This paper proposes the design of a behaviour-based Intrusion Detection System (IDS), adopting Fuzzy hashing and Normalized Compression Distance (NCD) to determine similarity in behavioural profiles of worms and malware. The system runs in parallel with an existing knowledge or misuse-based system like Snort, but augments the intrusion detection capabilities by revealing malicious behaviour or activities within the Honeynet. The system integrates into a Honeynet, where the network-based events will be trapped by the gateway device, while system-based events will be trapped on the Honeypot(s). Results of prototype network system components are also discussed.