1. A method for achieving synchronization to a wireless communication system transmitting data in a plurality of data packets employing a plurality of known frequencies determined using at least two characteristics alternating in accordance with a known method, wherein at least one of said two characteristics is contained in at least one transmitted data packet, said method comprising the steps of:
recording a time of occurrence for each of a plurality of occurrences of a selected one of said plurality of frequencies;
determining a first characteristic from said at least one transmitted data packet received on said selected frequency;
determining a second characteristic wherein said first characteristic, said determined second characteristic and each of said recorded times of occurrences generate said selected frequency at each of said recorded occurrences of said selected frequency;
determining a time period for determining said first and second characteristic; and
adjusting said second characteristic by said time period.
2. The method as recited in claim 1 wherein said time of occurrence is representative of a measure relative to a time of a first occurrence of said selected frequency.
3. The method as recited in claim 1 wherein said time of occurrence is representative of an absolute measure of time.
4. The method as recited in claim 1 wherein the step of determining said first characteristic comprises:
isolating a known number of information items at a known position within said data packet.
5. The method as recited in claim 1 wherein the step of determining said second characteristic further comprises the steps of:
hypothesizing said second characteristic;
determining a resultant frequency value based on said determined first characteristic and said hypothesized second characteristic; and
storing said hypothesized second characteristic when said resultant frequency value equals said selected frequency.
6. The method as recited in claim 1 wherein said at least one first characteristic is encoded using a known encoding value and process.
7. The method as recited in claim 6 wherein said first characteristic is decoded by reversing said encoding process.
8. The method as recited in claim 7 wherein said decoding processing further comprises the step of;
hypothesizing a decoding value; and
altering said hypothesized decoding value until said encoding value is determined.
9. The method as recited in claim 1 wherein said wireless communication system is a BLUETOOTH system.
10. A system for achieving synchronization to a wireless communication system transmitting data in a plurality of data packets employing a plurality of known frequencies determined in accordance with at least two characteristics alternating using a known method, wherein at least one of said two characteristics is contained in at least one transmitted data packet, said system comprising:
a receiving unit in communication with a processor and memory wherein said processor is operable to execute code to:
tune said receiver to a select one of said plurality of frequencies;
record a time of occurrence for each of a plurality of occurrences of said selected frequency;
determine said first characteristic from said at least one transmitted data packet received on said selected frequency;
determine said second characteristic wherein said determined first characteristic, said determined second characteristic and each of said recorded times of occurrences generate said selected frequency at each of said recorded occurrences of said selected frequency;
determine a time period for determining said first and second characteristic; and
adjust said second characteristic by said time period.
11. The system as recited in claim 10 wherein said time of occurrence is representative of a measure relative to a time of a first occurrence of said selected frequency.
12. The system as recited in claim 10 wherein said time of occurrence is representative of an absolute measure of time.
13. The system as recited in claim 10 wherein said processor is further operable to execute code to:
isolate a known number of bits at a known position within said data packet.
14. The system as recited in claim 10 wherein said processor is further operable to execute code to:
hypothesize said second characteristic;
determine a resultant frequency value based on said determined first characteristic and said hypothesized second characteristic; and
store said hypothesized second characteristic when said resultant frequency value equals said selected frequency.
15. The system as recited in claim 10 wherein said processor is further operable to execute code to:
extract a known number of information items from a known position within said data packets.
16. The system as recited in claim 10 wherein said first characteristic is encoded using a known encoding value and process.
17. The system as recited in claim 16 wherein said processor is further operable to execute code to:
determine said first characteristic is decoded by reversing said encoding process.
18. The system as recited in claim 17 wherein said processor is further operable to execute code to:
hypothesize a decoding value; and
alter said hypothesized decoding value until said encoding value is determined.
19. The system as recited in claim 10 wherein said code is contained in said memory.
20. The system as recited in claim 10 wherein said wireless communication system is a BLUETOOTH system.
21. A method for blindly determining characteristics used for the generation of a plurality of frequencies in a frequency hopping wireless communication system transmitting data in a plurality of data packets, wherein a first one of said characteristics is contained in at least one of said transmitted data packets, said method comprising the steps of:
recording a time of occurrence for each of a plurality of occurrences of a selected one of said plurality of frequencies;
determining said first characteristic from said at least one transmitted data packet received on said selected frequency; and
determining at least one second characteristic wherein said first characteristic, said determined at least one second characteristic and each of said recorded times of occurrences generate said selected frequency at each of said recorded occurrences of said selected frequency wherein said first characteristic comprises a lower address part (LAP) of a BLUETOOTH message.
