Method of remediating operations performed by a program and system thereof

What is claimed is: 1. A computer system comprising a processor operatively connected to a memory, the memory comprising: a program-level stateful model configured to model one or more entities in a computer operating system operating on the computer system, the program-level stateful model comprising: a data structure representing a state of a program, wherein the data structure comprises: a network of one or more interconnected objects representing the one or more entities constituting the program, wherein the one or more interconnected objects are derived from a sequence of operations performed in a live environment; one or more relationships among the one or more interconnected objects and the sequences of operations; and one or more object groups, wherein the one or more object groups are formed by dividing the one or more interconnected objects according to a predefined grouping rule set, and wherein each group of the one or more object groups comprises objects representing a corresponding group of entities related to the program running in the live environment, the processor configured to use the program-level stateful model to: generate an updated representation of the program based on the program-level stateful model; search for at least one other representation of another program-level stateful model similar to the updated representation of the program; and compare the updated representation of the program to the at least one other representation of another program-level stateful model. 2. The computer system of claim 1 , wherein the stateful model allows dynamic generation of one or more remediation actions. 3. The computer system of claim 1 , wherein the state of the program is a result of the sequence of operations performed in the live environment. 4. The computer system of claim 1 , wherein the stateful model further represents a composition of the program, wherein the composition comprises the one or more entities. 5. The computer system of claim 1 , wherein the sequence of operations comprises at least one malicious operation of a benign program. 6. The computer system of claim 1 , further comprising operation data comprising one or more attributes, wherein each attribute characterizes a condition of the one or more interconnected objects and/or one or more operations of the sequence of operations associated with the one or more interconnected objects. 7. The computer system of claim 6 , wherein the one or more attributes comprise one or more of: operation types, source entities of an operation, target entities of an operation, grouping information, subgroup information, object interconnections, or associated operations. 8. The computer system of claim 6 , wherein the one or more attributes include at least one operation type specific attribute, wherein the at least one operation type specific attribute comprises an attribute that is unique to a specific operation type. 9. The computer system of claim 8 , wherein the operation type is a file system operation, and the at least one operation type specific attribute comprises one or more of: file system permissions, file paths, or file sizes. 10. The computer system of claim 6 , further comprising metadata, wherein the metadata is inferred by application of a predefined algorithm to the operation data. 11. The computer system of claim 10 , wherein the metadata comprises an organizational layer that establishes order between the one or more entities. 12. The computer system of claim 10 , wherein the metadata comprises an organizational layer that establishes grouping information of the one or more objects. 13. The computer system of claim 1 , wherein the sequence of operations comprises at least one benign operation of a benign program. 14. The computer system of claim 1 , wherein the sequence of operations comprises at least one operation of a separate program that is linked to a benign program. 15. The computer system of claim 1 , wherein the stateful model is constructed using data retrieved by monitoring kernel-level operations. 16. The computer system of claim 1 , wherein the one or more entities comprise one or more of: threads, processes, files, networks, registries, windows, or memory. 17. The computer system of claim 1 , wherein the one or more interconnected objects comprise one or more of: thread objects, process objects, file objects, network objects, registry objects, windows objects, or memory objects. 18. The computer system of claim 1 , wherein at least one of the objects represents the source of one or more associated operations of the sequence of operations. 19. The computer system of claim 1 , further comprising one or more object subgroups, wherein each of object subgroup of the one or more object subgroups comprises objects related to one or more attributes related to a distinctive part of the program. 20. The computer system of claim 1 , wherein at least one of the objects represents the target of one or more associated operations of the sequence of operations.