| CPC G06F 11/0781 (2013.01) [G06F 11/079 (2013.01); G06F 11/3006 (2013.01); G06F 11/3476 (2013.01)] | 11 Claims |
|
1. A method for determining at least one machine involved in an anomaly detected in a computing infrastructure comprising a plurality M of machines, wherein M is an integer strictly greater than 1, wherein said method comprises:
configuration of a state vector structure of dimension N of a machine, N being an integer strictly greater than 2, said state vector structure distributing metric-type information and log-type information in N dimensions; determination of a time window duration; acquisition of timestamped operating data according to the configuration of the state vector structure and the time window duration; construction of a state vector, for each of the plurality M of machines from the timestamped operating data that is acquired, according to the state vector structure configured, said construction comprising
digitization of the timestamped operating data that is acquired according to the configuration of the state vector structure; normalization of the timestamped operating data that is digitized; aggregation of data by dimension;
assembly of all of each of the state vector of the plurality M of machines of N dimension into an infrastructure vector; detection of an anomaly by applying an anomaly detection method to the infrastructure vector; for the anomaly detected, the method further comprises:
application of an explanation method to the infrastructure vector producing an infrastructure explanation vector comprising M machine explanation vectors of N dimension; separation of the infrastructure explanation vector per machine; for each machine, aggregation of components of the infrastructure explanation vector to obtain an involvement indicator; determination of the machine having a highest indicator, said machine that is determined then being considered as involved in the anomaly.
|