A neural net was trained with backpropagation to identify users in a multi-user unix system, based on the shell commands they used during a login session. The trained network recognized unusual activity reliably, suggesting that user profiles is a good way to detect novel attacks.