WO2007015266A2 - Systeme et procede de gestion de stockage hierarchique a base temporelle - Google Patents

Systeme et procede de gestion de stockage hierarchique a base temporelle Download PDF

Info

Publication number
WO2007015266A2
WO2007015266A2 PCT/IN2006/000269 IN2006000269W WO2007015266A2 WO 2007015266 A2 WO2007015266 A2 WO 2007015266A2 IN 2006000269 W IN2006000269 W IN 2006000269W WO 2007015266 A2 WO2007015266 A2 WO 2007015266A2
Authority
WO
WIPO (PCT)
Prior art keywords
drive
data
file
user
computer
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Ceased
Application number
PCT/IN2006/000269
Other languages
English (en)
Other versions
WO2007015266A3 (fr
Inventor
Ajay Madhok
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Individual
Original Assignee
Individual
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Individual filed Critical Individual
Publication of WO2007015266A2 publication Critical patent/WO2007015266A2/fr
Publication of WO2007015266A3 publication Critical patent/WO2007015266A3/fr
Anticipated expiration legal-status Critical
Ceased legal-status Critical Current

Links

Classifications

    • GPHYSICS
    • G06COMPUTING OR CALCULATING; COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/50Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
    • G06F21/55Detecting local intrusion or implementing counter-measures
    • G06F21/56Computer malware detection or handling, e.g. anti-virus arrangements
    • G06F21/562Static detection
    • G06F21/564Static detection by virus signature recognition
    • GPHYSICS
    • G06COMPUTING OR CALCULATING; COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/50Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
    • G06F21/55Detecting local intrusion or implementing counter-measures
    • G06F21/56Computer malware detection or handling, e.g. anti-virus arrangements
    • GPHYSICS
    • G06COMPUTING OR CALCULATING; COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/50Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
    • G06F21/55Detecting local intrusion or implementing counter-measures
    • G06F21/56Computer malware detection or handling, e.g. anti-virus arrangements
    • G06F21/568Computer malware detection or handling, e.g. anti-virus arrangements eliminating virus, restoring damaged files
    • GPHYSICS
    • G06COMPUTING OR CALCULATING; COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F11/00Error detection; Error correction; Monitoring
    • G06F11/07Responding to the occurrence of a fault, e.g. fault tolerance
    • G06F11/14Error detection or correction of the data by redundancy in operations
    • G06F11/1446Point-in-time backing up or restoration of persistent data
    • G06F11/1458Management of the backup or restore process
    • G06F11/1461Backup scheduling policy

