US 12,235,962 B2
Method of remediating operations performed by a program and system thereof
Almog Cohen, Tel Aviv (IL); Tomer Weingarten, Petah Tikva (IL); Shlomi Salem, Tel Aviv (IL); Nir Izraeli, Tel-Mond (IL); and Asaf Karelsbad, Ramat-Gan (IL)
Assigned to Sentinel Labs Israel Ltd., Tel Aviv (IL)
Filed by Sentinel Labs Israel Ltd., Tel Aviv (IL)
Filed on Dec. 11, 2023, as Appl. No. 18/536,223.
Application 18/536,223 is a continuation of application No. 18/047,437, filed on Oct. 18, 2022, granted, now 11,886,591.
Application 18/047,437 is a continuation of application No. 17/188,217, filed on Mar. 1, 2021, granted, now 11,507,663, issued on Nov. 22, 2022.
Application 17/188,217 is a continuation of application No. 16/534,859, filed on Aug. 7, 2019, granted, now 10,977,370, issued on Apr. 13, 2021.
Application 16/534,859 is a continuation of application No. 16/132,240, filed on Sep. 14, 2018, granted, now 10,417,424, issued on Sep. 17, 2019.
Application 16/132,240 is a continuation of application No. 15/766,339, granted, now 10,102,374, issued on Oct. 16, 2018, previously published as PCT/IL2016/051110, filed on Oct. 13, 2016.
Application 15/766,339 is a continuation in part of application No. 14/456,127, filed on Aug. 11, 2014, granted, now 9,710,648, issued on Jul. 18, 2017.
Claims priority of provisional application 62/241,817, filed on Oct. 15, 2015.
Prior Publication US 2024/0152618 A1, May 9, 2024
This patent is subject to a terminal disclaimer.
Int. Cl. G06F 21/56 (2013.01); G06F 9/54 (2006.01); G06F 11/00 (2006.01); G06F 21/55 (2013.01)
CPC G06F 21/568 (2013.01) [G06F 9/545 (2013.01); G06F 11/00 (2013.01); G06F 21/552 (2013.01); G06F 21/554 (2013.01); G06F 21/566 (2013.01)] 19 Claims
OG exemplary drawing
 
1. A computer-implemented method for generating a representation for behavior determination, the method comprising:
generating, by a computer system, a stateful model of one or more entities in a computer operating system operating on the computer system, the stateful model comprising:
a data structure representing a state of a program, wherein the data structure comprises:
a network of one or more interconnected objects representing the one or more entities constituting the program,
wherein the one or more interconnected objects are derived from a sequence of operations performed in a live environment;
one or more relationships among the one or more interconnected objects and the sequences of operations; and
one or more object groups, wherein the one or more object groups are formed by dividing the one or more interconnected objects according to a predefined grouping rule set, and wherein each group of the one or more object groups comprises objects representing a corresponding group of entities related to the program running in the live environment;
analyzing, by the computer system, the stateful model to determine a behavior relating to a sequence of events of the stateful model,
wherein the computer system comprises a processor and memory.