Annotation: This paper discusses the problem of detecting implicit failures in distributed information systems. If the hardware or software does not provide enough data to detect a failure, then the system administrator or information security officer has to check each element of the computer system associated with the task. In this work, reducing the search for implicit failures (anomalies) is associated with construction of the hierarchical method for representing knowledge about the system. It is proposed to model information technology in the form of directed acyclic graphs. The concept of contradiction is defined, which is used to find the causes of failures and anomalies. A failure or anomaly in the implementation of the transformation is defined as a contradiction between the input and output data. The paper proposes the approximate method for solving contradiction search problems, based on the assumption that data have probabilistic origin and extraordinary data are unlikely. If the calculation results in a contradiction, then the anomaly occurred in the block under consideration and, using the detailing operation, it is possible to specify the localization of the anomaly inside the block.

Keywords: Information Security, Root Cause and Anomaly Localization, Causal Relationships, Contradictions in Data