×

Information protection method and system

  • US 8,255,998 B2
  • Filed: 08/16/2006
  • Issued: 08/28/2012
  • Est. Priority Date: 08/16/2005
  • Status: Active Grant
0
Associated Cases
0
Associated Defendants
0
Product Citations
0
Petitions
3
Forward Citations
9
Assignments
First Claim
Patent Images

1. A method for protecting objects in a computer system, comprising determining whether an object is infected by malware, and if the object is infected:

  • determining a pattern associated with an object, wherein determining the pattern includes analyzing at least one selected from the group comprising times of access to the object, location of access to the object, or source of changes to the object;

    detecting a deviation from the pattern to identify an anomaly indicating that the object is infected by malware, wherein detecting a deviation from the pattern includes determining a degree of change or monitoring an access log for the object;

    determining an infection point in time at which the object became infected based on the detected deviation;

    using the infection point in time to select a first backup copy of the object in a backup of the objects;

    determining whether the first backup copy is infected by malware;

    replacing the object with the first backup copy if the first backup copy is not infected by malware;

    locating a second backup copy of the same object in a backup of the objects if the first backup copy is infected,wherein locating a second backup copy includes comparing a candidate backup copy to the first backup copy to determine whether the second backup copy is different from the first copy;

    replacing the object with the second backup copy if the first backup copy is infected and if the second backup copy is different from the first copy;

    determining valid writes based on the access log; and

    applying the valid writes to the replaced object.

View all claims
  • 9 Assignments
Timeline View
Assignment View
    ×
    ×