Method and system for a self-healing device
First Claim
Patent Images
1. A method for a self-healing device, the method comprising:
- uncovering evidence indicating a presence of an infection in a device at a first point in time;
restoring a state of the device to an earlier point in time to remove the infection, wherein the state at the earlier point in time is sufficiently trustworthy.
2 Assignments
0 Petitions
Accused Products
Abstract
A self-healing device is provided in which changes made between the time that an infection resulting from an attack on the device was detected and an earlier point in time to which the device is capable of being restored may be recovered based, at least in part, on what kinds of changes were made, whether the changes were bona fide or malware induced, whether the changes were made after the time that the infection likely occurred, and whether new software was installed.
107 Citations
20 Claims
-
1. A method for a self-healing device, the method comprising:
-
uncovering evidence indicating a presence of an infection in a device at a first point in time;
restoring a state of the device to an earlier point in time to remove the infection, wherein the state at the earlier point in time is sufficiently trustworthy. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10)
-
-
11. A method of recovering from a malware attack, the method comprising:
-
obtaining information from at least one of a change journal and a saved disk state;
analyzing the information to uncover evidence indicating that an infection has occurred; and
localizing the infection in time based on the information. - View Dependent Claims (12, 13, 14, 15, 16, 17)
-
-
18. A system for a self-healing device, the system comprising:
-
a repository of malware information;
a repository of system audit information;
a processor to uncover evidence of infection from a malware attack, to identify changes occurring since the evidence of infection, and to recover from the malware attack by removing the changes based on at least one of the malware information and the system audit information. - View Dependent Claims (19, 20)
-
Specification