主权项 |
1. A method of protecting a network computer system from the malicious acts of hackers and its own system administrators, comprising:
controlling any access to a computer network system by a number of unique system administrators with a limited number of display terminals; analyzing each said access by each said unique system administrator with a processor and algorithm executed by the processor that implement a suite of abnormal behavior detection models that compare single smart agent profiles of task, job, sequence, and other behaviors of unique system administrators to an instant corresponding behavior at said limited number of display terminals; alerting a case management system to build an investigation case on receipt of an alert from the abnormal behavior detection models; assigning each said investigation case to an investigator that interacts with the case management system through an investigation display terminal; displaying particulars of said investigation case to an assigned investigator through said investigation display terminal to provoke a decision on the alert; forwarding said decision from the investigation display terminal to a behavior database, abnormal behavior model update, and an adaptive learning processor and algorithm; and alternatively allowing or denying access by any system administrator at any limited number of display terminals according to each said decision of an assigned investigator. |