Method of remediating operations performed by a program and system thereof
First Claim
1. A real-time dynamically updated stateful model configured to aggregate and model actions performed by and/or on one or more entities in a computer operating system, the stateful model comprising:
- a logical data structure representing a composition and a state of the computer operating system in a live environment, and wherein the logical data structure comprises;
a network of one or more interconnected objects representing the one or more entities constituting the computer operating system,wherein the one or more interconnected objects are derived from the sequence of operations performed in the live environment;
one or more relationships among the one or more interconnected objects;
operation data comprising one or more attributes, wherein each attribute characterizes a condition of the one or more interconnected objects and/or one or more operations of the sequence of operations associated with the one or more interconnected objects; and
one or more object groups, wherein the one or more object groups are formed by dividing the one or more interconnected objects according to a predefined grouping rule set, and wherein each group of the one or more object groups comprises objects representing a corresponding group of entities related to a program running in the live environment;
wherein the state of the computer operating system is a result of a sequence of operations performed in the live environment, and wherein the composition of the computer operating system comprises the one or more entities.
1 Assignment
0 Petitions
Accused Products
Abstract
There is provided a system and a computerized method of remediating one or more operations linked to a given program running in an operating system, the method comprising: querying a stateful model to retrieve a group of entities related to the given program; terminating at least a sub set of the group of entities related to the given program; generating a remediation plan including one or more operations linked to the given program, the one or more operations being retrieved based on the group in the stateful model; and executing the remediation plan by undoing at least part of the one or more operations linked to the given program thereby restoring state of the operating system to a state prior to the given program being executed. There is further provided a computerized method of detecting malicious code related to a program in an operating system in a live environment.
67 Citations
20 Claims
-
1. A real-time dynamically updated stateful model configured to aggregate and model actions performed by and/or on one or more entities in a computer operating system, the stateful model comprising:
-
a logical data structure representing a composition and a state of the computer operating system in a live environment, and wherein the logical data structure comprises; a network of one or more interconnected objects representing the one or more entities constituting the computer operating system, wherein the one or more interconnected objects are derived from the sequence of operations performed in the live environment; one or more relationships among the one or more interconnected objects; operation data comprising one or more attributes, wherein each attribute characterizes a condition of the one or more interconnected objects and/or one or more operations of the sequence of operations associated with the one or more interconnected objects; and one or more object groups, wherein the one or more object groups are formed by dividing the one or more interconnected objects according to a predefined grouping rule set, and wherein each group of the one or more object groups comprises objects representing a corresponding group of entities related to a program running in the live environment; wherein the state of the computer operating system is a result of a sequence of operations performed in the live environment, and wherein the composition of the computer operating system comprises the one or more entities. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16, 17, 18, 19, 20)
-
Specification