Research on Clustering Detection Method for Security Attack Behaviors Based on Air Traffic Control Network.

The problem of high similarity in attack data leading to unsatisfactory detection results of air traffic control network security attack behavior is addressed. This article designs a new clustering detection method for air traffic control network security attack behavior. Set the characteristic state of air traffic control network security attack behavior, obtain the set of air traffic control network security attack behavior characteristics through recursive feature addition method, and extract the characteristics of air traffic control network security attack behavior by determining the degree of feature criticality. Calculate the expected information gain and entropy value of feature data, determine the information gain of feature data, and reduce the interference of similar feature data. Introduce an automatic encoder in artificial intelligence algorithms to encode and decode the characteristics of air traffic control network security attack behavior, and achieve dimensionality reduction processing of air traffic control network security attack behavior data. Based on the above processing, a Unsupervised learning algorithm for clustering detection of air traffic control network security attacks is designed. Firstly, determine the distance between clustering clusters of air traffic control network security attack behavior characteristics, calculate the clustering threshold, and construct the initial clustering center. Then, recalculate the new mean of all feature objects in each cluster as the new cluster center point. Secondly, traverse all objects in the clustering cluster of air traffic control network security attack behavior feature data. Finally, clustering detection of air traffic control network security attack behavior is completed through the calculation of the objective function. The experiment takes three sets of experimental attack behavior datasets as the test subjects, with detection rate, false detection rate, and recall rate as the test indicators, and selects three similar methods for comparative testing. The experimental results show that the detection rate of the proposed method remains around 98%, the false detection rate remains below 1%, and the recall rate is above 97%. It has been proven that the proposed method can improve the detection performance of air traffic control network security attack behavior.