Definitions

  • the invention relates generally to computer data, systems and networks.
  • the present invention is a method to prevent complete data loss in Gase of malicious software attacks or intentional or accidental modifications or deletions or corruption, by means of a time based hierarchical storage that allows any new or modified data to be incubated or staged on any logically or physically differentiated drive(s), data storage area(s), device(s), etc. for predefined period(s) of time.
  • Malware or "malicious software” like viruses, worms, trojan horses, spyware arid aclware are becoming dominant causes that plague and compromise the security and / or privacy of users.
  • Malware is a term used to define a "malicious software” or a combination of these, that, infiltrate a system, computer or otherwise, without the consent of the owner, usually with the intent of causing damage to the host system.
  • Malware is a term used to define a "malicious software” or a combination of these, that, infiltrate a system, computer or otherwise, without the consent of the owner, usually with the intent of causing damage to the host system.
  • Malicious software could enter any user's PC through any medium like internet download(s), email(s), CD-ROM, removable disk(s), etc.
  • Another related survey suggests that a substantial percentage of cjata loss is caused due to viruses (1 ⁇ % of the emails, were infected by viruses in the year 2004 and upto about 7% of all data loss was due to virus).
  • the prior art uses various malicious software detection programs to end the proliferation of malware. Malware checking application programs or Anti-virus software are currently available for checking malicious software on individual computers. The user needs to update anti-virus software on a regular basis to obtain new virus definitions.
  • Anti-virus software programs typically use of one of two techniques, described herein, for detecting malware. One comprises of examining the file for known viruses, employing methods to match virus "definitions” or “signatures” from a virus “dictionary” or “diatabase”, while the other comprises of detecting suspicious behavior (similar to what a virus typically exhibits) from any program.
  • Anti-virus solution providers update the signature databases regularly for new malicious software found since the last update and provide means to download updates to user systems. Computers are still open for such attack if the virus database does not contain the virus signature (unknown virus) or user has not downloaded the most appropriate update.
  • An object of the present invention is to a develop a method to prevent complete data loss in case of any malware attack or intentional or accidental modifications or deletions or corruption of data, by means of a time based hierarchical storage that allows any new or modified data to be incubated or staged on any logically or physically differentiated drive(s), data storage a,rea(s), devioe(s), etp.
  • Another object of the present invention is to treat any new or modified data as uncertified from a malware linkage or safety perspective and in default caution to cause pre-emptive quarantine of such new / modified data to incubated drive(s), data storage area(s), device(s), etc. generically called Quarantine Drive(s) or Q-drive(s).
  • Q-drives may have different safety index zones through which data may bypass / flpw through in sequential stages, akin to multiple security check points, based upon user defined parameters.
  • Another object of the present invention is to allow the user to specify a quiescent period during which Incubated data remains relatively isolated from user drive(s), in the incubated drive(s), data storage area(s), device(s), etc. Changes made in the incubated drive(s) / device(s) etc. are committed to the User drive(s) after expiration of the quiescent period of pre-emptive quarantlhe of Incubated data on being attested as free from the effect of malware, aoeidental defects, etc.
  • the quiescent period phase lag may be for a single stage or more stages or different levels of safety index zones through which data may traverse.
  • Another object of the present invention is to permit different quiescent times to be defined for variou ⁇ types of data besides other parameters specified by users pertaining to relative prioritization or criticality of data, maintained on incubated drive(s), data storage area(s), device(s), etc. as a collection of transient computer files or file segments together with a chronicle log associated with eac ' h.
  • transient files may be kept for archive purposes even after relevant data has traveled to and updated the user drive(s) after crossing 'multiple security gates'.
  • Another object of the present invention is to prevent accidental data loss by recovering changed data from incubated clrive(s), data storage area(s), device(s), etc. - which is held for quiescent period(s) in sequential / leap-forward quarantine stages for various different types of data as defined by users and may travel from one stage to another physically, or logically, or through modification of indexes or pointers or directories, etc. within the Quaranti ⁇ e-driv ⁇ (s) or Q-drive(s).
  • Another object of the present invention is a method to seamlessly furnish requested data and related information regardless of the respective underlying drjve(s) etc. While allowing the user to access or be presented with a view of any new or old or modified data, irrespective of whether the relevant data resides partly or fully on the user drive(s), or Q-drives(s), or any possible permutation or combination.
  • Another object of the present invention is to minimize or limit the data loss in case of known or unknown malicious software attack to the data in the Q-drive(s) only; Further, the detection of updates to malicious software cleaning programs and associated databases along with frequent execution of Anti-virus software programs helps in maintaining purity of data. Based upon user choice the data on Q-drive(s) can he • scanned through multiple Anti-virus software programs also. In order to preserve / retain sterility of data, Q-drive(s) may exist on heterogeneous computer systems in a network or any other connectivity of heterogeneous computer(s) or processors) in tandem. DEFINITIONS AND PRESUMPTIONS File / Computer File:
