Abstract: Disclosed herein are system, method, and computer program product embodiments for adapting to malware activity on a compromised computer system by detecting timing anomalies between timing signals. An embodiment operates by analyzing first timing data accessed from a validated source and second timing data accessed from an unvalidated receiver source in order to compute a threat detection value, which is utilized to determine if there is a discrepancy or anomaly in the timing or frequency of either the validated and unvalidated sources.

Abstract: Disclosed herein are system, method, and computer program product embodiments for adapting to malware activity on a compromised computer system by detecting timing anomalies between timing signals. An embodiment operates by analyzing first timing data accessed from a validated source and second timing data accessed from an unvalidated receiver source in order to compute a threat detection value, which is utilized to determine if there is a discrepancy or anomaly in the timing or frequency of either the validated and unvalidated sources.

Abstract: Disclosed herein are system, method, and computer program product embodiments for adapting to malware activity on a compromised computer system by detecting timing anomalies between timing signals. An embodiment operates by analyzing first timing data accessed from a validated source and second timing data accessed from an unvalidated receiver source in order to compute a threat detection value, which is utilized to determine if there is a discrepancy or anomaly in the timing or frequency of either the validated and unvalidated sources.

Abstract: Disclosed herein are system, method, and computer program product embodiments for detecting spoofing of a navigation device. A plurality of anti-spoofing techniques are provided. The plurality of anti-spoofing techniques detect interference with data provided by one or more navigation devices for a plurality of threat situations. Positioning, timing and frequency characteristics associated with the one or more navigation devices are analyzed in order to identify a threat situation among the plurality of threat situations. Based on the identified threat situation one or more of the anti-spoofing techniques are executed. The one or more anti-spoofing techniques can be executed in parallel in order to provide various anti-spoofing detection techniques at the same time.

Abstract: Disclosed herein are system, method, and computer program product embodiments for adapting to malware activity on a compromised computer system by detecting timing anomalies between timing signals. An embodiment operates by analyzing first timing data accessed from a validated source and second timing data accessed from an unvalidated receiver source in order to compute a threat detection value, which is utilized to determine if there is a discrepancy or anomaly in the timing or frequency of either the validated and unvalidated sources.

Abstract: Disclosed herein are system, method, and computer program product embodiments for adapting to malware activity on a compromised computer system by detecting timing anomalies between timing signals. An embodiment operates by analyzing first timing data accessed from a validated source and second timing data accessed from an unvalidated receiver source in order to compute a threat detection value, which is utilized to determine if there is a discrepancy or anomaly in the timing or frequency of either the validated and unvalidated sources.

Abstract: Disclosed herein are system, method, and computer program product embodiments for detecting spoofing of a navigation device. A plurality of anti-spoofing techniques are provided. The plurality of anti-spoofing techniques detect interference with data provided by one or more navigation devices for a plurality of threat situations. Positioning, timing and frequency characteristics associated with the one or more navigation devices are analyzed in order to identify a threat situation among the plurality of threat situations. Based on the identified threat situation one or more of the anti-spoofing techniques are executed. The one or more anti-spoofing techniques can be executed in parallel in order to provide various anti-spoofing detection techniques at the same time.

Abstract: Disclosed herein are system, method, and computer program product embodiments for detecting spoofing of a navigation device. A plurality of anti-spoofing techniques are provided. The plurality of anti-spoofing techniques detect interference with data provided by one or more navigation devices for a plurality of threat situations. Positioning, timing and frequency characteristics associated with the one or more navigation devices are analyzed in order to identify a threat situation among the plurality of threat situations. Based on the identified threat situation one or more of the anti-spoofing techniques are executed. The one or more anti-spoofing techniques can be executed in parallel in order to provide various anti-spoofing detection techniques at the same time.

Abstract: Disclosed herein are system, method, and computer program product embodiments for adapting to malware activity on a compromised computer system by detecting timing anomalies between timing signals. An embodiment operates by analyzing first timing data accessed from a validated source and second timing data accessed from an unvalidated receiver source in order to compute a threat detection value, which is utilized to determine if there is a discrepancy or anomaly in the timing or frequency of either the validated and unvalidated sources.

Abstract: Disclosed herein are system, apparatus, article of manufacture, method and/or computer program product embodiments for detection of satellite system anomalies. An embodiment operates by receiving satellite signals from a plurality of sources via at least one satellite system receiver and determining the presence of anomalous satellite system activity by comparing an amount of signal strength drop of each of the satellite signals during a time period to a threat detection threshold and by comparing an amount of consistency of the satellite signals during the time period to the threat detection threshold.

Abstract: Disclosed herein are system, method, and computer program product embodiments for adapting to malware activity on a compromised computer system by detecting timing anomalies between timing signals. An embodiment operates by analyzing first timing data accessed from a validated source and second timing data accessed from an unvalidated receiver source in order to compute a threat detection value, which is utilized to determine if there is a discrepancy or anomaly in the timing or frequency of either the validated and unvalidated sources.

Abstract: Disclosed herein are system, method, and computer program product embodiments for adapting to malware activity on a compromised computer system. An embodiment operates by detecting an active adversary operating malware on a compromised system. A stream of data traffic associated with active adversary is intercepted. The stream of data traffic includes a command and control channel of the active adversary. The stream of data traffic is accessed. An emulation of the command and control channel is provided. An analysis of the accessed stream of traffic is executed. A plurality of response mechanisms is provided. The plurality of response mechanisms is based in part on the analysis of the stream of data traffic and a custom policy language tailored for the malware.

Abstract: Disclosed herein are system, apparatus, article of manufacture, method and/or computer program product embodiments for detection of satellite system anomalies. An embodiment operates by receiving satellite signals from a plurality of sources via at least one satellite system receiver and determining the presence of anomalous satellite system activity by comparing an amount of signal strength drop of each of the satellite signals during a time period to a threat detection threshold and by comparing an amount of consistency of the satellite signals during the time period to the threat detection threshold.

Abstract: Disclosed herein are system, method, and computer program product embodiments for detecting spoofing of a navigation device. A plurality of anti-spoofing techniques are provided. The plurality of anti-spoofing techniques detect interference with data provided by one or more navigation devices for a plurality of threat situations. Positioning, timing and frequency characteristics associated with the one or more navigation devices are analyzed in order to identify a threat situation among the plurality of threat situations. Based on the identified threat situation one or more of the anti-spoofing techniques are executed. The one or more anti-spoofing techniques can be executed in parallel in order to provide various anti-spoofing detection techniques at the same time.

Abstract: Disclosed herein are system, method, and computer program product embodiments for adapting to malware activity on a compromised computer system. An embodiment operates by detecting an active adversary operating malware on a compromised system. A stream of data traffic associated with active adversary is intercepted. The stream of data traffic includes a command and control channel of the active adversary. The stream of data traffic is accessed. An emulation of the command and control channel is provided. An analysis of the accessed stream of traffic is executed. A plurality of response mechanisms is provided. The plurality of response mechanisms is based in part on the analysis of the stream of data traffic and a custom policy language tailored for the malware.