METHOD OF PROTECTING A NETWORK COMPUTER SYSTEM FROM THE MALICIOUS ACTS OF HACKERS AND ITS OWN SYSTEM ADMINISTRATORS

摘要

A method that protects a network computer system from the malicious acts of hackers and its own system administrators includes a behavior analysis of system administrators within the confines of their particular job tasks. A suite of abnormal behavior detection models analyze each display terminal input entered by recognized system administrators. Any alerts that issue are forwarded to a case management system for investigation. A cadre of trained investigators with case management display terminals attached to control the case management system make decisions based on what is displayed to them and issue actions and reports by inputs to their display terminals. These contribute to the building and updating of a database and updating of the abnormal behavior detection models through adaptive learning. The decisions, actions and reports control the accessibility and authority of each system administrator at their respective display terminals.

主权项

1. A method of protecting a network computer system from the malicious acts of hackers and its own system administrators, comprising:
controlling any access to a computer network system by a number of unique system administrators with a limited number of display terminals; analyzing each said access by each said unique system administrator with a processor and algorithm executed by the processor that implement a suite of abnormal behavior detection models that compare single smart agent profiles of task, job, sequence, and other behaviors of unique system administrators to an instant corresponding behavior at said limited number of display terminals; alerting a case management system to build an investigation case on receipt of an alert from the abnormal behavior detection models; assigning each said investigation case to an investigator that interacts with the case management system through an investigation display terminal; displaying particulars of said investigation case to an assigned investigator through said investigation display terminal to provoke a decision on the alert; forwarding said decision from the investigation display terminal to a behavior database, abnormal behavior model update, and an adaptive learning processor and algorithm; and alternatively allowing or denying access by any system administrator at any limited number of display terminals according to each said decision of an assigned investigator.