Cluster DetectionMethod of Endogenous Security Abnormal Attack Behavior in Air Traffic Control Network

In order to enhance the accuracy of Air Traffic Control(ATC)cybersecurity attack detection,in this paper,a new clustering detection method is designed for air traffic control network security attacks.The feature set for ATC cybersecurity attacks is constructed by setting the feature states,adding recursive features,and determining the feature criticality.The expected information gain and entropy of the feature data are computed to determine the information gain of the feature data and reduce the interference of similar feature data.An autoencoder is introduced into the AI(artificial intelligence)algorithm to encode and decode the characteristics of ATC network security attack behavior to reduce the dimensionality of the ATC network security attack behavior data.Based on the above processing,an unsupervised learning algorithm for clustering detection of ATC network security attacks is designed.First,determine the distance between the clustering clusters of ATC network security attack behavior characteristics,calculate the clustering threshold,and construct the initial clustering center.Then,the new average value of all feature objects in each cluster is recalculated as the new cluster center.Second,it traverses all objects in a cluster of ATC network security attack behavior feature data.Finally,the cluster detection of ATC network security attack behavior is completed by the computation of objective functions.The experiment took three groups of experimental attack behavior data sets as the test object,and took the detection rate,false detection rate and recall rate as the test indicators,and selected three similar methods for comparative test.The experimental results show that the detection rate of this method is about 98%,the false positive rate is below 1%,and the recall rate is above 97%.Research shows that this method can improve the detection performance of security attacks in air traffic control network.

Classification of Adversarial Attacks Using Ensemble Clustering Approach

As more business transactions and information services have been implemented via communication networks,both personal and organization assets encounter a higher risk of attacks.To safeguard these,a perimeter defence likeNIDS(network-based intrusion detection system)can be effective for known intrusions.There has been a great deal of attention within the joint community of security and data science to improve machine-learning based NIDS such that it becomes more accurate for adversarial attacks,where obfuscation techniques are applied to disguise patterns of intrusive traffics.The current research focuses on non-payload connections at the TCP(transmission control protocol)stack level that is applicable to different network applications.In contrary to the wrapper method introduced with the benchmark dataset,three new filter models are proposed to transform the feature space without knowledge of class labels.These ECT(ensemble clustering based transformation)techniques,i.e.,ECT-Subspace,ECT-Noise and ECT-Combined,are developed using the concept of ensemble clustering and three different ensemble generation strategies,i.e.,random feature subspace,feature noise injection and their combinations.Based on the empirical study with published dataset and four classification algorithms,new models usually outperform that original wrapper and other filter alternatives found in the literature.This is similarly summarized from the first experiment with basic classification of legitimate and direct attacks,and the second that focuses on recognizing obfuscated intrusions.In addition,analysis of algorithmic parameters,i.e.,ensemble size and level of noise,is provided as a guideline for a practical use.

MULTI-FIGHTER COORDINATED MULTI-TARGET ATTACK SYSTEM

A definition of self-determined priority is used in airfight decision firstly. A scheme of grouping the whole fighters is introduced, and the principle of target assignment and fire control is designed. Based on the neutral network, the decision algorithm is derived and the whole coordinated decision system is simulated. Secondly an algorithm for missile-attacking area is described and its calculational result is obtained under initial conditions. Then the attacking of missile is realized by the proportion guidance. Finally, a multi-target attack system. The system includes airfight decision, estimation of missile attack area and calculation of missile attack procedure. A digital simulation demonstrates that the airfight decision algorithm is correct. The methods have important reference values for the study of fire control system of the fourth generation fighter.

Dynamic cluster member selection method for multi-target tracking in wireless sensor network

Multi-target tracking(MTT) is a research hotspot of wireless sensor networks at present.A self-organized dynamic cluster task allocation scheme is used to implement collaborative task allocation for MTT in WSN and a special cluster member(CM) node selection method is put forward in the scheme.An energy efficiency model was proposed under consideration of both energy consumption and remaining energy balance in the network.A tracking accuracy model based on area-sum principle was also presented through analyzing the localization accuracy of triangulation.Then,the two models mentioned above were combined to establish dynamic cluster member selection model for MTT where a comprehensive performance index function was designed to guide the CM node selection.This selection was fulfilled using genetic algorithm.Simulation results show that this method keeps both energy efficiency and tracking quality in optimal state,and also indicate the validity of genetic algorithm in implementing CM node selection.

