@article{Gavrylenko_Sheverdin_2021, title={DEVELOPMENT OF METHOD TO IDENTIFY THE COMPUTER SYSTEM STATE BASED ON THE «ISOLATION FOREST» ALGORITHM }, url={http://ric.zntu.edu.ua/article/view/227775}, DOI={10.15588/1607-3274-2021-1-11}, abstractNote={<p>Context. The problem of identification a computer system state was investigated. The object of the research is the identification process of the computer system state. The subject of the research is computer system state identifying means and methods.</p> <p>Objective. The purpose of the work is to develop a method for identifying the computer system state.</p> <p>Method. The method has been developed for identifying a computer system state based on integrated use the procedure for grouping unlabeled initial data and using machine learning technology based on the «Isolation Forest» algorithm, which provides to identify a computer system state and to distinguished the process name that initiated the abnormal state. Therefore, for collecting statistical data in the form of operating system functioning events, data method has been proposed and developed along with software. The analysis of functioning events has been performed. The result of analysis showed that the most informative are read and write operations. To set up a single dataset, read and write operations compared with the process name and combined into one array of event groups, so that it is possible to single out the process that causes the abnormal state of the computer system. As a result of the research, the «Isolation Forest» algorithm has been selected as a component of the method for identifying the computer system state. An accuracy and efficiency assessment of the developed method of identifying a computer system state has been carried out.</p> <p>Results. The developed method is implemented and investigated when solving the problem of identifying anomalies in the functioning of computer systems.</p> <p>Conclusions. The experiments carried out confirmed the efficiency of the proposed method. It allows us recommended the method for practical use in order to improve efficiency of identifying the computer system state and use it as an express method. Areas for further research may lie in the creation of the ensemble of fuzzy trees based on the proposed method and optimization of this software implementation.</p>}, number={1}, journal={Radio Electronics, Computer Science, Control}, author={Gavrylenko , S. Y. and Sheverdin, I. V.}, year={2021}, month={Mar.}, pages={105–116} }