A method of detecting a potential security threat on a computing system is provided. The method comprises embedding time series data relating to the computing system within a reconstructed phase space and partitioning the reconstructed phase space into a plurality of regions. The method further comprises generating a first matrix having a plurality of cells. The first matrix comprises a row and a column for each of the plurality of regions. A value stored in each cell is based on a probability that the system will transition from a first region associated with the cell to a second region associated with the cell and a rate of separation of trajectories of the embedded data within at least one of the first region and the second region. The first matrix is generated using a first set of the time series data that is associated with a normal operating condition of the computing system in which the computing system is not under attack from a security threat. The method further comprises generating a second matrix based on a second set of the time series data and comparing the first matrix and the second matrix to detect whether a potential security threat is present on the computing system.