Design Of An Information Publish/Subscribe System Based On Flow Channel And Its Application In Security

Publish/Subscribe(pub/sub) system, which has important characteristics of freecoupling to the time, space and controlling in information management, is a keytechnology for the information dissemination in distributed computing. Overlayinfrastructure is a vital component of the system. The overlay based on Broker can’twork if there is one node became invalid, and it’s very hard to maintain the event routebased on p2p unstructured overlay. Therefore, the p2p structured overlay which isstrongly self-organized and efficient turns into the research focus in pub/sub system.Besides, the impaction of distributed information systems become more and moreprominent in the application of cooperated network security. However, in the case ofmalware, single-point collection and analysis technology has the weakness of limitedsamples, low veracity and validity. And the mechanism that distributed collection andcentralized analysis shows the bottleneck in computing and communic ation cost. Forthese reasons, cooperative dissemination system(CDS) is designed, an informationpub/sub system which based on flow channel, and is applied to the analysis of malwarebehavior. The main contributions of the thesis are as followed:Firstly, the conception, component and application of the pub/sub system areanalyzed briefly. The CDS is designed, and the subscription model based on the contentof information is accomplished. Subjects are encapsulated in the specific flow channelin order that the subscribers can obtain the events as their wishes through the flowidentifiers. In this way, the system can efficiently and safely achieve thecommunications between the publishers and subscribers.Secondly, for the sake of hierarchical information dissemination, informationpub/sub system model which consists of data layer and information layer is built. In thedata layer, the distributed hash table route algorithm is adopted to implement datarouting function, it can find the target resource availably and has good-organization,fault-tolerant and scalability; in the information layer, distributed information table,which consists of local channel chains and remote node chains, is designed to subscribeand push the events exactly and efficiently, so the system can be applied to large-scaledynamic network frameworks.Thirdly, communication mechanism which is composed of API, agency and serverlayers in order to make the publishers and subscribers to communicate with each otheris designed in this thesis. The API layer is responsible for providing interface functionsand accomplishing some basic function, agency layer deals with the event subscriptionand matching requirements, and the servers manage the event subjects and maintaindynamic events dissemination. Cooperative dissemination algorithm is proposed toverifies many items in the experiments, and the results ind icate that CDS show good stability and efficient performance in the case of dynamic network frameworks.Finally, CDS is applied to the network security, the malware signature clusteringmodel based on CDS is built, the distributed hierarchical clustering algorithm whichtake the minimum spanning tree mechanism as foundation is designed. It takes threesteps to deal with the malware behaviors which are subscription division, distributedapperceive and signature clustering, distill representative behavior signature from amass of signature segments. The goal that fully distributed and intelligent analysis ofmalware behaviors is achieved, validity and efficiency of the application in malwaredetection are validated via theory and experiment results.