Hybrid hierarchical trajectory planning for a fixed-wing UCAV performing air-to-surface multi-target attack

This paper considers the problem of generating a flight trajectory for a single fixed-wing unmanned combat aerial vehicle （UCAV） performing an air-to-surface multi-target attack （A/SMTA） mission using satellite-guided bombs. First, this problem is formulated as a variant of the traveling salesman problem （TSP）, called the dynamic-constrained TSP with neighborhoods （DCT- SPN）. Then, a hierarchical hybrid approach, which partitions the planning algorithm into a roadmap planning layer and an optimal control layer, is proposed to solve the DCTSPN. In the roadmap planning layer, a novel algorithm based on an updatable proba- bilistic roadmap （PRM） is presented, which operates by randomly sampling a finite set of vehicle states from continuous state space in order to reduce the complicated trajectory planning problem to planning on a finite directed graph. In the optimal control layer, a collision-free state-to-state trajectory planner based on the Gauss pseudospectral method is developed, which can generate both dynamically feasible and optimal flight trajectories. The entire process of solving a DCTSPN consists of two phases. First, in the offline preprocessing phase, the algorithm constructs a PRM, and then converts the original problem into a standard asymmet- ric TSP （ATSP）. Second, in the online querying phase, the costs of directed edges in PRM are updated first, and a fast heuristic searching algorithm is then used to solve the ATSP. Numerical experiments indicate that the algorithm proposed in this paper can generate both feasible and near-optimal solutions quickly for online purposes.

Defense Against Poisoning Attack via Evaluating TrainingSamples Using Multiple Spectral Clustering Aggregation Method

The defense techniques for machine learning are critical yet challenging due tothe number and type of attacks for widely applied machine learning algorithms aresignificantly increasing. Among these attacks, the poisoning attack, which disturbsmachine learning algorithms by injecting poisoning samples, is an attack with the greatestthreat. In this paper, we focus on analyzing the characteristics of positioning samples andpropose a novel sample evaluation method to defend against the poisoning attack cateringfor the characteristics of poisoning samples. To capture the intrinsic data characteristicsfrom heterogeneous aspects, we first evaluate training data by multiple criteria, each ofwhich is reformulated from a spectral clustering. Then, we integrate the multipleevaluation scores generated by the multiple criteria through the proposed multiplespectral clustering aggregation (MSCA) method. Finally, we use the unified score as theindicator of poisoning attack samples. Experimental results on intrusion detection datasets show that MSCA significantly outperforms the K-means outlier detection in terms ofdata legality evaluation and poisoning attack detection.

Collision-Based Chosen-Message Simple Power Clustering Attack Algorithm

Chosen-message pair Simple Power Analysis (SPA) attacks were proposed by Boer, Yen and Homma, and are attack methods based on searches for collisions of modular multiplication. However, searching for collisions is difficult in real environments. To circumvent this problem, we propose the Simple Power Clustering Attack (SPCA), which can automatically identify the modular multiplication collision. The insignificant effects of collision attacks were validated in an Application Specific Integrated Circuit (ASIC) environment. After treatment with SPCA, the automatic secret key recognition rate increased to 99%.

Defence Against Adversarial Attacks Using Clustering Algorithm

Deep learning model is vulnerable to adversarial examples in the task of image classification. In this paper, a cluster-based method for defending against adversarial examples is proposed. Each adversarial example before attacking a classifier is reconstructed by a clustering algorithm according to the pixel values. The MNIST database of handwritten digits was used to assess the defence performance of the method under the fast gradient sign method (FGSM) and the DeepFool algorithm. The defence model proposed is simple and the trained classifier does not need to be retrained.

DDoS Attack Detection Using Heuristics Clustering Algorithm and Naive Bayes Classification

In recent times among the multitude of attacks present in network system, DDoS attacks have emerged to be the attacks with the most devastating effects. The main objective of this paper is to propose a system that effectively detects DDoS attacks appearing in any networked system using the clustering technique of data mining followed by classification. This method uses a Heuristics Clustering Algorithm (HCA) to cluster the available data and Na?ve Bayes (NB) classification to classify the data and detect the attacks created in the system based on some network attributes of the data packet. The clustering algorithm is based in unsupervised learning technique and is sometimes unable to detect some of the attack instances and few normal instances, therefore classification techniques are also used along with clustering to overcome this classification problem and to enhance the accuracy. Na?ve Bayes classifiers are based on very strong independence assumptions with fairly simple construction to derive the conditional probability for each relationship. A series of experiment is performed using “The CAIDA UCSD DDoS Attack 2007 Dataset” and “DARPA 2000 Dataset” and the efficiency of the proposed system has been tested based on the following performance parameters: Accuracy, Detection Rate and False Positive Rate and the result obtained from the proposed system has been found that it has enhanced accuracy and detection rate with low false positive rate.

