Integrating LLMs with Honeypots and IPS for Advanced Cybercrime Detection
الكلمات المفتاحية:
SSH Honeypot، Cyber Security، Large Language Models (LLMs)، Wordpot Honeypot، Deception Technology، Network Security، Honey Netالملخص
This study presents an advanced cybersecurity framework that leverages Honeypot technology integrated with a fine-tuned Large Language Model (LLM) and an Intrusion Prevention System (IPS) to combat cybercrime. The proposed system emulates an SSH server environment to attract malicious actors, capturing and analyzing their activities using a custom-trained LLM based on 617 Linux command-response pairs obtained from Cowrie logs and public datasets. Optimization techniques such as LoRA and QLoRA were employed to enhance model efficiency while minimizing computational overhead. Concurrently, the IPS component monitors and blocks suspicious traffic in real time, further strengthening the defense posture. Experimental validation through brute-force simulations using Kali Linux and Nmap demonstrated the system’s capacity to realistically imitate server behavior and effectively extract actionable intelligence from attacker interactions. Despite integration and maintenance challenges, the proposed solution offers a robust mechanism for proactive threat detection and response.
المراجع
Beringer, M. L., Chelmiki, C., & Fujinoki, H. (2012). Survey: Recent developments and future trends in honey bowl research. International Journal of Computer Network and Information Security.
https://www.mecs-press.org/ijcnis/ijcnis-v4-n3/IJCNIS-V4-N3-1.pdf
Lanka, P., Gupta, K., & Varol, C. (2024). Intelligent threat detection—AI-driven analysis of honeypot data to counter cyber threats. Electronics, 13(13), 2465.
https://www.mdpi.com/2079-9292/13/13/2465
Mahmoud, E. (2025). Enhancing hosting infrastructure management with AI-powered automation.
https://www.theseus.fi/handle/10024/882571
Touvron, H., Martin, L., et al. (2023). LLaMA 2: Open foundation and controlled chat models. Meta AI Research.
Osterhof, M. (n.d.). Cowrie documentation (v2.5.0).
https://cowrie.readthedocs.io/
Hindy, H., Bayne, E., Atkinson, R., Tachtatzis, C., & Andonovic, I. (2020). Network threat classification and the impact of current data sets on intrusion detection systems. IEEE Access, 8, 104650–104675.
https://doi.org/10.1109/ACCESS.2020.2994769
Sommer, R., & Paxson, V. (2014). Flow-based intrusion detection: Technologies and challenges. Passive and Active Measurement Conference (PAM).
https://link.springer.com/chapter/10.1007/978-3-319-04918-2_17
Deshmukh, S., Rade, R., & Kazi, D. F. (2019). Attacker forms random profiling of hidden Markov models. International Journal of Scientific Research and Review.
https://ijsrr.org/down_3848.php
Sladdic, M., Valeros, F., Catania, C., & Garcia, S. (2023). Master of the crust: Generative honeypots. Proceedings of the 2023 ACM Workshop on Artificial Intelligence and Security (AISec).
