Technical Field
The present invention relates to computer security and, more particularly, to automatic detection of events that occur due to external user actions.
Description of the Related Art
A modern computer system generally is operated by a large number of operating system processes, some belonging to interactive activities of a human user and introduced from outside the computer system, and others which are not interactive and have internal functions such as operating system background services and other automation software. External operations may originate, for example, in a shell command, a terminal program, or a graphical user interface.
The number of such processes is so high that it can be burdensome for security analyses to quickly locate high-risk, suspicious activities and attacks if all processes are inspected.