Detection of errors and anomalies in program execution can be a crucial task to keep software functioning and secure. Since manual identification of anomalies can be time consuming, automated methods are needed. By modeling program execution as time-evolving call graphs, graph similarity measures can be used to differentiate normal program execution from abnormal. In this report, the similarity measure weight distance is measured for call graphs in a web server in attempt to detect abnormal workloads caused by denial-of-service (DoS) attacks and the malfunction of a feature. All test scenarios were constructed with simulated workloads. The results show that detection could be made for all scenarios with abnormal workloads with a maximum of one false positive. The detection method also shows resistance to gradual changes in normal workload over time. Due to results being highly dependant on how the target software is written and how it is normally used, more testing, preferably with non-simulated usage should be performed in ordert o fully evaluate the method.