Aiming at the problem that System Wide Information Management (SWIM) system is affected by Distributed Denial of Service (DDoS) attacks in the application layer, a detection approach of SWIM application layer DDoS attack based on Hidden Semi-Markov Model (HSMM) was proposed. Firstly, an improved forward-backward algorithm was adopted, and HSMM was used to establish dynamic anomaly detection model to dynamically track the browsing behaviors of normal SWIM users. Then, normal detection interval was obtained by learning and predicting normal SWIM user behaviors. Finally, access packet size and request time interval were extracted as features for modeling, and the model was trained to realize anomaly detection. The experimental results show that the detection rate of the proposed approach is 99.95% and 91.89% in the case of attack 1 and attack 2 respectively. Compared with the HSMM constructed by fast forward-backward algorithm, the detection rate is improved by 0.9%. It can be seen that the proposed approach can effectively detect the application layer DDoS attacks of SWIM system.

Considering the data security problems of service sharing in SWIM (System Wide Information Management), the risks in the SWIM business process were analyzed, and a malicious data filtering method based on Latent Dirichlet Allocation (LDA) topic model and content mining was proposed. Firstly, big data analysis was performed on four kinds of SWIM business data, then LDA model was used for feature extraction of business data to realize content mining. Finally, the pattern string was searched in the main string by using KMP (Knuth-Morris-Pratt) matching algorithm to detect SWIM business data containing malicious keywords. The proposed method was tested in the Linux kernel. The experimental results show that the proposed method can effectively mine the content of SWIM business data and has better detection performance than other methods.