Skip to Main Content
For the shortcoming of traditional intrusion detection system (IDS) in complex and unknown attack detection. A distributed intrusion detection system based on honeypot was proposed. We make use of honeypot to collect the invasion characteristics on the network, and use the method of unsupervised clustering (UC) and genetic clustering to extract the data for analysis. In addition, in order to improve the detection performance of the IDS, it combined protocol analysis with signature detection modules. Experiments result show that this system can better detect intrusion and improve the overall safety performance of large-scale networks.