基于凝聚层次聚类算法的ATT&CK模型改进

在应用ATT&CK模型(网络攻击模型)进行网络安全威胁分析的过程中,ATT&CK模型提供的技术集合过于复杂。针对ATT&CK模型应用复杂的问题,论文对模型的技术集进行聚类简化研究,提出了基于聚类算法的模型改进方法,首先对ATT&CK模型的技术集合进行量化和聚类趋势评估,然后对量化的数据应用凝聚层次聚类算法得到简化的聚类结果,最后通过实验验证模型改进有效性。

DCVAE与DPC融合的网络入侵检测模型研究

入侵检测是主动防御网络中攻击行为的技术,以往入侵检测模型因正常网络流量与未知攻击内在特征区分度不足,导致对未知攻击识别率不够高,本文设计基于判别条件变分自编码器与密度峰值聚类算法的入侵检测模型(DCVAE-DPC).利用判别条件变分自编码器能够生成指定类别样本的能力,学习正常网络流量特征的隐空间表示并计算其重建误差,增加其与未知攻击间的特征区分度,并使用密度峰值聚类算法求出正常网络流量重建误差的分布,提高未知攻击识别率.实验结果表明,在NSL-KDD数据集中与当前流行的入侵检测模型相比,模型的分类准确率可以达到97.08%,具有更高的未知攻击检测能力,面对当前复杂网络环境,有更强的入侵检测性能.

基于Cluster态的量子通信(英文)

提出基于Cluster态量子对话,这使得合法双方可以直接交换4位秘密信息。和3粒子W态相比较,此协议有以下优点:经过两步安全检查后,通过单光子发射和两位经典信息的帮助,可以相互传输4比特秘密信息。还可以克服拦截重发攻击、纠缠测量攻击和最优化非相干攻击。

基于PSO-KM聚类分析的通信网络恶意攻击代码检测方法

恶意代码的快速发展严重影响到网络信息安全,传统恶意代码检测方法对网络行为特征划分不明确,导致恶意攻击代码的识别率低、误报率高,研究基于PSO-KM聚类分析的通信网络恶意攻击代码检测方法;分析通信网络中恶意攻击代码的具体内容,从网络层流动轨迹入手提取网络行为,在MFAB-NB框架内确定行为特征;通过归一化算法选择初始处理中心,将分类的通信网络行为特征进行归一化处理,判断攻击速度和位置;实时跟进通信网络数据传输全过程,应用适应度函数寻求恶意代码更新最优解;基于PSO-KM聚类分析技术构建恶意代码数据特征集合,利用小批量计算方式分配特征聚类权重,以加权平均值作为分配依据检测恶意攻击代码,实现检测方法设计;实验结果表明:在文章方法应用下对恶意攻击代码检测的识别率达到95.0%以上,最高值接近99.7%,误报率可以控制在0.4%之内,具有应用价值。

集群式深度伪造信息攻击情报感知方法研究

[目的/意义]AIGC背景产物之一的集群式深度伪造信息由于主观恶性及难发现、难识别与难控制特点而易引发剧烈现实危害,其攻击情报感知尤为重要。[方法/过程]以GJK算法为基座设计深度伪造信息识别方案、以曼哈顿距离为依据建立集群式特征分析模型、以画像技术为框架提供情报结构化体系,实现攻击意图判定下的感知方法设计。为检验方法有效性,将其纳入以兵棋推演为支撑、以CMO软件为工具的仿真过程,在环境配置、交互式想定单元给定与应用匹配基础上予以执行。[结果/结论]仿真结果表明,方法设计能够有效实现深度伪造信息识别、集群式特征分析与情报画像提取功能。为使研究发挥更大效益,结合仿真结果探讨情报感知能力建设策略。[创新/局限]创新在于提供一套完整的集群式深度伪造信息攻击情报感知方法;不足在于,内容侧重于方法研究,未对理论问题进行过多论述。

1034例甲型流行性感冒患者中医证候特点的回顾性分析

目的:明确2023年春季望京地区甲型流行性感冒患者中医证候特点。方法:回顾性分析2023年2—3月中国中医科学院望京医院感染科1034例甲型流感患者临床资料,对其一般情况、中医四诊信息等进行频数统计分析。通过因子分析提炼甲型流感的中医证候要素;运用聚类方法总结甲型流感主要中医证型及分布规律。结果:1034例患者男539例,女495例,男女之比为1.09∶1;患者平均年龄(32.62±12.95)岁,14~44岁患者878例(84.91%),≥45岁患者156例(15.09%),2组在性别上差异无统计学意义(P=0.355)。排名前5位的临床症状为发热、咳嗽、咽痛、全身肌肉酸痛、头痛;舌象以舌质红、苔薄黄、苔薄白腻为主;脉象以脉浮数、脉数为主;14~44岁组发热程度高于≥45岁组,差异有统计学意义(P=0.018)。通过因子分析明确病性涉及热、外风、湿、痰等病理因素,病位在卫表和肺,与脾和少阳有关;聚类分析提炼出3类证候分别为风热犯卫证(40.62%)、热毒袭肺证(35.98%)、表寒里热证(23.40%)。结论:2023年春季望京地区甲型流行性感冒中医证候以风热犯卫为主,病性总体以实为主,病位在卫表和肺,本研究结论可为今后流感中医诊治方案的优化提供理论依据。

