In modern conditions, it is important that the implementation of the planned goals leads to the formation of the planned financial and administrative conditions, even in the case of the risk of unauthorized changes in computer systems and environments. There is a need to develop and implement intrusion detection systems that can collect data from various sources within computer systems and networks they protect. Operating systems have system logs, entries in system logs serve as a basis for analyzing the various causes of system failures, identifying and debugging them. Computer attacks are becoming more sophisticated, decreasing efficiency makes it difficult to use traditional anomaly detection methods, so new ones are required. These new approaches and methods are usually based, among other things, on the analysis of data obtained from the system log. After attacks, as more and more components fail, the state of the computer system gradually deteriorates, while number of resources available to perform tasks decrease. Therefore, in this study we consider control of computer nodes based on linear semi-Markov model with changes in the input stream of requests. The approach is based on the use of semi-Markov models of complex systems and analytical nodal modeling. A linear semi-Markov model is offered to describe behavior of a computer node with changes in the input stream of requests. Due to this model, estimates of the temporal functional characteristics for various operation modes of a computer node can be obtained. On its basis, it is possible to provide a response to unauthorized intrusions and, to some extent, compensate for them.