The ps aux command in Unix machines prints out a list of process currently running, along with memory usage and CPU.
I'm trying to determine if it is viable to create a neural network that uses that information during a practical period of time, let's say a week, and learns what is 'normal behavior'. The idea is that when something changes, a new process name appears, or a known process starts consuming more resources than usual the network detects it.
So the output layer is one node, > .8 let's say everything is normal, below that something is out of the ordinary behavior.
Since computer systems can behave differently depending on the weekday, and from morning to night (ex. Friday is used for backups routines, and/or Wednesdays mornings there is always a peak in network traffic), it will be also useful in the input layer to include date information.
The process names are dynamic so I suppose the input layer of this network will vary depending on the training data, but to be honest it puzzles me how to manage the inputs and what type of hidden layer will perform better, especially because I did run a simple prototype that just monitors memory and CPU of a single process during normal behaviour and it fails to detect anomalies, the topology I used was a simple perceptron 2, 10, 10, 1.