STUDY OF THE EFFICIENCY OF DATA PROCESSING MODELS IN THE COMPUTER NETWORK MONITORING SYSTEM

Abstract

This article provides a practical-theoretical comparison of three data processing models - Random Forest, LSTM Networks, and Support Vector Machines (SVM) - in the system of computer network monitoring. The aim of the research is to determine the effectiveness of these models in terms of anomaly detection and event classification in computer networks. To achieve this goal, the following objectives were formulated: theoretical overview of the selected models, comparison of their accuracy, analysis of efficiency and speed, evaluation of implementation complexity, and consideration of the specificity of computer network monitoring tasks. The overall conclusion from the comparative analysis of the models shows that Random Forest has high accuracy in classification and regression, is efficient in working with large volumes of data but not very effective in dealing with sequential data. LSTM Networks are suitable for working with sequential data but require significant computational resources and may have lower accuracy compared to Random Forest. SVM has high accuracy in classification and efficiency in high-dimensional data spaces but may not always be suitable for working with sequential data without transformation. The choice of a specific model for monitoring computer networks should depend on the specific context of the task, available resources, and requirements for the accuracy and efficiency of the monitoring system. Based on the comparative analysis of three data processing models: random forest, LSTM network and support vector machine in the context of computer network monitoring, several conclusions can be drawn. First, random forests show high accuracy in both classification and regression tasks, making them a strong contender for such applications. It has also proven to be efficient when processing large amounts of data, which is often the case in network monitoring scenarios. However, its limitation is that it cannot efficiently handle sequential data, which is a key aspect of network monitoring, where events often occur in chronological order. Second, LSTM networks appear to be suitable candidates for sequential data processing, a common feature of network monitoring tasks. However, they come with a trade-off — they require significant computing resources, which can pose challenges in real-time monitoring environments. Additionally, LSTM networks can be less accurate than random forests, making them less popular in some situations. Finally, SVM shows high accuracy in classification tasks and high efficiency in processing high-dimensional data spaces, which is very useful in some network monitoring scenarios. However, its applicability to serialized data without prior conversion may be limited, which may hinder its effectiveness in certain surveillance environments.