According to security survey of foreign research institutions, the proportion of security incidents caused by human factors is as high as 60%. To reduce such kind of security incidents, many enterprises and government agencies control the server access with jump station to prevent internal hosts form directly logging to the server. However, as the Security Operator Center (SOC) administrators usually logging to remote Front-end Security Appliance (FSA) with a shared account, when multiple SOC administrators logging to a remote FSA from the same jump station, it will produce the accountability problem, which means we don’t know which administrator is responsible for the logon action. To solve this problem, in this thesis, we analyze the SOC monitoring framework and design an Account Correlation System (ACS). The ACS collects the jump station connection logs and firewall traffic logs and servers audit logs, and then correlates these logs according to a set of correlation rules designed in this study. Our experimental results show that the ACS can effectively solve the accountability problem in an SOC environment.