Method and apparatus for monitoring a network data processing system
First Claim
Patent Images
1. A method in a data processing system for identifying unauthorized users, the method comprising:
- monitoring for user actions in an audit for an indication an unauthorized user logged into the data processing system with a valid user identifier and a valid password;
comparing a user action to selected activities to determine whether the user action is a selected user action;
responsive to the user action being the selected user action, initiating a process to analyze the selected user action, wherein the process determines whether the selected user action is from an unauthorized user; and
responsive to the selected being from an unauthorized user, initiating an action to handle an unauthorized access.
1 Assignment
0 Petitions
Accused Products
Abstract
A method, apparatus, and computer instructions for identifying unauthorized users. User actions are monitored in an audit for an indication an unauthorized user logged into the data processing system with a valid user identifier and a valid password. An action is initiated in response to an indication of an unauthorized user.
8 Citations
24 Claims
-
1. A method in a data processing system for identifying unauthorized users, the method comprising:
-
monitoring for user actions in an audit for an indication an unauthorized user logged into the data processing system with a valid user identifier and a valid password; comparing a user action to selected activities to determine whether the user action is a selected user action; responsive to the user action being the selected user action, initiating a process to analyze the selected user action, wherein the process determines whether the selected user action is from an unauthorized user; and responsive to the selected being from an unauthorized user, initiating an action to handle an unauthorized access. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8)
-
-
9. A method in a data processing system for handling unauthorized access to a network data processing system, the method comprising:
-
recording user actions for each user logged into the network data processing system, wherein an audit is formed; monitoring for a pattern of user actions indicating a user is an unauthorized user; analyzing the pattern of user actions to determine whether the user is unauthorized user, wherein the pattern of user actions is processed by a script; and initiating a security action if the user is identified as an unauthorized user. - View Dependent Claims (10)
-
-
11. A data processing system for identifying unauthorized users, the data processing system comprising:
-
a bus system; a communications unit connected to the bus system; a memory connected to the bus system, wherein the memory includes a set of instructions; and a processing unit connected to the bus system, wherein the processing unit executes the set of instructions to monitor for user actions in an audit for an indication an unauthorized user logged into the data processing system with a valid user identifier and a valid password;
compare a user action to selected activities to determine whether the user action is a selected user action;
responsive to the user action being the selected user action, initiate a program to analyze the selected user action, wherein the process determines whether the selected user action is form an unauthorized user; and
initiate an action to handle an unauthorized access in response to the selected action being from an unauthorized user, wherein an unauthorized user is logged off the system and the password is changed to a backup password.
-
-
12. A data processing system for handling unauthorized access to a network data processing system, the data processing system comprising:
-
a bus system; a communications unit connected to the bus system; a memory connected to the bus system, wherein the memory includes a set of instructions; and a processing unit connected to the bus system, wherein the processing unit executes the set of instructions to record user actions for each user logged into the network data processing system in which an audit is formed;
monitor for a pattern of user actions indicating a user is an unauthorized user;
analyze the pattern of user actions to determine whether the user is an unauthorized user, wherein the pattern of user actions is processed by a script;
initiate a security action if the user is identified as an unauthorized user, wherein an unauthorized user is logged off the system and a password for the user is changed to a backup password.
-
-
13. A data processing system for identifying unauthorized users, the data processing system comprising:
-
monitoring means for monitoring for user actions in an audit for an indication an unauthorized user logged into the data processing system with a valid user identifier and a valid password; comparing means for comparing a user action to selected activities to determine whether the user action is a selected action; initiating means for initiating a process to analyze the selected user action in response to the user action being the selected user action, wherein the process determines whether the selected user action is from an unauthorized user; and initiating means, responsive to the selected action being from an unauthorized user, initiating an action to handle an unauthorized access. - View Dependent Claims (14, 15, 16, 17, 18, 19, 20)
-
-
21. A data processing system for handling unauthorized access to a network data processing system, the data processing system comprising:
-
recording means for recording user actions for each user logged into the network data processing system, wherein an audit is formed; monitoring means for monitoring for a pattern of user actions indicating a user is an unauthorized user; analyzing means for analyzing the pattern of user actions to determine whether the user is an unauthorized user, wherein the pattern of user actions is processed by a script; and initiating means for initiating a security action if the user is identified as an unauthorized user. - View Dependent Claims (22)
-
-
23. A computer program product in a computer readable medium for identifying unauthorized users, the computer program product comprising:
-
first instructions for monitoring for user actions in an audit for an indication an unauthorized user logged into the data processing system with a valid user identifier and a valid password; second instructions for comparing a user action to selected activities to determine whether the user action is a selected user action; third instructions, responsive to the user action being the selected user action, for initiating a process to analyze the selected user action, wherein the process determines whether the selected user action is from an unauthorized user; and fourth instructions, responsive to the selected action being from an unauthorized user, for initiating an action to handle an unauthorized access.
-
-
24. A computer program product in a computer readable medium for handling unauthorized access to a network data processing system, the computer program product comprising:
-
first instructions for recording user actions for each user logged into the network data processing system, wherein an audit is formed; second instructions for monitoring for a pattern of user actions indicating a user is an unauthorized user; third instruction means for analyzing the pattern of user actions to determine whether the user is an unauthorized user, wherein the pattern of user actions is processed by a script and fourth instructions for initiating a security action if the user is identified as an unauthorized user.
-
Specification