| 摘要 |
A computerized method, encoded on a computer-readable medium, of detecting anomalies in an event stream. The method comprises at least two acts. In a first act, the method uses a tree structure to extract a grammar having an associated set of rules, from a sample of normal behavior. In a second act, the method checks an event stream against the rules of the grammar to detect anomalies.
|
