I write an IDS(in C) for a KNX network for my thesis. For this, I just store all the telegrams within an SQLite database. But I'm not sure if a SQL database is the best here. I want to "ask questions to the data" like: is the source/destination address known Is the value within the known value range? (e.g temperature sensor sends always values between 18 and 25°C) those questions may be answerable with an SQL statement But a question like this would be way harder to answer with plain SQL What is the probability of one telegram following another? (not just the direct ancestor, but e.g the 5 ancestors)

Data storage for Intrusion Detection System

Data Science Asked by user2071938 on December 16, 2020

I write an IDS(in C) for a KNX network for my thesis.

For this, I just store all the telegrams within an SQLite database.
But I’m not sure if a SQL database is the best here.

I want to "ask questions to the data" like:

is the source/destination address known
Is the value within the known value range? (e.g temperature sensor sends always values between 18 and 25°C)

those questions may be answerable with an SQL statement
But a question like this would be way harder to answer with plain SQL

What is the probability of one telegram following another? (not just the direct ancestor, but e.g the 5 ancestors)

Get help from others!

Recent Answers