Intruder detection method and apparatus

What is claimed is: 1. An intruder detection method comprising: a security server receiving entrant behavior information of an entrant into a controlled-access area; the security server comparing the entrant behavior information to a behavior model of an authorized person associated with the controlled-access area; and the security server generating an intruder indication if the entrant behavior information does not match a behavior sequence, corresponding to a verification prompt, included in the behavior model. 2. The method of claim 1 , wherein the method includes selecting the behavior sequence from a plurality of behavior sequences in the behavior model, with the selected behavior sequence corresponding to a predefined verification action. 3. The method of claim 1 , wherein the method includes: comparing entry location information and entry time information, received by the security server, to corresponding behavior parameters of each behavior sequence of a plurality of behavior sequences in the behavior model; generating a matching score for each behavior sequence; and selecting the behavior sequence having a highest matching score from a plurality of behavior sequences in the behavior model, with the selected behavior sequence corresponding to a predefined verification action. 4. The method of claim 1 , wherein the method includes: comparing entry location information and entry time information, received by the security server, to corresponding behavior parameters of each behavior sequence of a plurality of behavior sequences in the behavior model; generating a matching score and a disturbance score for each behavior sequence; and selecting the behavior sequence corresponding to a highest matching score or to a highest disturbance score from at least two behavior sequences if the at least two behavior sequences share a highest matching score, with the selected behavior sequence corresponding to a predefined verification action. 5. The method of claim 1 , wherein receiving the entrant behavior information includes receiving the entrant behavior information until encountering an end event in the entrant behavior information or until a verification period end, with the end event specified in the behavior sequence. 6. The method of claim 1 , wherein the method includes, in response to comparing the entrant behavior information to the behavior model: generating a behavior comparison value; and generating the intruder indication when the behavior comparison value is smaller than an alarm threshold. 7. The method of claim 1 , wherein the method includes: accumulating authorized person behavior information during a learning phase; recognizing behavior patterns in the accumulated authorized person behavior; and generating one or more behavior sequences after the learning phase has been completed, with the one or more behavior sequences being generated based on the behavior patterns. 8. The method of claim 7 , wherein the method includes obtaining at least one behavior model parameter in the behavior model for each sequence action of a plurality of sequence actions. 9. A security server comprising: a non-transitory memory comprising instructions; and one or more processors in communications with the memory, wherein the one or more processors execute the instructions to: receive entrant behavior information of an entrant into a controlled-access area; compare the entrant behavior information to a behavior model of an authorized person associated with the controlled-access area; and generate an intruder indication if the entrant behavior information does not match a behavior sequence, corresponding to a verification prompt, included in the behavior model. 10. The security server of claim 9 , wherein the one or more processors execute the instructions to select the behavior sequence from a plurality of behavior sequences in the behavior model, with the selected behavior sequence corresponding to a predefined verification action. 11. The security server of claim 9 , wherein the one or more processors execute the instructions to: compare entry location information and entry time information, received by the security server, to corresponding behavior parameters of each behavior sequence of a plurality of behavior sequences in the behavior model; generate a matching score for each behavior sequence; and select the behavior sequence having a highest matching score from a plurality of behavior sequences in the behavior model, with the selected behavior sequence corresponding to a predefined verification action. 12. The security server of claim 9 , wherein the one or more processors execute the instructions to: compare entry location information and entry time information, received by the security server, to corresponding behavior parameters of each behavior sequence of a plurality of behavior sequences in the behavior model; generate a matching score and a disturbance score for each behavior sequence; and select the behavior sequence corresponding to a highest matching score or to a highest disturbance score from at least two behavior sequences if the at least two behavior sequences share a highest matching score, with the selected behavior sequence corresponding to a predefined verification action. 13. The security server of claim 9 , wherein the instructions to receive the entrant behavior information includes instructions to receive the entrant behavior information until encountering an end event in the entrant behavior information or until a verification period end, with the end event specified in the behavior sequence. 14. The security server of claim 9 , wherein the one or more processors, in response to comparing the entrant behavior information to the behavior model, execute the instructions to: generate a behavior comparison value; and generate the intruder indication when the behavior comparison value is smaller than an alarm threshold. 15. The security server of claim 9 , wherein the one or more processors execute the instructions to: accumulate authorized person behavior information during a learning phase; recognize behavior patterns in the accumulated authorized person behavior; and generate one or more behavior sequences after the learning phase has been completed, with the one or more behavior sequences being generated based on the behavior patterns. 16. The security server of claim 15 , wherein the one or more processors execute the instructions to obtain at least one behavior model parameter in the behavior model for each sequence action of a plurality of sequence actions. 17. A non-transitory computer-readable medium storing computer instruction for executing intruder detection, wherein the instructions when executed by one or more processors, cause the one or more processors to perform operations comprising: receiving, at a security server, entrant behavior information of an entrant into a controlled-access area; comparing, in the security server, the entrant behavior information to a behavior model of an authorized person associated with the controlled-access area; and generating, in the security server, an intruder indication if the entrant behavior information does not match a behavior sequence, corresponding to a verification prompt, included in the behavior model. 18. The non-transitory computer-readable medium of claim 17 , wherein the operations include selecting the behavior sequence from a plurality of behavior sequences in the behavior model, with the selected behavior sequence correspon