摘要 |
A set of at least one event generated by the application is received and stored in a database. The set of events corresponds to a path in the directed graph and is associated with an attribute, e.g. a process name, an instance ID or customer type. The frequency of occurrence of such sets in the database is determined and a weight, being a function of the determined frequency, is assigned to the corresponding path 1140 — 1152 in the graph. The probability of occurrence of a node in the path is determined as a function of the weight. A computer system, comprising an application, may be monitored according to the behaviour model; a message generated by the application corresponding to an event in the graph and the likelihood of occurrence of the message being determined and compared with a predefined threshold. The state of the computer system is determined as a function of the comparison: anomalous or not. |