Method and system for a self-heating device
First Claim
Patent Images
1. A method for restoring a self-healing device, the method comprising:
- archiving data associated with the self-healing device into at least one recovery volume, wherein each of the at least one recovery volume contains the data associated with the self-healing device at a particular point in time;
uncovering evidence indicating a presence of an infection in the self-healing device;
determining a time the infection occurred;
determining which one of the at least one recovery volume was created prior and closest in time to the time the infection occurred;
determining a graded level of trustworthiness for the volume determined to be created prior to and closest in time to the time the infection occurred, wherein the determined graded level of trustworthiness is associated with one of a plurality of colors, wherein each color corresponds to a predetermined level of trustworthiness which indicates a degree of confidence that the restoration data is not infected;
receiving an indication from a user indicating that, using the assigned color as guide, the user has decided to proceed with restoring at least a portion of data associated with the self-healing device; and
based on the received indication, restoring the data portion associated with the self-healing device that has changed with respect to data associated with the one of the at least one recovery volume.
2 Assignments
0 Petitions
Accused Products
Abstract
A self-healing device is provided in which changes made between the time that an infection resulting from an attack on the device was detected and an earlier point in time to which the device is capable of being restored may be recovered based, at least in part, on what kinds of changes were made, whether the changes were bona fide or malware induced, whether the changes were made after the time that the infection likely occurred, and whether new software was installed.
-
Citations
16 Claims
-
1. A method for restoring a self-healing device, the method comprising:
-
archiving data associated with the self-healing device into at least one recovery volume, wherein each of the at least one recovery volume contains the data associated with the self-healing device at a particular point in time; uncovering evidence indicating a presence of an infection in the self-healing device; determining a time the infection occurred; determining which one of the at least one recovery volume was created prior and closest in time to the time the infection occurred; determining a graded level of trustworthiness for the volume determined to be created prior to and closest in time to the time the infection occurred, wherein the determined graded level of trustworthiness is associated with one of a plurality of colors, wherein each color corresponds to a predetermined level of trustworthiness which indicates a degree of confidence that the restoration data is not infected; receiving an indication from a user indicating that, using the assigned color as guide, the user has decided to proceed with restoring at least a portion of data associated with the self-healing device; and based on the received indication, restoring the data portion associated with the self-healing device that has changed with respect to data associated with the one of the at least one recovery volume. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8)
-
-
9. A method of recovering from a malware attack, the method comprising:
-
creating a plurality of saved disk states(s) of a self-healing device at fixed points in time; obtaining information from at least one of a change journal and from one of the saved disk state(s); analyzing the information to uncover evidence indicating that an infection has occurred; localizing the infection to one of the fixed points in time based on the information; identifying changes occurring since the time of the infection and rolling back the changes to reflect the same data contained the one of the saved disk state(s); determining a graded level of trustworthiness for the saved disk state(s) determined to be created prior to and closest in time to the time the infection occurred, wherein the determined graded level of trustworthiness is associated with one of a plurality of colors, wherein each color corresponds to a predetermined level of trustworthiness which indicates a degree of confidence that the restoration data is not infected; presenting the identified changes to a user and receiving authorization from the user before rolling back the identified changes; and receiving an indication from the user indicating that, using the assigned color as guide, the user has decided to proceed with restoring at least a portion of data associated with the self-healing device. - View Dependent Claims (10, 11, 12, 13)
-
-
14. A system for a self-healing device, the system comprising:
-
a storage device that stores a plurality of recovery volumes at a plurality of fixed points in time of the data associated with the self-healing device; a repository of malware information; a repository of system audit information; a repository of listed activities that constitute unusual or suspicious disk or network activity;
a processor to;uncover evidence of infection from a mal ware attack or the presence of unusual or suspicious disk or network activity, or a combination thereof, determine a time in which the infection from a mal ware attack or the presence of unusual or suspicious disk or network activity occurred, determine which one of the a plurality of recovery volumes was created closest and prior to the time in which the infection from a mal ware attack or the presence of unusual or suspicious disk or network activity occurred; determine a graded level of trustworthiness for the recovery volume determined to be created prior to and closest in time to the time the infection occurred, wherein the determined graded level of trustworthiness is associated with one of a plurality of colors, wherein each color corresponds to a predetermined level of trustworthiness which indicates a degree of confidence that the restoration data is not infected; receive an indication from a user indicating that, using the assigned color as guide, the user has decided to proceed with restoring at least a portion of data associated with the self-healing device; restore all changed data between current data associated with the self-healing device and the one of the plurality of recovery volumes; and analyze a user input authorizing recovery from the mal ware attack or the presence of unusual or suspicious disk or network activity, wherein the processor displays the changed data and recovers the changed data after receiving the user input authorizing recovery. - View Dependent Claims (15)
-
-
16. A method for restoring a self-healing device, the method comprising:
-
archiving data associated with the self-healing device into at least one recovery volume, wherein each of the at least one recovery volume contains the data associated with the self-healing device at a particular point in time; uncovering evidence indicating a presence of an infection in the self-healing device;
determining a time the infection occurred;determining which one of the at least one recovery volume was created prior and closest in time to the time the infection occurred; determining a graded level of trustworthiness for the volume determined to be created prior to and closest in time to the time the infection occurred, wherein the determined graded level of trustworthiness is associated with one of a plurality of colors, wherein each color corresponds to a predetermined level of trustworthiness which indicates a degree of confidence that the restoration data is not infected, and wherein the determined graded level of trustworthiness is based on the data'"'"'s intended use; determining that the graded level of trustworthiness is sufficiently high for the data'"'"'s intended use; receiving an indication from a user indicating that, using the assigned color as guide, and further based on the determination that the level of trustworthiness is sufficiently high for the data'"'"'s intended use, the user has decided to proceed with restoring at least a portion of data associated with the self-healing device; based on the received indication, restoring the data portion associated with the self-healing device that has changed with respect to data associated with the one of the at least one recovery volume; and presenting the identified changes to a user and receiving authorization from the user before rolling back the identified changes.
-
Specification