TY - GEN
T1 - LLM Honeypot
T2 - 2024 IEEE Conference on Communications and Network Security, CNS 2024
AU - Otal, Hakan T.
AU - Canbaz, M. Abdullah
N1 - Publisher Copyright: © 2024 IEEE.
PY - 2024
Y1 - 2024
N2 - The rapid evolution of cyber threats necessitates innovative solutions for detecting and analyzing malicious activity. Honeypots, which are decoy systems designed to lure and interact with attackers, have emerged as a critical component in cybersecurity. In this paper, we present a novel approach to creating realistic and interactive honeypot systems using Large Language Models (LLMs). By fine-tuning a pre-trained open-source language model on a diverse dataset of attacker-generated commands and responses, we developed a honeypot capable of sophisticated engagement with attackers. Our methodology involved several key steps: data collection and processing, prompt engineering, model selection, and supervised fine-tuning to optimize the model's performance. Evaluation through similarity metrics and live deployment demonstrated that our approach effectively generates accurate and informative responses. The results highlight the potential of LLMs to revolutionize honeypot technology, providing cybersecurity professionals with a powerful tool to detect and analyze malicious activity, thereby enhancing overall security infrastructure.
AB - The rapid evolution of cyber threats necessitates innovative solutions for detecting and analyzing malicious activity. Honeypots, which are decoy systems designed to lure and interact with attackers, have emerged as a critical component in cybersecurity. In this paper, we present a novel approach to creating realistic and interactive honeypot systems using Large Language Models (LLMs). By fine-tuning a pre-trained open-source language model on a diverse dataset of attacker-generated commands and responses, we developed a honeypot capable of sophisticated engagement with attackers. Our methodology involved several key steps: data collection and processing, prompt engineering, model selection, and supervised fine-tuning to optimize the model's performance. Evaluation through similarity metrics and live deployment demonstrated that our approach effectively generates accurate and informative responses. The results highlight the potential of LLMs to revolutionize honeypot technology, providing cybersecurity professionals with a powerful tool to detect and analyze malicious activity, thereby enhancing overall security infrastructure.
KW - Cybersecurity
KW - Fine-Tuning
KW - Honeypot
KW - Large Language Models
UR - https://www.scopus.com/pages/publications/85210567472
U2 - 10.1109/CNS62487.2024.10735607
DO - 10.1109/CNS62487.2024.10735607
M3 - Conference contribution
T3 - 2024 IEEE Conference on Communications and Network Security, CNS 2024
BT - 2024 IEEE Conference on Communications and Network Security, CNS 2024
PB - Institute of Electrical and Electronics Engineers Inc.
Y2 - 30 September 2024 through 3 October 2024
ER -