Protecting the endpoints of an information system from cyber attacks determines the search and development of methods for detecting such attacks using artificial intelligence. The dynamics of the increase in the number of information threats of various types leads to the need to use machine learning methods to classify the functioning of automated control systems, including computing processes in automated control systems. The purpose of the study is to classify the computational processes of the created database for detecting illegitimate processes, taking into account minimizing the number of process parameters to achieve acceptable detection quality. Methods: as a mathematical tool, it is proposed to use a model trained on the created dataset and a correlation matrix based on Pearson coefficients to determine a group of parameters of computational processes. Results: an analysis of the data set based on Pearson correlation coefficients was carried out, which allows minimizing the number of parameters of the input data of the model. It is proposed to use the random forest method for the functioning of the model in solving the binary classification problem of detecting illegitimate computing processes in the automated control system. The effectiveness of the proposed model is evaluated by classification metrics: Precision, Recall, The developed model was tested at fixed volumes, training and testing samples. The work of the model was evaluated using the ROC curve and the PR curve.

Keywords: machine learning, binary classification, computational processes, database, data processing, model testing