Cluster DetectionMethod of Endogenous Security Abnormal Attack Behavior in Air Traffic Control Network

In order to enhance the accuracy of Air Traffic Control(ATC)cybersecurity attack detection,in this paper,a new clustering detection method is designed for air traffic control network security attacks.The feature set for ATC cybersecurity attacks is constructed by setting the feature states,adding recursive features,and determining the feature criticality.The expected information gain and entropy of the feature data are computed to determine the information gain of the feature data and reduce the interference of similar feature data.An autoencoder is introduced into the AI(artificial intelligence)algorithm to encode and decode the characteristics of ATC network security attack behavior to reduce the dimensionality of the ATC network security attack behavior data.Based on the above processing,an unsupervised learning algorithm for clustering detection of ATC network security attacks is designed.First,determine the distance between the clustering clusters of ATC network security attack behavior characteristics,calculate the clustering threshold,and construct the initial clustering center.Then,the new average value of all feature objects in each cluster is recalculated as the new cluster center.Second,it traverses all objects in a cluster of ATC network security attack behavior feature data.Finally,the cluster detection of ATC network security attack behavior is completed by the computation of objective functions.The experiment took three groups of experimental attack behavior data sets as the test object,and took the detection rate,false detection rate and recall rate as the test indicators,and selected three similar methods for comparative test.The experimental results show that the detection rate of this method is about 98%,the false positive rate is below 1%,and the recall rate is above 97%.Research shows that this method can improve the detection performance of security attacks in air traffic control network.

An In-Depth Study of Complex Power System Dynamic Behavior Characteristics for Chinese UHV Power Grid Security

In this paper,a series of major policy decisions used to improve the power grid reliability,reduce the risk and losses of major power outages,and realize the modernization of 21st century power grid are discussed. These decisions were adopted by American government and would also be helpful for the strategic development of Chinese power grid. It is proposed that China should take precaution,carry out security research on the overall dynamic behaviour characteristics of the UHV grid using the complexity theory,and finally provide safeguard for the Chinese UHV grid. It is also pointed out that,due to the lack of matured approaches to controll a cascading failure,the primary duty of a system operator is to work as a "watchdog" for the grid operation security,eliminate the cumulative effect and reduce the risk and losses of major cascading outages with the help of EMS and WAMS.

A Hierarchical P2P Model and a Data Fusion Method for Network Security Situation Awareness System

A hierarchical peer-to-peer（P2P）model and a data fusion method for network security situation awareness system are proposed to improve the efficiency of distributed security behavior monitoring network.The single point failure of data analysis nodes is avoided by this P2P model,in which a greedy data forwarding method based on node priority and link delay is devised to promote the efficiency of data analysis nodes.And the data fusion method based on repulsive theory-Dumpster/Shafer（PSORT-DS）is used to deal with the challenge of multi-source alarm information.This data fusion method debases the false alarm rate.Compared with improved Dumpster/Shafer（DS）theoretical method based on particle swarm optimization（PSO）and classical DS evidence theoretical method,the proposed model reduces false alarm rate by 3%and 7%,respectively,whereas their detection rate increases by 4%and 16%,respectively.

Comparison of SETAM with Security Use Case and Security Misuse Case:A Software Security Testing Study

A software security testing behavior model,SETAM,was proposed in our previous work as the integrated model for describing software security testing requirements behavior,which is not only compatible with security functions and latent typical misuse behaviors,but also with the interaction of them.In this paper,we analyze the differences between SETAM with security use case and security misuse case in different types of security test requirements.To illustrate the effectiveness of SETAM,we compare them in a practical case study by the number of test cases and the number of faults detected by them.The results show that SETAM could decrease about 34.87% use cases on average,and the number of faults detected by SETAM increased by 71.67% in average,which means that our model can detect more faults with fewer test cases for software security testing.