The disclosed subject matter includes a system, which when installed in a specific host, such as an end point, or end point computer, will model its behavior over time, score new activities in real time and calculate outliers, by creating and analyzing vectors. The vectors are formed of feature values, extracted from executable processes, and the analysis includes the determining and evaluating the distance between a current vector and a cluster of vectors.