CPC G06F 21/566 (2013.01) [G06F 21/54 (2013.01); G06F 21/554 (2013.01); G06F 11/1438 (2013.01); G06F 11/302 (2013.01); G06F 11/3055 (2013.01); G06F 2201/86 (2013.01); G06F 2201/865 (2013.01)] | 15 Claims |
1. A method comprising:
receiving notification of an intrusion event in relation to an application from an intrusion detection system;
accessing state data in relation to a state of the application prior to the intrusion event, the state data having been stored on the basis of a change of state of the application;
accessing a policy to be applied to the state data in response to the intrusion event;
modifying the state data on the basis of the policy to minimize future intrusions; and
restoring the application on the basis of the modified state data.
|