  • a computer file is one of the most basic, logical forms of storage within a computer system.
  • a computer file is typically identified, though not limited to, by unique names called the full path names or file names.
  • Meta-data / attributes typically contain size information, time of modification, time of creation, permissions to access the computer file, etc.
  • Computer files provide ways to store temporarily or permanently, user as well as program information.
  • Computer files residing in a computer system are used by users of the computer system through computer programs, which are activated either automatically or on user requests. These programs then perform various activities on the computer file.
  • a file operation typically consists of a file create operation where the file is created, a file modify operation which involves addition or deletion of information within the file, file delete operation where the files are removed from the computer system when they are no longer required, file attribute change operations where the attributes of a file may be changed to acquire the respective result this may cause, etc.
  • User Drive(s) Various computer storage types, like hard disks, floppy disks, flash memory, optical discs, magheto-optical discs, etc. are represented by some computer. systems and computer programs as drives. These logical drives provide a logical distinction, apart from simplicity of usage of computer files residing on the computer system.
  • the user drive is a logical entity which can be said to represent the logical drive or a section of a logical drive or a collection of these sections within and / or across logical drives, which contains the user related or user specified computer files.
  • a computer network is the system / technology which enables one or more computers to communicate with each other. These networks could span across distances frorti a few centimeter to thousands of kilometers. Computer networks are widely used for sharing information between computer systems.
  • Malicious software also referred to as malware or computer contaminants
  • Malicious software are undesired computer programs which are intentionally or unintentionally brought into a computer system and may cause extensive damage or undesirable changes to computer files and user information residing within. These include computer viruses, worms, trojan horses, spyware, adware, etc. These contaminants usually enter into the computer system through user actions such as executing contaminated programs, downloading infected e-mail, etc.
  • the computer system may also be contaminated by other users with malicious intentions who may have gained access to the computer system.
  • Anti-virus Systems / Spyware Detection Systems Used synonymously within this document, Anti-virus systems, spyware Detection and removal systems etc, are computer programs which can repair a contaminated computer system and / or file by removing the contaminant or preventing access to the particular file in the case or a nan repairable contaminant.
  • the process of limiting the spread of an infection by preventing access to the contaminated resource(s) is also typically referred to as a quarantine procedure.
  • Anti-virus computer programs typically use two different techniques to accomplish this:
  • Hierarchical / Incremental Storage
  • a backup program is a computer program designed to store computer files at a different location from the original computer file, for the purpose of recovering from an intentional or unintentional damage to a computer file.
  • Backup programs generally support full / incremental / hierarchical backups. Often, only computer file contents that are newer or changed, compared to the previously stored information, are stored, thereby dramatically increasing the speed of the backup process. Backup programs may also store information about every operation performed on the computer file. This procedure enhances the recovery of a computer file to a state prior to the time when a particular operation was performed on the computer file.
  • Q-drive / Quarantine Drive refers to a logical storage area. This logical storage area may reside on any of the storage types like hard disks, floppy disks, flash memory, optical discs, magneto-optical discs, etc or even a location on a computer network or a computer or processor in tandem.
  • the purpose of the Q-drive is to provide a mechanism to isolate file operations being performed on a computer file residing on the user drive and related meta-data for a period of time.
  • any file operation pertaining to the user file is processed to and from the Q-drive.
  • a Q-drive may be a physically or logically distinct singular drive. Alternately, it may be very widely distributed in compartmentalized multiplicity across various heterogeneous systems in tandem or in a network. Besides a time sequence hierarchy, it envelopes hierarchy ranging from a single stage to more stages or different levels of safety index zones through which data may physically or logically traverse while in incubation mode on the Q-drive(s).
  • Figure 1 is a diagram that illustrates an overview of the system in accordance with one embodiment of the present invention.
  • FIG. 2 is a flow chart that illustrates an overview of the system in accordance with one embodiment of the present invention.
  • Figure 3 is a flow chart that illustrates the procedure for furnishing data on every read request in accordance with an embodiment of the present invention.
  • Figure 4 is a flow chart that illustrates the procedure for executing every data modification request in accordance with an embodiment of the present invention.
