An insider at a New York software company allegedly sold consumer credit reports to identity thieves for about $30 each.

An unemployed British computer administrator is fighting extradition to face federal charges in Virginia and New Jersey that he hacked into 92 U.S. military and government networks, often using easy-to-guess passwords to download confidential data.

Those and other recent data intrusions have given rise to profiling technology intended to prevent online break-ins as they happen.

Researchers at the University at Buffalo are developing software that can generate profiles of network users by analyzing the sequences of commands entered at each computer workstation.

The system, for which tests are planned this summer, could help protect military installations, government agencies and commercial networks, such as those for banking.

The software compiles regularly updated profiles by tracking how each person performs routine tasks such as opening files, sending e-mail or searching archives.

The program, designed to tell if someone has strayed into an unauthorized zone or is masquerading as an employee using a stolen password, watches for even subtle deviations in behavior. Network administrators are alerted to anomalies.

"The ultimate goal is to detect intrusions or violations occurring on the fly," said chief researcher Shambhu Upadhyaya, a computer science professor. "There are systems that try to do this in real time, but the problem is it results in too many false alarms."

Keeping false alarms to a manageable minimum is important but difficult to achieve, said Bruce Schneier, a network security and cryptography expert and author of "Secrets & Lies: Digital Security in a Networked World."

"These systems live and die on false alarms," Schneier said. "You see this problem in facial recognition, trying to catch terrorists by recognizing faces in airports. All those trials failed miserably."

The University at Buffalo is one of 36 research and teaching centers designated by the National Security Agency since 1998 to help safeguard U.S. information technology systems.

Upadhyaya, assisted by doctoral student Ramkumar Chinchani and Kevin A. Kwiat of the Air Force Research Laboratory in Rome, N.Y., began examining in 1999 whether monitoring simple user commands instead of network traffic might be faster and more effective.

Even if Upadhyaya's software is successful, it would be just one tool of the many needed to defend networks, he said.

"Hackers are a step ahead of you always," Upadhyaya said. The military "is especially worried about the insider who's been there a long time and learned all the loopholes."

Michael Kurdziel, an information security specialist at Harris Corp., which makes tactical military radios, said he believes that Upadhyaya has come up with a solid way to curtail false alarms.

"Other intrusion techniques require something like looking at audit logs after the damage has already occurred," Kurdziel said. "The advantages offered by this approach is an intruder with malicious intent can be identified very early and a system operator can contain the damage, repair it in real time and shut out the intruder.

"This really is an advance," Kurdziel said. "This means that systems that have been attacked by an intruder maliciously might not necessarily be brought down."

Shambhu Upadhyaya has written software intended to detect network intruders in "real time."