System Wide Information Management (SWIM) is a distributed, large-scale network system that provides uninterrupted aviation information data sharing and transmission services to air traffic management departments, airports and airlines in real time. In order to guarantee the continuity of SWIM services, the emergency response mechanism of SWIM based on subscription/release service was studied. Firstly, by real-time monitoring various performance indicators of SWIM network, a network survivability evaluation method based on improved fuzzy analytic hierarchy process was proposed. Secondly, when the network survivability index fell below the boundary value of the parameter, the corresponding information was published to the subscriber. It was determined by the subscriber whether to perform the service migration. Finally, an Emergency Response Model based on Subscribe/Publish service (ERMSP) for SWIM was proposed for natural disasters and Distributed Denial of Service (DDoS) attacks. The model is based on subscribe, publish and trust management mechanisms. Simulation experimental results show that the resistibility is improved by 8.9% and the business continuity is improved by 18.2% by real-time monitoring of network performance indicators and deployment of ERMSP, which can realize the emergency response of SWIM.

Aiming at the problem that System Wide Information Management (SWIM) system is affected by Distributed Denial of Service (DDoS) attacks in the application layer, a detection approach of SWIM application layer DDoS attack based on Hidden Semi-Markov Model (HSMM) was proposed. Firstly, an improved forward-backward algorithm was adopted, and HSMM was used to establish dynamic anomaly detection model to dynamically track the browsing behaviors of normal SWIM users. Then, normal detection interval was obtained by learning and predicting normal SWIM user behaviors. Finally, access packet size and request time interval were extracted as features for modeling, and the model was trained to realize anomaly detection. The experimental results show that the detection rate of the proposed approach is 99.95% and 91.89% in the case of attack 1 and attack 2 respectively. Compared with the HSMM constructed by fast forward-backward algorithm, the detection rate is improved by 0.9%. It can be seen that the proposed approach can effectively detect the application layer DDoS attacks of SWIM system.