Browse Prior Art Database

A Method to Display the Command Count between Logins to Detect Potential Account Intrusion and Analyze Actions during Potential Intrusions

IP.com Disclosure Number: IPCOM000246639D
Publication Date: 2016-Jun-23
Document File: 2 page(s) / 265K

Publishing Venue

The IP.com Prior Art Database

Abstract

Disclosed is an application that informs the user of actions that occurred between user logins. The application stores a log of executed commands in a secure directory and allows the user to quickly determine whether an unauthorized individual accessed a computer account.

This text was extracted from a PDF file.
This is the abbreviated version, containing approximately 51% of the total text.

Page 01 of 2

A Method to Display the Command Count between Logins to Detect Potential Account Intrusion and Analyze Actions during Potential Intrusions

Even when a user is logged out of a computer, a malicious person can break into a user's account and implant a virus or perform some other source of malfeasance without the account owner's knowledge.

    The novel solution is an application that subtly informs the user of actions that occurred between user logins. This method allows the user to quickly determine whether an unauthorized individual had access to a computer account. When the novel application is initiated, it works as follows:
1. The application begins a log of user actions when the user logs into the computer. This log is similar to the shell log that most accounts have as setup, the equivalent of the history file.
2. The application stores the log in a secure directory that normally cannot be accessed by "root" (more on this access later).

3. As the user performs daily tasks, the application logs in the secure directory the executed commands.

4. The user logs out.

5. After a period (e.g., two hours, 12 hours, etc.), the user logs in.

6. The application looks up a user-configured file to display the last five login entries.

7. As this is the second login, the login window shows only one batch of commands (see Figure 1 below).

Figure 1


Figure 2 below depicts a user's desktop after several logins.

Figure 2


Following is each of the states as shown in Figure 2:

1


Page 02 of 2

State A: The user has logged in to start the day at 8:13 am.
(Not shown is that the user locks their account at 11:30 am for a lunch break)

State B: During lunch, someone logs into the user's account and performs 17 command actions. State C: The user comes back from lunch, logs in, and sees the three timesta...