CPC G06F 11/3082 (2013.01) [G06F 11/076 (2013.01); G06F 11/0772 (2013.01); G06F 11/3075 (2013.01)] | 19 Claims |
1. An anomaly detection method comprising:
acquiring a plurality of reference data including a number of log outputs of different devices with respect to different aggregate units;
acquiring target data including a number of log outputs of a target device with respect to a first aggregate unit included in the different aggregate units;
determining a first reference data, among the plurality of reference data, based on similarity between the target data and each of the plurality of reference data; and
detecting that the target device has an anomaly based on the first reference data and the target data.
|