  • Figure 5 is a flow chart that Illustrates the procedure for executing every file delete request in accordance with an embodiment of the present invention.
  • Figure 6 is a flow chart that illustrates the procedure for executing every data or file restore request in accordance with an embodiment of the present invention.
  • Figure 7 is a flow chart that illustrates the procedure for executing manual or automated Malware scan request in accordance with an embodiment of the present invention.
  • Figure 8 is a flow chart that illustrates the procedure for presenting data for user's view in accordance with an embodiment of the present invention.
  • Figure 9 is a flow chart that illustrates the procedure for executing every merge request in accordance with an embodiment of the present invention.
  • Figure 10 is a flow chart that illustrates the procedure for executing every anti-malware software update request in accordance with an embodiment of the present invention.
  • Figure 1 represents the interaction between the operating system or computer program(s), Q-drive Program, Q-drive and the User Drive on / across computer system(s).
  • Q-drive Program intercepts all such requests for the file data on either User Drive / Q-drive, and the respective operation Manager furnishes the request either from the User drive or Q-drive or both, depending on the nature of the request and the location of the requested file data.
  • the file data stored on the Q-drive may be placed on any of the safety index zones depending on a set of defined criteria, and may traverse within these zones depending on same or another set of defined criteria.
  • the diagram illustrates the interaction for three such requests -
  • the Read request is intercepted by the Re ⁇ ad Manager component of the Q-drive Program.
  • the Read Manager retrieves the requested file data from the appropriate drive(s) and services the requesting computer program.
  • Modify / Write request The request is intercepted by the Modify Manager component of the Q-drlve Program.
  • the Modify Manager creates / appends to the modify Log depending on number of times the file has been accessed for any such modification.
  • the Log can be Used in restore or merge operations on the said computer file.
  • Merge request The request is intercepted by the Merge Manager component of the Q-drive Program.
  • the Merge Manager retrieves the requested file data from the appropriate drive(s) and after attesting the data using appropriate Anti-virus program(s), merges (and copies / transfers) to the User Drive(s).
  • FIG. 2 is a flow chart that illustrates an overview of the system In accordance with one embodiment of the present invention.
  • File operations performed either by the computer user or a computer program are analyzed by the Q-drive computer program.
  • the file operations are serviced based on the type of the file operation using the logic described in the following flow charts.
  • the invention currently services commonly used file operations, but may be extended for other file operations.
  • the Q-drive uses the Hierarchical / Incremental Storage procedure to save information about the file operations on the Q-drive. All file operations pertaining to a particular computer file are saved as logs on the Q-drive. These logs contain the information about the file operation like the operation type, time at which the operation was performed, file property changed affected by the operation, the actual information within the computer file that was changed or added or deleted, etc.
  • Figure 3 is a flow chart that illustrates the procedure for furnishing data on every read request in accordance with an embodiment of the present invention.
  • read file operations represent operations where a user or a computer program intends to retrieve information from a stored file on the computer system.
  • the Q-drive computer program analyzes the read operation where it is presented by the name of the computer file to be read, along with the data offset of the information required and the length of the information required.
  • the Q-drive computer program then checks for the existence of the file on the Q- drive. In case of the file being present only on the user drive the request is serviced from the user drive, else it is serviced from the Q-drive. The required information is read from the appropriate drive and serviced back to the requesting user or computer program.
  • the Q-drive computer program reads the appropriate information from, both the Q-drive and the user drive to service the file operation requested.
  • Figure 4 is a flow chart that illustrates the procedure for executing every data modification request in accordance with an embodiment of the present invention.
  • modify file operations represent operations where a user or a computer program intends to modify information present in a computer file, by adding new information to the computer file, or updating any existing information within the file or removing any unnecessary information within the computer file.
  • the Q-drive computer program analyzes this request where it Ia presented with the name of the computer file to be read, along with the data offset of the information required and the length of the information required.
  • the Q-drive computer program checks if this is the first operation on the computer file. This case may arise In any of the following cases:
  • the Q-drive program logs the first entry on the Q-drive and saves the information pertaining. to the file operation on the Q-drive.
  • the Q-drive computer program adds the information pertaining to the file operation to the previously saved information about the computer file already present on the Q-drive. Any changes made by user, computer programs and malware are saved on the Q-drive as modify log information. Hence the file residing on the user drive is free from any malware contamination. Upon detection of malware initiated modify operations these operations can be un-done to restore a contaminant free version of the computer file.
