Today's computer systems are vulnerable to security breaches in which an intruder gains unauthorized access to an account. The misuse of highly privileged accounts, such as an administrator account, can cause major problems. An admin or admin account, as used herein, refers to an administrator account, which includes administrative privileges that may not be available to most users. For example, a computer system administrator may use the admin account to perform backup operations or to create new user accounts. These administrative privileges may be abused by an intruder who has somehow gained access to the admin account. Examples of admin accounts include the Unix root account and the Windows admin account.
An intrusion detection system (IDS) or intrusion prevention system (IPS) may help prevent a user from gaining administrator access, but once such access is gained, the ability to detect this unauthorized access is limited. Gaining access to administrative privileges also may compromise the IDS or IPS. A better solution is needed for computer system protection.