多维动态网络端口侧信道攻击快速定位仿真

多维动态网络中的端口侧信道攻击具有隐蔽性和随机性,攻击源多且攻击路径模糊,使得快速准确定位攻击源较为困难。为此,提出多维动态网络端口侧信道攻击快速定位方法。利用端口侧信道发射信号的频偏获取其分布特征,采用密度聚类方法(DBSCAN)展开聚类分析,检测端口侧信道攻击。将攻击所在区域网格化,结合迭代软阈值算法与奇异值分解(SVD)算法获取各个节点的分解格式,构建信道攻击快速定位模型,采用群稀疏整体最小二乘算法对其求解,快速定位信道攻击。仿真实验结果表明,所提方法可以获取高精度的信道攻击快速定位结果,虚警概率仅为0.02%,检测耗时仅为1.56 ms,CPU利用率处于10%以下,可确保多维动态网络的稳定运行。

基于局部线性重叠聚类算法的网络攻击溯源分析方法

科技的进步使得不法组织可以利用各种先进的攻击手段,对特定目标进行隐匿的、长期持续性的网络攻击。当前大部分研究基于大数据、机器学习和图谱的方法进行攻击溯源检测,从而还原攻击全貌,但其存在检测识别正确率低、算力开销大等问题。为此,提出了一种基于溯源图谱的网络攻击分析方法,利用安全产品日志中的攻击特征划分攻击社团,并结合资产和攻击信息的局部线性关系进行重叠聚类,从而还原攻击路径。该算法已应用于某企业安全运行监管系统,实践证明,其能够有效地溯源系统被入侵的过程与痕迹,改善网络安全威胁感知和预警能力。

Sensing Matrix Optimization for Multi-Target Localization Using Compressed Sensing in Wireless Sensor Network

In the multi-target localization based on Compressed Sensing(CS),the sensing matrix's characteristic is significant to the localization accuracy.To improve the CS-based localization approach's performance,we propose a sensing matrix optimization method in this paper,which considers the optimization under the guidance of the t%-averaged mutual coherence.First,we study sensing matrix optimization and model it as a constrained combinatorial optimization problem.Second,the t%-averaged mutual coherence is adopted as the optimality index to evaluate the quality of different sensing matrixes,where the threshold t is derived through the K-means clustering.With the settled optimality index,a hybrid metaheuristic algorithm named Genetic Algorithm-Tabu Local Search(GA-TLS)is proposed to address the combinatorial optimization problem to obtain the final optimized sensing matrix.Extensive simulation results reveal that the CS localization approaches using different recovery algorithms benefit from the proposed sensing matrix optimization method,with much less localization error compared to the traditional sensing matrix optimization methods.

Distributed Key Management Scheme against Sybil Attacks of Wireless Sensor Network

Wireless sensor network nodes （WSN nodes） have limited computing power, storage ca-pacity, conmmunication capabilities and energy and WSN nodes are easy to be paralyzed by Sybil at- tack. In order to prevent Sybil attacks, a new key distribution scheme for wireless sensor networks is presented. In this scheme, the key inforrmtion and node ID are associated, and then the attacker is dif-ficult to forge identity ID and the key inforrmtion corresponding to ID can not be forged. This scheme can use low-power to resist the Syhil attack and give full play to the resource advantages of the cluster head. The computing, storage and corrn^ni- cation is rminly undertaken by the cluster head o- verhead to achieve the lowest energy consumption and resist against nodes capture attack. Theoretical analysis and experimental results show that com- pared with the traditional scheme presented in Ref. [14], the capture rate of general nodes of cluster re-duces 40%, and the capture rate of cluster heads reduces 50%. So the scheme presented in this pa-per can improve resilience against nodes capture at- tack and reduce node power consumption.

Two-Tier Hierarchical Cluster Based Topology in Wireless Sensor Networks for Contention Based Protocol Suite

The 802.15.4 Wireless Sensor Networks (WSN) becomes more economical, feasible and sustainable for new generation communication environment, however their limited resource constraints such as limited power capacity make them difficult to detect and defend themselves against variety of attacks. The radio interference attacks that generate for WSN at the Physical Layer cannot be defeated through conventional security mechanisms proposed for 802.15.4 standards. The first section introduces the deployment model of two-tier hierarchical cluster topology architecture and investigates different jamming techniques proposed for WSN by creating specific classification of different types of jamming attacks. The following sections expose the mitigation techniques and possible built-in mechanisms to mitigate the link layer jamming attacks on proposed two-tier hierarchical clustered WSN topology. The two-tier hierarchical cluster based topology is investigated based on contention based protocol suite through OPNET simulation scenarios.