  • Figure 5 is a flow chart that illustrates the procedure for executing every file delete request in accordance with an embodiment of the present invention.
  • delete file operations represent operations where a user or a computer program intends to remove all information present in a computer file and often the computer file itself from the computer system.
  • the Q-drive computer program analyzes this request where it is presented with the name of the computer file to be deleted.
  • the Q-drive program updates the information previously present on the Q-drive to mark the file as deleted.
  • the Q-drive program first follows the procedure to log information about the new file as described in the modify operation. All information pertaining to the computer file present on the user drive is moved to the Q-drive.
  • e is then deleted from the user drive. It is important to note that the information about computer file though deleted from the user drive, still resides on the Q-drive.
  • FIG. 6 is a flow chart that illustrates the procedure for executing every data or file restore request in accordance with one embodiment of the present invention.
  • restore file operations represent operations where a user or a computer program intends to un do any one or more file operations performed on the computer file.
  • the Q-drive computer program analyzes this requested where it is presented with the name of the computer file to be restored and the previous time or file operation that the computer file has to be restored to.
  • the Q-drive checks if the file exists on the Q-drive in which case it has already logged information about any file operations that have been performed on the computer file since the first log on the Q-drive.
  • the Q-drive computer program can then present the user or the computer program with the log information retained on the Q-drive.
  • the computer file can then be restored to a previous version by un doing one or more of the file operations performed on it.
  • the Q-drive computer program can not perform the restore operation on computer files, for which it does not have any file operation logs.
  • Figure 7 is a flow chart that illustrates the procedure for executing manual or automated Malware scan request in accordance with one embodiment of the present invention.
  • the Q-drive computer program periodically performs malware checking on all the log entries of all files residing on the Q-drive.
  • This malware check is performed using the commonly available Anti-virus Systems / spyware Detection Systems.
  • the updates to these computer programs are performed by the procedure that the vendors for these computer programs recommend.
  • some malware contamination may be irreparable, in which case the Q-drive computer program deletes the particular log entry or entries that this infection is present in, to recover an un-oontaminated version of the computer file.
  • the log entries are cleaned and saved back on to the Q-drive.
  • a check is also made for a Q -time age for the file operation log entries.
  • File operation log entries which are not Q-time old are retained on the Q-drive.
  • the logic behind the Q-time bases itself on the premise that there may be computer contaminants which are presently unknown and the updates to combat the contaminant may be provided by the Anti-virus Systems / spyware Detection Systems vendors with a certain delay after detection of the particular contaminant.
  • the Q-time hence accommodates for the time taken by the Anti-virus Systems / spyware Detection Systems vendors to provide for an appropriate update to their computer programs to combat the contaminant.
  • File operation log entries which are more than Q -time old and certified contaminant free by the Anti-virus Systems / spyware Detection Systems are merged to the Q-drive to the user drive by the Q-drive computer program. These log entries are then removed from the Q-drive to accommodate for newer file operations which may be performed on the computer file.
  • Figure 8 is a flow chart that illustrates the procedure for presenting data for user's view in accordance with one embodiment of the present invention.
  • the Q-drive computer program services these requests by processing all the information available about the computer file on the user drive and the Q-drlve and presenting the latest information pertaining to the computer file as though it were residing on the user drive itself.
  • Figure 9 is a flow chart that illustrates the procedure for executing every merge request in accordance with one embodiment of the present invention.
  • File merge refers to a merge request wherein the data on the Q-drive is merged (and transferred) to the User Drive(s). This can either be manual (or user triggered) or automated. In either case, an anti-virus check is invoked, post which if the data is slated clean from any kind of malware, it is moved / merged on to the User Drive(s) and the respective data is removed from the Q-drive, or alternately, the data Is cleaned if found reparable or deleted, if not reparable.
  • Figure 10 is a flow chart that illustrates the procedure for executing every anti-malware software update request in accordance with one embodiment of the present invention.
  • the Q-drive computer program periodically checks for updates to Antivirus Systems I spyware Detection Systems as recommended and suggested by the vendors. Upon detection of a new update the Q-drlve program either applies the update by itself or requests the Anti-virus Systems / spyware Detection Systems to update their contaminant definitions and removal procedures. Computer users often are either unaware of or neglect the update procedures recommended by the vendors of the malware detection and removal programs, hence the Q- drive computer program tries to keep the computer system up-to-date by performing periodic updates as required.

