US 11,886,591 B2
Method of remediating operations performed by a program and system thereof
Almog Cohen, Tel Aviv (IL); Tomer Weingarten, Petah Tikva (IL); Shlomi Salem, Tel Aviv (IL); Nir Izraeli, Tel-Mond (IL); and Asaf Karelsbad, Ramat-Gan (IL)
Assigned to SENTINEL LABS ISRAEL LTD., Tel Aviv (IL)
Filed by Sentinel Labs Israel Ltd., Tel Aviv (IL)
Filed on Oct. 18, 2022, as Appl. No. 18/047,437.
Application 18/047,437 is a continuation of application No. 17/188,217, filed on Mar. 1, 2021, granted, now 11,507,663.
Application 17/188,217 is a continuation of application No. 16/534,859, filed on Aug. 7, 2019, granted, now 10,977,370, issued on Apr. 13, 2021.
Application 16/534,859 is a continuation of application No. 16/132,240, filed on Sep. 14, 2018, granted, now 10,417,424, issued on Sep. 17, 2019.
Application 16/132,240 is a continuation of application No. 15/766,339, granted, now 10,102,374, issued on Oct. 16, 2018, previously published as PCT/IL2016/051110, filed on Oct. 13, 2016.
Application 15/766,339 is a continuation in part of application No. 14/456,127, filed on Aug. 11, 2014, granted, now 9,710,648, issued on Jul. 18, 2017.
Claims priority of provisional application 62/241,817, filed on Oct. 15, 2015.
Prior Publication US 2023/0185917 A1, Jun. 15, 2023
This patent is subject to a terminal disclaimer.
Int. Cl. G06F 21/00 (2013.01); G06F 21/56 (2013.01); G06F 21/55 (2013.01); G06F 9/54 (2006.01); G06F 11/00 (2006.01)
CPC G06F 21/568 (2013.01) [G06F 9/545 (2013.01); G06F 11/00 (2013.01); G06F 21/552 (2013.01); G06F 21/554 (2013.01); G06F 21/566 (2013.01)] 20 Claims
OG exemplary drawing
 
1. A computer-implemented method for generating a representation for behavior similarity comparison, the method comprising:
generating, by a computer system, a program-level stateful model of one or more entities in a computer operating system, the program-level stateful model comprising:
a data structure representing a state of a program, wherein the data structure comprises:
a network of one or more interconnected objects representing the one or more entities,
wherein the one or more interconnected objects are derived from a sequence of operations performed in a live environment; and
one or more object groups, wherein the one or more object groups are formed by dividing the one or more interconnected objects according to a predefined grouping rule set;
generating, by the computer system, an updated representation of the program based on the program-level stateful model;
searching, by the computer system, for at least one other representation of another program-level stateful model similar to the updated representation of the program; and
comparing, by the computer system, the updated representation of the program to the at least one other representation of another program-level stateful model, wherein the computer system comprises a processor and memory.