Intruder detection method and apparatus

What is claimed is: 1. An intruder detection method, comprising: a security server sending a verification prompt to a device in a controlled-access area, based on an entry indication of an entrant into the controlled-access area, with the verification prompt indicating the entrant should perform a predefined verification action; the security server receiving entrant behavior information; the security server comparing the entrant behavior information to a behavior model of a set of authorized persons associated with the controlled-access area, with the behavior model including the verification prompt; and the security server generating an intruder indication if the entrant behavior information does not match a behavior sequence included in the behavior model. 2. The method of claim 1 , with the entry indication including an entrant identity obtained during an entry event, with the method further comprising the preliminary steps of: comparing the entrant identity and the entrant behavior information to authorized person information of the set of authorized persons; and performing the sending, receiving, comparing, and generating steps if either of the entrant identity or the entrant behavior information does not match the authorized person information. 3. The method of claim 1 , wherein before sending the verification prompt, the method further comprising: selecting the behavior sequence from a plurality of behavior sequences in the behavior model, with the selected behavior sequence corresponding to the predefined verification action. 4. The method of claim 1 , wherein before sending the verification prompt, the method further comprising: comparing entry location information and entry time information in the entry indication to corresponding behavior parameters of each behavior sequence of a plurality of behavior sequences in the behavior model; generating a matching score for each behavior sequence; and selecting the behavior sequence having a highest matching score from a plurality of behavior sequences in the behavior model, with the selected behavior sequence corresponding to the predefined verification action. 5. The method of claim 1 , wherein before sending the verification prompt, the method further comprising: comparing entry location information and entry time information in the entry indication to corresponding behavior parameters of each behavior sequence of a plurality of behavior sequences in the behavior model; generating a matching score and a disturbance score for each behavior sequence; and selecting the behavior sequence corresponding to the highest matching score or to the highest disturbance score from at least two behavior sequences if the at least two behavior sequences share a highest matching score, with the selected behavior sequence corresponding to the predefined verification action. 6. The method of claim 1 , with the receiving the entrant behavior information comprising receiving the entrant behavior information until encountering an end event in the entrant behavior information or until a verification period end, with the end event specified in the selected behavior sequence. 7. The method of claim 1 , with the comparing the entrant behavior information to the behavior model comprising: comparing the entrant behavior information to the behavior model and generating a behavior comparison value; and generating the intruder indication when the behavior comparison value is smaller than an alarm threshold. 8. The method of claim 1 , before sending the verification prompt, the method further comprising: accumulating authorized person behavior information during a learning phase; recognizing behavior patterns in the accumulated authorized person behavior; and generating one or more behavior sequences after the learning phase has been completed, with the one or more behavior sequences being generated based on the behavior patterns. 9. The method of claim 8 , wherein the accumulating the authorized person behavior actions during the learning phase comprises: sending a behavior model prompt to the device, based on at least one behavior parameter specified in the behavior model, with the behavior model prompt indicating the authorized person to perform a specified authorized person action; and receiving authorized person behavior information in response to the behavior model prompt. 10. The method of claim 9 , before sending the behavior model prompt, the method further comprising: obtaining the at least one behavior model parameter for each sequence action of a plurality of sequence actions. 11. A security server, comprising: a non-transitory memory comprising instructions; and one or more processors in communications with the memory, wherein the one or more processors execute the instructions to: send a verification prompt to a device in a controlled-access area, based on an entry indication of an entrant into the controlled-access area, with the verification prompt indicating the entrant should perform a predefined verification action; receive entrant behavior information; compare the entrant behavior information to a behavior model of a set of authorized persons associated with the controlled-access area, with the behavior model including the verification prompt; and generate an intruder indication if the entrant behavior information does not match a behavior sequence included in the behavior model. 12. The security server of claim 11 , with the entry indication including an entrant identity obtained during an entry event, with the method further comprising the preliminary steps of: comparing the entrant identity and the entrant behavior information to authorized person information of the set of authorized persons; and performing the sending, receiving, comparing, and generating steps if either of the entrant identity or the entrant behavior information does not match the authorized person information. 13. The security server of claim 11 , wherein before sending the verification prompt, the method further comprising: selecting the behavior sequence from a plurality of behavior sequences in the behavior model, with the selected behavior sequence corresponding to the predefined verification action. 14. The security server of claim 11 , wherein before sending the verification prompt, the method further comprising: comparing entry location information and entry time information in the entry indication to corresponding behavior parameters of each behavior sequence of a plurality of behavior sequences in the behavior model; generating a matching score for each behavior sequence; and selecting the behavior sequence having a highest matching score from a plurality of behavior sequences in the behavior model, with the selected behavior sequence corresponding to the predefined verification action. 15. The security server of claim 11 , wherein before sending the verification prompt, the method further comprising: comparing entry location information and entry time information in the entry indication to corresponding behavior parameters of each behavior sequence of a plurality of behavior sequences in the behavior model; generating a matching score and a disturbance score for each behavior sequence; and selecting the behavior sequence corresponding to the highest matching score or to the highest disturbance score from at least two behavior sequences if the at least two behavior sequences share a highest matching score, with the selected behavior sequence corresponding to the predefined verification action. 16. The security server o