-In this paper we investigate the problem of development effective program security systems that are used for defense against internal intrusions. We offer technology for constructing systems that protect against the internal intrusions based on non signature methods. These systems possess autonomy, adaptability and self-teach properties. We propose methods for information gathering from log files, for data consolidation, for data presentation, transmitting and storing. And the security analyst console and consolidations subsystem architectures are proposed. We show the applicability of OLAP technology for collected data analysis. Also we offer data mining algorithms for user behavior model construction based on association rules. These models can be applied for users' activity description and visualization or for users' behavior abnormality detection, including potential threat from each user. An experimental system was verified using DARPA Intrusion Detection Evaluation Program methodic. The results are shown in the paper.