DETECTION METHOD AND INFORMATION PROCESSING DEVICE
First Claim
1. A method for detecting an anomaly in a computer system, the method comprising:
- generating a plurality of pieces of correlation information based on correlations between changes in each item in each of different pairs of items in a plurality of items per unit period of time in a time series, each item relating to at least one of an operation, a performance, or a load in the computer system, each of the plurality of pieces of correlation information being generated for the plurality of items in one unit period of time in the time series;
clustering the plurality of pieces of correlation information into a plurality of clusters, each cluster representing a state of the computer system and including a subset of the plurality of pieces of correlation information meeting a threshold for similarity;
generating transition probabilities between each pair of the plurality of clusters; and
determining the anomaly in the computer system based on the transition probability from one of the plurality of clusters in a first unit period of time to another one of the plurality of clusters in a second unit period of time.
1 Assignment
0 Petitions
Accused Products
Abstract
A method includes generating a plurality of pieces of correlation information based on correlations between changes in each item in each of different pairs of items in a plurality of items per unit period of time in a time series, each item relating to at least one of an operation, a performance, or a load in a computer system, each of the plurality of pieces of correlation information being generated for the plurality of items in one unit period of time in the time series, clustering the plurality of pieces of correlation information into a plurality of clusters, each cluster representing a state of the computer system and including a subset of the plurality of pieces of correlation information meeting a threshold for similarity, generating transition probabilities between each pair of the plurality of clusters, and determining an anomaly in the computer system based on the transition probability.
-
Citations
20 Claims
-
1. A method for detecting an anomaly in a computer system, the method comprising:
-
generating a plurality of pieces of correlation information based on correlations between changes in each item in each of different pairs of items in a plurality of items per unit period of time in a time series, each item relating to at least one of an operation, a performance, or a load in the computer system, each of the plurality of pieces of correlation information being generated for the plurality of items in one unit period of time in the time series; clustering the plurality of pieces of correlation information into a plurality of clusters, each cluster representing a state of the computer system and including a subset of the plurality of pieces of correlation information meeting a threshold for similarity; generating transition probabilities between each pair of the plurality of clusters; and determining the anomaly in the computer system based on the transition probability from one of the plurality of clusters in a first unit period of time to another one of the plurality of clusters in a second unit period of time. - View Dependent Claims (2, 3, 4, 5, 6, 7)
-
-
8. A non-transitory computer readable medium storing a computer-executable program causing a computer to execute a process, the process comprising:
-
generating a plurality of pieces of correlation information based on correlations between changes in each item in each of different pairs of items in a plurality of items per unit period of time in a time series, each item relating to at least one of an operation, a performance, or a load in a computer system, each of the plurality of pieces of correlation information being generated for the plurality of items in one unit period of time in the time series; clustering the plurality of pieces of correlation information into a plurality of clusters, each cluster representing a state of the computer system and including a subset of the plurality of pieces of correlation information meeting a threshold for similarity; generating transition probabilities between each pair of the plurality of clusters; and determining an anomaly in the computer system based on the transition probability from one of the plurality of clusters in a first unit period of time to another one of the plurality of clusters in a second unit period of time. - View Dependent Claims (9, 10, 11, 12, 13, 14)
-
-
15. An information processing device comprising:
-
a memory; and a processor coupled to the memory and configured to; generate a plurality of pieces of correlation information based on correlations between changes in each item in each of different pairs of items in a plurality of items per unit period of time in a time series, each item relating to at least one of an operation, a performance, or a load in a computer system, each of the plurality of pieces of correlation information being generated for the plurality of items in one unit period of time in the time series, cluster the plurality of pieces of correlation information into a plurality of clusters, each cluster representing a state of the computer system and including a subset of the plurality of pieces of correlation information meeting a threshold for similarity, generate transition probabilities between each pair of the plurality of clusters, and determine an anomaly in the computer system based on the transition probability from one of the plurality of clusters in a first unit period of time to another one of the plurality of clusters in a second unit period of time. - View Dependent Claims (16, 17, 18, 19, 20)
-
Specification