A publish-subscribe network includes a network infrastructure configured to support the exchange of data. An intrusion detection system is coupled to the network infrastructure and configured to process signals received from that infrastructure in order to detect malicious attacks on the network infrastructure. The intrusion detection system includes an evaluator that generates a set of indicators based on the received signals. The evaluator models these indicators as stochastic processes, and then predicts an attack probability for each indicator based on a predicted future state of each such indicator. The evaluator combines the various attack probabilities and determines an overall attack level for the network infrastructure. Based on the attack level, the intrusion detection system dispatches a specific handler to prevent or mitigate attacks.