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Hardware Design (AREA)
  • General Engineering & Computer Science (AREA)
  • Software Systems (AREA)
  • Theoretical Computer Science (AREA)
  • Health & Medical Sciences (AREA)
  • Virology (AREA)
  • General Health & Medical Sciences (AREA)
  • Physics & Mathematics (AREA)
  • General Physics & Mathematics (AREA)
  • Information Retrieval, Db Structures And Fs Structures Therefor (AREA)

Abstract

L'invention concerne un procédé permettant d'empêcher la perte totale de données à l'aide d'un stockage hiérarchique à base temporelle qui permet de mettre en attente ou de transférer des données quelconques ou modifiées sur un ou des disque (s) quelconque(s) différencié(s), une ou des zone(s) de stockage de données, un ou des dispositif(s), etc. pendant une durée prédéterminée. L'invention concerne également un procédé permettant d'effectuer ou de sauvegarder des modifications sur le ou les disque(s)/dispositif(s) de mise en attente, etc. après expiration d'une période quiescente pouvant être prédéfinie de quarantaine préventive de données mises en attente authentifiées comme étant exemptes de conséquences de logiciel(s) malveillant(s), de défauts accidentels, etc. L'invention concerne en outre un procédé permettant de prévenir la perte accidentelle de données par récupération des données mises en attente sur le ou les disque(s) de mise en attente, etc. L'invention concerne enfin un procédé permettant de fournir sans coupure les données demandées et les informations associées indépendamment du ou des disques(s) respectif(s) sous-jacents, etc. Ledit procédé permet de limiter la perte de données uniquement en cas d'attaque connue ou inconnue des données du ou des disque(s)/dispositif(s) de mise en attente par un logiciel malveillant.
PCT/IN2006/000269 2005-08-02 2006-07-31 Systeme et procede de gestion de stockage hierarchique a base temporelle Ceased WO2007015266A2 (fr)

Applications Claiming Priority (2)

Application Number Priority Date Filing Date Title
IN2057/DEL/2005 2005-08-02
IN2057DE2005 2005-08-02

Publications (2)

Publication Number Publication Date
WO2007015266A2 true WO2007015266A2 (fr) 2007-02-08
WO2007015266A3 WO2007015266A3 (fr) 2007-07-12

Family

ID=37709014

Family Applications (1)

Application Number Title Priority Date Filing Date
PCT/IN2006/000269 Ceased WO2007015266A2 (fr) 2005-08-02 2006-07-31 Systeme et procede de gestion de stockage hierarchique a base temporelle

Country Status (1)

Country Link
WO (1) WO2007015266A2 (fr)

Cited By (11)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US8954688B2 (en) 2010-10-06 2015-02-10 International Business Machines Corporation Handling storage pages in a database system
US12131294B2 (en) 2012-06-21 2024-10-29 Open Text Corporation Activity stream based interaction
US12149623B2 (en) 2018-02-23 2024-11-19 Open Text Inc. Security privilege escalation exploit detection and mitigation
US12164466B2 (en) 2010-03-29 2024-12-10 Open Text Inc. Log file management
US12197383B2 (en) 2015-06-30 2025-01-14 Open Text Corporation Method and system for using dynamic content types
US12235960B2 (en) 2019-03-27 2025-02-25 Open Text Inc. Behavioral threat detection definition and compilation
US12261822B2 (en) 2014-06-22 2025-03-25 Open Text Inc. Network threat prediction and blocking
US12282549B2 (en) 2005-06-30 2025-04-22 Open Text Inc. Methods and apparatus for malware threat research
US12412413B2 (en) 2015-05-08 2025-09-09 Open Text Corporation Image box filtering for optical character recognition
US12437068B2 (en) 2015-05-12 2025-10-07 Open Text Inc. Automatic threat detection of executable files based on static data analysis
US12598206B2 (en) 2018-04-13 2026-04-07 Open Text Inc. Determining exploit prevention using machine learning

