Detection, prevention, and/or mitigation of dos attacks in publish/subscribe infrastructure

What is claimed is: 1 . A computer-implemented method, comprising: analyzing, via processor, implemented at least in part in hardware, signals between a publisher and a plurality of subscribers; determining, via the processor, a probability that the signals are a DoS attack based on sampled variables; driving, via the processor, a probabilistic finite state machine having a plurality of states in which state transitions are based on computed probability; performing, via the processor, preventative processing based on state transitions determined by the probability exceeding at least a first threshold in the probabilistic finite state machine; and performing, via the processor, mitigating processing based on state transitions determined by the probability exceeding an alert threshold in the probabilistic finite state machine. 2 . The method of claim 1 , wherein performing preventative processing comprises: performing in parallel in a first state processing and a second state processing, the first state to reassess the probability to identify malicious patterns and avoid false Positives and Negatives, and the second state interpreting a Flow of Messages to track an effect of malicious flows. 3 . The method of claim 2 , wherein preventative processing further comprises: evaluating a result of the first state and a result of the second state; determining that a DoS attack has occurred based on the evaluating of the result of the first state and the result of the second state; and performing mitigating processing. 4 . The method of claim 2 , wherein preventative processing further comprises: evaluating a result of the first state and a result of the second state; determining that a DoS attack has not occurred based on the evaluating of the result of the first state and the result of the second state; and re-performing in parallel the first state and the second state, the first state while the reassessed probability is between the first threshold and the alert threshold. 5 . The method of claim 1 , wherein mitigating processing comprises: operating in parallel a filtering state and a blocking state. 6 . The method of claim 5 , wherein mitigating processing further comprises: evaluating a result of the filtering state and a result of the blocking state; determining whether a DoS attack continues based on the evaluating of the result of the filtering state and the result of the blocking state; continuing to perform mitigating processing when it is determined that the DoS attack continues; and ending the mitigating processing when it is determined that the DoS attack is no longer occurring. 7 . An apparatus for detecting a denial-of-service (DoS) attack, comprising: a processor at a first server system; and a memory communicatively coupled to the processor, the processor configured to analyze, via the processor, signals between a publisher and a plurality of subscribers; determine, via the processor, a probability that the signals are a DoS attack based on sampled variables; drive, via the processor, a probabilistic finite state machine having a plurality of states in which state transitions are based on computed probability; perform, via the processor, preventative processing based on state transitions determined by the probability exceeding at least a first threshold in the probabilistic finite state machine; and perform, via the processor, mitigating processing based on state transitions determined by the probability exceeding an alert threshold in the probabilistic finite state machine. 8 . The apparatus of claim 7 , wherein performing preventative processing comprises: performing in parallel in a first state processing and a second state processing, the first state to reassess the probability to identify malicious patterns and avoid false Positives and Negatives, and the second state interpreting a Flow of Messages to track an effect of malicious flows. 9 . The apparatus of claim 8 , wherein preventative processing further comprises: evaluating a result of the first state and a result of the second state; determining that a DoS attack has occurred based on the evaluating of the result of the first state and the result of the second state; and performing mitigating processing. 10 . The apparatus of claim 8 , wherein preventative processing further comprises: evaluating a result of the first state and a result of the second state; determining that a DoS attack has not occurred based on the evaluating of the result of the first state and the result of the second state; and re-performing in parallel the first state and the second state, the first state while the reassessed probability is between the first threshold and the alert threshold. 11 . The apparatus of claim 7 , wherein mitigating processing comprises: operating in parallel a filtering state and a blocking state. 12 . The apparatus of claim 11 , wherein mitigating processing further comprises: evaluating a result of the filtering state and a result of the blocking state; determining whether a DoS attack continues based on the evaluating of the result of the filtering state and the result of the blocking state; continuing to perform mitigating processing when it is determined that the DoS attack continues; and ending the mitigating processing when it is determined that the DoS attack is no longer occurring. 13 . A non-transitory computer-readable storage medium including instructions which when executed by a processor implemented at least in part in hardware within a computer system, causes the processor to execute a method for mitigating denial-of-service (DoS) attacks, the method comprising: analyzing, via the processor, signals between a publisher and a plurality of subscribers; determining, via the processor, a probability that the signals are a DoS attack based on sampled variables; driving, via the processor, a probabilistic finite state machine having a plurality of states in which state transitions are based on computed probability; performing, via the processor, preventative processing based on state transitions determined by the probability exceeding at least a first threshold in the probabilistic finite state machine; and performing, via the processor, mitigating processing based on state transitions determined by the probability exceeding an alert threshold in the probabilistic finite state machine. 14 . The non-transitory computer-readable medium of claim 13 , wherein performing preventative processing comprises: performing in parallel in a first state processing and a second state processing, the first state to reassess the probability to identify malicious patterns and avoid false Positives and Negatives, and the second state interpreting a Flow of Messages to track an effect of malicious flows. 15 . The non-transitory computer-readable medium of claim 14 , wherein preventative processing further comprises: evaluating a result of the first state and a result of the second state; determining that a DoS attack has occurred based on the evaluating of the result of the first state and the result of the second state; and performing mitigating processing. 16 . The non-transitory computer-readable medium of claim 14 , wherein preventative processing further comprises: evaluating a result of the first state and a result of the second state; determining that a DoS attack has not occurred based on the evaluating of the result of the first state and the result of the second state; and re-performing in parallel the first state and the