Abstract: An unauthorized-operation-judgment system judges whether an operation received by a computer is an unauthorized operation by referencing a profile to find a peculiar action. This system can handle an unauthorized operation due to a change of a computer be an authorized user and unauthorized operation by a new user whose user profile is not yet created. When a user executes a certain operation, the operation tendency and th operation tendency executed by the user are learned to create a node profile and a user, profile, which are stored in a node-profile-state table and a user-profile-state table of each user, respectively. The node profile and the user profile thus created are referenced so as to perform deviation calculation between the operation received and the normal operation pattern, thereby judging whether the operation is peculiar and calculating the possibility of an unauthorized operation as a score valve.

Abstract: For monitoring invalid data that causes a computer to execute an invalid operation, an invalidity-monitoring program monitors input/output data sent to and received from a network and an externally connected device, and allows a user to set a variety of invalidity determination and apply an efficient rule. A data-acquisition unit acquires input/output data, which is flowing on a network or an externally connected bus, and the ID of an operator. An invalid-operation-determination unit determines whether an operation is invalid by acquiring attribute information on a user corresponding to the ID from a user-storage unit by referencing a rule corresponding to attribute information from rules stored in an invalidity-rule-storage unit and defined for the respective user, and additionally, by referencing a rule that generally determines an operation as invalid regardless of the attributes stored in the invalidity-rule storage unit.