22. The method as recited in claim 21 wherein said time of occurrence is representative of a measure relative to a time of a first occurrence of said selected frequency.
23. The method as recited in claim 21 wherein said time of occurrence is representative of an absolute measure of time.
24. The method as recited in claim 21 wherein the step of determining first characteristic comprises:
isolating a known number of information items at a known position within said data packet.
25. The method as recited in claim 21 wherein the step of determining said at least one second characteristic further comprises the steps of:
hypothesizing said at least one second characteristic;
determining a resultant frequency value based on said determined first characteristic and said hypothesized at least one second characteristic; and
storing said hypothesized at least one second characteristic when said resultant frequency value equals said selected frequency.
26. The method as recited in claim 21 wherein said first characteristic is encoded using a known encoding value and process.
27. The method as recited in claim 26 wherein said first characteristic is decoded by reversing said encoding process.
28. The method as recited in claim 27 wherein said decoding processing further comprises the step of;
hypothesizing a decoding value; and
altering said hypothesized decoding value until said encoding value is determined.
29. The method as recited in claim 21 wherein said wireless communication system is a BLUETOOTH system.
30. The method as recited in claim 21 wherein said at least one second characteristic is a clock value.
31. The method as recited in claim 1 wherein said first characteristic comprises a lower address part (LAP) of a BLUETOOTH message.
32. The method as recited in claim 1 wherein said second characteristic comprises a master clock value.
33. The system as recited in claim 10 wherein said first characteristic comprises a lower address part (LAP) of a BLUETOOTH message.
34. The system as recited in claim 10 wherein said second characteristic comprises a master clock value.
The claims below are in addition to those above.
All refrences to claim(s) which appear below refer to the numbering after this setence.
1. A computer-implemented method for detecting unknown security threats, the method comprising:
receiving from an antivirus application deployed on a user’s computer information about an unknown security event associated with a software object executing on said computer, and a user’s verdict indicating that the software object is harmful or harmless to the security of said computer;
identifying the user of said computer and a role of said user, wherein the user’s role indicates user’s level of expertise in the field of computer security;
if the role of said user indicates that the user has a high level of expertise in the field of computer security, accepting the user’s verdict that the software object is harmful or harmless;
if the role of said user indicates that the user has a low level of expertise in the field of computer security, analyzing the information about the security event received from the antivirus application to verify that the user’s verdict is correct; and
if the user’s verdict was accepted or verified to be correct, updating an antivirus database, which is associated with the antivirus application and contains information about known harmful and harmless software objects, with said information about the security event and indication that associated software object is harmful or harmless.
2. The method of claim 1 further comprising:
if the user’s verdict was verified to be correct, increasing the user’s level of expertise;
if the user’s level of expertise reached a predefined threshold, increasing user’s role.
3. The method of claim 1, wherein the user’s level of expertise in the field of computer security is based on one or more of:
a total number of computer threats detected by said user;
a number of unique computer threats detected by said user;
a level of user proficiency with the antivirus software;
a frequency of infections of the computer of said user; and
information about programs installed on the user’s computer and the user’s usage of said programs.
4. The method of claim 1 further comprising:
detecting an anomaly in the information received from the antivirus application by comparing the received information with a historical record of threats detected by the user;
decreasing the user’s role based on detection of one or more anomalies.
5. The method of claim 1, wherein different roles have different associated weight coefficients, and wherein the user’s verdict is given a higher or lower weight during verification of said user’s verdict according to the weight coefficient associated with the role of said user.
6. The method of claim 1, wherein, if the information about the security event received from the antivirus application is not sufficient to verify that the user’s verdict is correct or not, the processor is further configured to collect additional information about the security event and the associated software from the computer, wherein the additional information includes one or more of:
information about the security event generated by one or more different security modules of the antivirus application, each module performing a different antivirus analysis;
information about computer’s software and hardware state at the time of occurrence of the security event; and
the date, time and repeat frequency of the security event.
