{"title":"LLM Honeypot: Leveraging Large Language Models as Advanced Interactive Honeypot Systems","authors":"Hakan T. Otal, M. Abdullah Canbaz","doi":"arxiv-2409.08234","DOIUrl":null,"url":null,"abstract":"The rapid evolution of cyber threats necessitates innovative solutions for\ndetecting and analyzing malicious activity. Honeypots, which are decoy systems\ndesigned to lure and interact with attackers, have emerged as a critical\ncomponent in cybersecurity. In this paper, we present a novel approach to\ncreating realistic and interactive honeypot systems using Large Language Models\n(LLMs). By fine-tuning a pre-trained open-source language model on a diverse\ndataset of attacker-generated commands and responses, we developed a honeypot\ncapable of sophisticated engagement with attackers. Our methodology involved\nseveral key steps: data collection and processing, prompt engineering, model\nselection, and supervised fine-tuning to optimize the model's performance.\nEvaluation through similarity metrics and live deployment demonstrated that our\napproach effectively generates accurate and informative responses. The results\nhighlight the potential of LLMs to revolutionize honeypot technology, providing\ncybersecurity professionals with a powerful tool to detect and analyze\nmalicious activity, thereby enhancing overall security infrastructure.","PeriodicalId":501280,"journal":{"name":"arXiv - CS - Networking and Internet Architecture","volume":"56 1","pages":""},"PeriodicalIF":0.0000,"publicationDate":"2024-09-12","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"0","resultStr":null,"platform":"Semanticscholar","paperid":null,"PeriodicalName":"arXiv - CS - Networking and Internet Architecture","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/arxiv-2409.08234","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}
引用次数: 0
Abstract
The rapid evolution of cyber threats necessitates innovative solutions for
detecting and analyzing malicious activity. Honeypots, which are decoy systems
designed to lure and interact with attackers, have emerged as a critical
component in cybersecurity. In this paper, we present a novel approach to
creating realistic and interactive honeypot systems using Large Language Models
(LLMs). By fine-tuning a pre-trained open-source language model on a diverse
dataset of attacker-generated commands and responses, we developed a honeypot
capable of sophisticated engagement with attackers. Our methodology involved
several key steps: data collection and processing, prompt engineering, model
selection, and supervised fine-tuning to optimize the model's performance.
Evaluation through similarity metrics and live deployment demonstrated that our
approach effectively generates accurate and informative responses. The results
highlight the potential of LLMs to revolutionize honeypot technology, providing
cybersecurity professionals with a powerful tool to detect and analyze
malicious activity, thereby enhancing overall security infrastructure.