Family Cites Families (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
JPH11134234A (ja) * 1997-08-26 1999-05-21 Reliatec Ltd バックアップ・リストア方法およびその制御装置,並びにバックアップ・リストアプログラムを記録したコンピュータ読み取り可能な記録媒体
US6847984B1 (en) * 1999-12-16 2005-01-25 Livevault Corporation Systems and methods for backing up data files
JP2004046435A (ja) * 2002-07-10 2004-02-12 Hitachi Ltd バックアップ方法、その方法に用いた記憶制御装置
US7222143B2 (en) * 2003-11-24 2007-05-22 Lenovo (Singapore) Pte Ltd. Safely restoring previously un-backed up data during system restore of a failing system

Cited By (13)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US12282549B2 (en) 2005-06-30 2025-04-22 Open Text Inc. Methods and apparatus for malware threat research
US12210479B2 (en) 2010-03-29 2025-01-28 Open Text Inc. Log file management
US12164466B2 (en) 2010-03-29 2024-12-10 Open Text Inc. Log file management
US8954688B2 (en) 2010-10-06 2015-02-10 International Business Machines Corporation Handling storage pages in a database system
US12131294B2 (en) 2012-06-21 2024-10-29 Open Text Corporation Activity stream based interaction
US12301539B2 (en) 2014-06-22 2025-05-13 Open Text Inc. Network threat prediction and blocking
US12261822B2 (en) 2014-06-22 2025-03-25 Open Text Inc. Network threat prediction and blocking
US12412413B2 (en) 2015-05-08 2025-09-09 Open Text Corporation Image box filtering for optical character recognition
US12437068B2 (en) 2015-05-12 2025-10-07 Open Text Inc. Automatic threat detection of executable files based on static data analysis
US12197383B2 (en) 2015-06-30 2025-01-14 Open Text Corporation Method and system for using dynamic content types
US12149623B2 (en) 2018-02-23 2024-11-19 Open Text Inc. Security privilege escalation exploit detection and mitigation
US12598206B2 (en) 2018-04-13 2026-04-07 Open Text Inc. Determining exploit prevention using machine learning
US12235960B2 (en) 2019-03-27 2025-02-25 Open Text Inc. Behavioral threat detection definition and compilation

Also Published As

Publication number Publication date
WO2007015266A3 (fr) 2007-07-12

Similar Documents

Publication Publication Date Title
US11681591B2 (en) System and method of restoring a clean backup after a malware attack
US11561931B2 (en) Information source agent systems and methods for distributed data storage and management using content signatures
US11809605B2 (en) Method and system for storage-based intrusion detection and recovery
ES2445966T3 (es) Sistema y procedimiento para almacenar información redundante
US8495037B1 (en) Efficient isolation of backup versions of data objects affected by malicious software
US20120124007A1 (en) Disinfection of a file system
TWI434195B (zh) 用於管理病毒及備份過濾處理程序的方法及電腦程式產品
US20120158760A1 (en) Methods and computer program products for performing computer forensics
US20110047618A1 (en) Method, System, and Computer Program Product for Malware Detection, Analysis, and Response
US9003533B1 (en) Systems and methods for detecting malware
JP2009251853A (ja) メモリデータベース、メモリデータベースシステム及びメモリデータベース更新方法
WO2007015266A2 (fr) Systeme et procede de gestion de stockage hierarchique a base temporelle
US20070239949A1 (en) Method and apparatus for reclaiming space in memory
US20160019390A1 (en) Data management of potentially malicious content
Paik et al. Data protection based on hidden space in windows against ransomware
CN120322769A (zh) 用于恢复文件系统的方法和装置
Sitaraman Algorithms to enable forensic analysis of computer and network intrusions
Strunk Architecture and Interface of a Self-Securing Object Store

Legal Events

Date Code Title Description
121 Ep: the epo has been informed by wipo that ep was designated in this application
NENP Non-entry into the national phase

Ref country code: DE

32PN Ep: public notification in the ep bulletin as address of the adressee cannot be established

Free format text: NOTING OF LOSS OF RIGHTS PURSUANT TO R. 112(1) DATED 16.07.08

122 Ep: pct application non-entry in european phase

Ref document number: 06780549

Country of ref document: EP

Kind code of ref document: A2