log in from two distant locations in an impossibly short timeframe, something is wrong.

What is Impossible Travel?

Impossible travel occurs when authentication events happen from geographic locations that would be physically impossible to travel between in the given time window.

For example:

  • Login from New York at 10:00 AM
  • Login from London at 10:30 AM
  • Distance: ~5,500 km
  • Time needed (by plane): ~7 hours

This is a clear indicator of credential theft.

The Haversine Formula

LiteSOC uses the Haversine formula to calculate the great-circle distance between two points on Earth:

function haversineDistance(
  lat1: number, lon1: number,
  lat2: number, lon2: number
): number {
  const R = 6371; // Earth's radius in km
  const dLat = toRad(lat2 - lat1);
  const dLon = toRad(lon2 - lon1);
  
  const a = 
    Math.sin(dLat / 2) * Math.sin(dLat / 2) +
    Math.cos(toRad(lat1)) * Math.cos(toRad(lat2)) *
    Math.sin(dLon / 2) * Math.sin(dLon / 2);
    
  const c = 2 * Math.atan2(Math.sqrt(a), Math.sqrt(1 - a));
  return R * c;
}

Threshold Calculation

We assume a maximum travel speed of 1,000 km/h (faster than commercial flights) to account for:

  • Private jets
  • Multiple connecting flights
  • Time zone variations

If the required speed exceeds this threshold, we flag it as impossible travel.

False Positive Mitigation

Not all impossible travel is malicious. LiteSOC accounts for:

  • VPN Usage: Detected via IP intelligence
  • Known Devices: Same device fingerprint reduces risk
  • Business Travel Patterns: Learned over time

Conclusion

Impossible travel detection is a powerful tool in your security arsenal. LiteSOC makes it automatic — no configuration required.