related work
Various expert systems for analyzing logs
- Systems remain vigilant even given megs of log data every day, where humans throw away data
NIDES (ftp://ftp.csl.sri.com/nides)
- Defines a set of events (e.g. directory modification, password file access, etc.)
- Complex statistical algos for reporting anomalies while still adaptively learning new user behavior
Keystroke Dynamics - knows how users type