7. The method of claim 1, wherein the software object includes one of an executable file, a data file and a link.
8. A computer-based system for detecting unknown security threats, the system comprising:
a processor configured to:
receive from an antivirus application deployed on a user’s computer information about an unknown security event associated with a software object executing on said computer, and a user’s verdict indicating that the software object is harmful or harmless to the security of the computer;
identify the user of said computer and a role of said user, wherein the user’s role indicates user’s level of expertise in the field of computer security;
if the role of said user indicates that the user has a high level of expertise in the field of computer security, accept the user’s verdict that the software object is harmful or harmless;
if the role of said user indicates that the user has a low level of expertise in the field of computer security, analyze the information about the security event received from the antivirus application to verify that the user’s verdict is correct; and
if the user’s verdict was accepted or verified to be correct, update an antivirus database, which is associated with the antivirus application and contains information about known harmful and harmless software object, with said information about the security event and indication that associated software object is harmful or harmless.
9. The system of claim 8, wherein the processor is further configured to:
if the user’s verdict was verified to be correct, increase the user’s level of expertise;
if the user’s level of expertise reached a predefined threshold, increase user’s role.
10. The system of claim 8, wherein the user’s level of expertise in the field of computer security is based on one or more of:
a total number of computer threats detected by said user;
a number of unique computer threats detected by said user;
a level of user proficiency with the antivirus software;
a frequency of infections of the computer of said user; and
information about programs installed on the user’s computer and the user’s usage of said programs.
11. The system of claim 8, wherein the processor is further configured to:
detect an anomaly in the information received from the antivirus application by comparing the received information with a historical record of threats detected by the user;
decreasing the user’s role based on detection of one or more anomalies.
12. The system of claim 8, wherein different roles have different associated weight coefficients, and wherein the user’s verdict is given a higher or lower weight during verification of said user’s verdict according to the weight coefficient associated with the role of said user.
13. The system of claim 8, wherein, if the information about the security event received from the antivirus application is not sufficient to verify that the user’s verdict is correct or not, collecting additional information about the security event and the associated software from the computer, wherein the additional information includes one or more of:
information about the security event generated by one or more different security modules of the antivirus application, each module performing a different antivirus analysis;
information about computer’s software and hardware state at the time of occurrence of the security event; and
the date, time and repeat frequency of the security event.
14. The system of claim 8, wherein the software object includes one of an executable file, a data file and a link.
15. A computer program product embedded in a non-transitory computer-readable storage medium, the computer-readable storage medium comprising computer-executable instructions for detecting unknown security threats, the medium comprises instructions for:
receiving from an antivirus application deployed on a user’s computer information about an unknown security event associated with a software object executing on said computer, and a user’s verdict indicating that the software object is harmful or harmless to the security of the computer;
identifying the user of said computer and a role of said user, wherein the user’s role indicates user’s level of expertise in the field of computer security;
if the role of said user indicates that the user has a high level of expertise in the field of computer security, accepting the user’s verdict that the software object is harmful or harmless;
if the role of said user indicates that the user has a low level of expertise in the field of computer security, analyzing the information about the security event received from the antivirus application to verify that the user’s verdict is correct; and
if the user’s verdict was accepted or verified to be correct, updating an antivirus database, which is associated with the antivirus application and contains information about known harmful and harmless software object, with said information about the security event and indication that associated software object is harmful or harmless.
16. The product of claim 15 further comprises instructions for:
if the user’s verdict was verified to be correct, increasing the user’s level of expertise;
if the user’s level of expertise reached a predefined threshold, increasing user’s role.
17. The product of claim 15, wherein the user’s level of expertise in the field of computer security is based on one or more of:
a total number of computer threats detected by said user;
a number of unique computer threats detected by said user;
a level of user proficiency with the antivirus software;
a frequency of infections of the computer of said user; and
information about programs installed on the user’s computer and the user’s usage of said programs.
18. The product of claim 15 further comprises instructions for:
detecting an anomaly in the information received from the antivirus application by comparing the received information with a historical record of threats detected by the user;
decreasing the user’s role based on detection of one or more anomalies.
19. The product of claim 15, wherein different roles have different associated weight coefficients, and wherein the user’s verdict is given a higher or lower weight during verification of said user’s verdict according to the weight coefficient associated with the role of said user.
20. The product of claim 15, wherein, if the information about the security event received from the antivirus application is not sufficient to verify that the user’s verdict is correct or not, collecting additional information about the security event and the associated software from the computer, wherein the additional information includes one or more of:
information about the security event generated by one or more different security modules of the antivirus application, each module performing a different antivirus analysis;
information about computer’s software and hardware state at the time of occurrence of the security event; and
the date, time and repeat frequency of the security event.