Conventional systems for detecting fraud or misuse by users are deficient at least because conventional systems have limited abilities to recognize log file formats and access the log files. This is especially difficult when a system accesses file logs that are generated by different applications, since each application may generate a different log file format.
Other problems with conventional systems include that users may have several different ways of accessing company (or other similar organizations) systems. For example, in many instances, users may use several different user-ids and passwords to access different applications or data stores of an organization. Fraud or misuse detection systems may have no way to correlate the activity of the user across the various applications. Likewise, in some instances, evaluating the behavior of a user based on one application may not provide enough information to discern a pattern of behavior that may be indicative of fraud or misuse of a company's system or information.
Some of the prior art systems related to detecting fraud and misuse of a system are described in U.S. Pat. Nos. 5,557,742 (Method and System for Detecting Intrusion Into and Misuse of a Data Processing System), 6,347,374 (Event Detection), 6,405,318 (Intrusion Detection System), and 6,549,208 (Information Security Analysis System). Various other drawbacks exits with these systems and with other systems known in the art.