Skip to Main Content
This paper puts forward a technical scheme which properly arranges IDS and optimally applies the algorithms of detection and data mining to the Honeynet environment based on a project of building automation system completed by the author recently. In this specific environment, the position of IDS is deployed reasonably and the anomaly and misuse detection algorithm of IDS is designed and selected optimally. Meanwhile, the misuse detection rules are updated dynamically with the combination of data-mining algorithm RIPPER. The design makes the classical and mature algorithms of anomaly detection, misuse detection and RIPPER data mining display their technical characteristics and advantages to the largest extent in the project and enable the Honeynet to protect the internal control network as expected.
Date of Conference: 11-12 July 2009