Method of remediating operations performed by a program and system thereof

The invention claimed is: 1. A real-time dynamically updated stateful model configured to aggregate and model actions performed by and/or on one or more entities in a computer operating system, the stateful model comprising: a logical data structure representing a composition and a state of the computer operating system in a live environment, and wherein the logical data structure comprises: a network of one or more interconnected objects representing the one or more entities constituting the computer operating system, wherein the one or more interconnected objects are derived from the sequence of operations performed in the live environment; one or more relationships among the one or more interconnected objects; operation data comprising one or more attributes, wherein each attribute characterizes a condition of the one or more interconnected objects and/or one or more operations of the sequence of operations associated with the one or more interconnected objects; and one or more object groups, wherein the one or more object groups are formed by dividing the one or more interconnected objects according to a predefined grouping rule set, and wherein each group of the one or more object groups comprises objects representing a corresponding group of entities related to a program running in the live environment; wherein the state of the computer operating system is a result of a sequence of operations performed in the live environment, and wherein the composition of the computer operating system comprises the one or more entities. 2. The stateful model of claim 1 , wherein the sequence of operations comprises at least one malicious operation of a benign program. 3. The stateful model of claim 2 , wherein the at least one malicious operation is performed by a benign that has been injected or manipulated by malicious code. 4. The stateful model of claim 1 , wherein the one or more attributes comprise one or more of: operation types, source entities of an operation, target entities of an operation, grouping information, subgroup information, object interconnections, or associated operations. 5. The stateful model of claim 1 , wherein the one or more attributes include at least one operation type specific attribute, wherein the at least one operation type specific attribute comprises an attribute that is unique to a specific operation type. 6. The stateful model of claim 5 , wherein the operation type is a file system operation, and the at least one operation type specific attribute comprises one or more of: file system permissions, file paths, or file sizes. 7. The stateful model of claim 5 , wherein the operation type is a memory operation, and the at least one operation type specific attribute comprises one or more of: memory addresses, data sizes, or memory permissions. 8. The stateful model of claim 1 , wherein the sequence of operations comprises at least one benign operation of a benign program. 9. The stateful model of claim 1 , wherein the sequence of operations comprises at least one operation of a separate program that is linked to a benign program. 10. The stateful model of claim 1 , wherein the stateful model is constructed using data retrieved by monitoring kernel-level operations. 11. The stateful model of claim 1 , wherein the one or more entities comprise one or more of: threads, processes, files, networks, registries, windows, or memory. 12. The stateful model of claim 1 , wherein the one or more interconnected objects comprise one or more of: thread objects, process objects, file objects, network objects, registry objects, windows objects, or memory objects. 13. The stateful model of claim 1 , wherein the one or more attributes comprise one or more of: flags, modifiers, data structures, interactions between the one or more entities, relationships between the one or more entities, or associations between the one or more entities. 14. The stateful model of claim 1 , wherein at least one of the objects represents the source of one or more associated operations of the sequence of operations. 15. The stateful model of claim 1 , further comprising metadata, wherein the metadata is inferred by application of a predefined algorithm to the operation data. 16. The stateful model of claim 15 , wherein the metadata comprises an organizational layer that establishes order between the one or more entities. 17. The stateful model of claim 15 , wherein the metadata comprises an organizational layer that establishes grouping information of the one or more objects. 18. The stateful model of claim 1 , further comprising one or more object subgroups, wherein each of object subgroup of the one or more object subgroups comprises objects related to one or more attributes related to a distinctive part of the program. 19. The stateful model of claim 1 , wherein the one or more attributes comprise linking information connecting the one or more objects to the one or more operations of the sequence of operations. 20. The stateful model of claim 19 , wherein the linking information comprises: direct linking information, wherein the direct linking information indicates that the one or more objects are a direct source or a direct target of the one or more operations; and indirect linking information, wherein the indirect linking information indicates that the one or more objects are an indirect source or an indirect target of the one or more operations.