Usage pattern based user authenticator
First Claim
1. A method of user authentication at the operating system level in multi-user computer systems comprising the steps:
- learning a user'"'"'s normal command usage pattern using artificial intelligence techniques;
monitoring and reporting on user command usage patterns; and
using the reported user command usage patterns to determine when a user'"'"'s commands do not follow with the normal command usage pattern.
3 Assignments
0 Petitions
Accused Products
Abstract
A usage based pattern authenticator for monitoring and reporting on user usage patterns in an operating system using a set of security rules and user usage patterns. This computer system security tool authenticates users at the operating system level in multi-user operating systems. It supports system administrators in limiting the ability of unauthorized users to disrupt system operations using a neural network and set of rules to track usage patterns and flag suspicious activity on the system. The data collection mode collects and stores usage patterns of authenticated users. The training mode trains an artificial neural network and sets the interconnection weights of the network. The production mode monitors and reports on usage patterns, and optionally performs automatic responses when confronted with non-authenticated users.
-
Citations
19 Claims
-
1. A method of user authentication at the operating system level in multi-user computer systems comprising the steps:
-
learning a user'"'"'s normal command usage pattern using artificial intelligence techniques;
monitoring and reporting on user command usage patterns; and
using the reported user command usage patterns to determine when a user'"'"'s commands do not follow with the normal command usage pattern. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 11, 12, 13)
checking a set of system security rules when a difference in the normal command usage pattern is detected; and
automatically performing a predetermined action when command usage patterns are determined to be abnormal.
-
-
3. A method of user authentication at the operating system level in multi-user computer systems as recited in claim 2, wherein said predetermined action includes logging violations of the system security rules.
-
4. A method of user authentication at the operating system level in multi-user computer systems as recited in claim 2, wherein said predetermined action includes automatically excluding said user from further system access when an abnormal command usage pattern is detected.
-
5. A method of user authentication at the operating system level in multi-user computer systems as recited in claim 2, wherein said predetermined action includes automatically notifying the system administrator when abnormal command usage pattern is detected.
-
6. A method of user authentication at the operating system level in multi-user computer systems as recited in claim 1, wherein said operating system is the UNIX operating system.
-
7. A method of user authentication at the operating system level in multi-user computer systems as recited in claim 1, wherein the step of learning a user'"'"'s normal command usage pattern is performed using an artificial neural network.
-
8. A method of user authentication at the operating system level in multi-user computer systems as recited in claim 7, further comprising the step of storing command usage patterns in the artificial neural.
-
11. A method of user authentication at the operating system level in multi-user computer systems as recited in claim 1, wherein the step of monitoring is performed at a minimum of two threshold levels of security.
-
12. A method of user authentication at the operating system level in multi-user computer systems as recited in claim 1, wherein the step of learning a user'"'"'s normal command usage pattern is performed using a specialized expansion card in a computer system, which expansion card embodies the artificial neural network.
-
13. A method of user authentication at the operating system level in multi-user computer systems as recited in claim 1, wherein the step of monitoring a user'"'"'s normal command usage pattern is performed using a specialized expansion card in a computer system, which expansion card embodies the artificial neural network.
-
9. A method of user authentication at the operating system level in multi-user computer systems comprising the steps of:
-
learning a user'"'"'s normal usage pattern using artificial intelligence techniques using a plurality of individual artificial neural networks distributed throughout the system;
monitoring and reporting on user usage patterns; and
using the reported user usage patterns to determine when a user'"'"'s commands do not follow with the normal usage pattern. - View Dependent Claims (10)
-
-
14. A security tool for user authentication of users in a multi-user computer system comprising:
-
means for capturing user usage patterns at an operating system level of the multi-user computer system;
an artificial neural network having a training mode and a production mode set by the operating system, said artificial neural network in the training mode learning command usage patterns of users of the computer system and in the production mode monitoring and reporting on user command usage patterns; and
means responsive to an output of the artificial neural network in the production mode for determining at the operating system level, based on the reported user command usage patterns, when a user'"'"'s commands do not follow a normal command usage pattern. - View Dependent Claims (15, 16, 17, 18, 19)
means for checking a set of system security rules when a difference in the normal command usage pattern is detected; and
means for automatically performing a predetermined action when command usage patterns are determined to be abnormal.
-
-
16. A security tool for user authentication of users in a multi-user computer system as recited in claim 15, wherein said predetermined action includes logging violations of the system security rules.
-
17. A security tool for user authentication of users in a multi-user computer system as recited in claim 15, wherein said predetermined action includes automatically excluding said user from further system access when abnormal command usage pattern is detected.
-
18. A security tool for user authentication of users in a multi-user computer system as recited in claim 15, wherein said predetermined action includes automatically notifying the system administrator when abnormal command usage pattern is detected.
-
19. A security tool for user authentication of users in a multi-user computer system as recited in claim 14, wherein said artificial neural network is implemented in a specialized expansion card for a computer system.
Specification