AI-Driven Honeypot: An Innovative Approach to Adaptive Cyber Security Defense

Authors

DOI:

https://doi.org/10.33333/lajc.vol13n2.01

Keywords:

honeypot, artificial intelligence, cybersecurity, adaptive deception, GPT-4o, intrusion detection

Abstract

As cyber threats continue to grow in sophistication, the need for intelligent and adaptive defense mechanisms becomes increasingly more critical. This research investigates the integration of Artificial Intelligence (AI) into a honeypot system to distract, mislead through deception, and engage potential cyber attackers. The primary research question to answer was: “How can AI-driven adaptive deception improve the effectiveness of honeypots in cybersecurity?” To address this, a high-interaction honeypot was developed on a HTML website to be perceived as a reverse shell, with the implementation of OpenAI’s GPT-4o model to respond, impersonating a Linux terminal, while silently tracking and logging the attacker, and classifying all commands into three sub-categories – Safe, Suspicious and Malicious. The core methods included command logging, AI-driven risk classification, dynamic fake filesystem manipulation, and the escalation of behavior based on the attacker's actions. Attack simulations were performed by highly credible third-party cybersecurity experts to evaluate the honeypots effectiveness in engaging and tracking the attacker for as long as possible. The findings suggest that AI integration significantly improved the realism and engagement level of the honeypot, both in terms of enhancing intelligence gathering and the improvements from traditional static honeypots. However, full automation of behavioral escalation tuning remains an area to further explore. Overall, this study demonstrates that the integration of AI within traditional honeypot strategies can significantly enhance cyber defense systems.

Downloads

Download data is not yet available.

Author Biography

  • Shahrzad Zargari, Sheffield Hallam University

    Associate Head; Cyber Security and Computer Networks Subject Group Lead

References

[1] L. Spitzner, “Definitions of honeypots,” in Honeypots: Tracking Hackers, Boston, MA, USA: Addison-Wesley, 2002.

[2] C. H. Malin, T. Gudaitis, T. J. Holt, and M. Kilger, “Sweet deception: Honeypots,” in Deception in the Digital Age, Cambridge, MA, USA: Academic Press, 2017, pp. 227–239, doi: 10.1016/B978-0-12-411630-6.00009-8.

[3] N. El Kamel, M. Eddabbah, Y. Lmoumen, and R. Touahni, “A smart agent design for cyber security based on honeypot and machine learning,” Security and Communication Networks, vol. 2020, art. no. 8865474, 2020, doi: 10.1155/2020/8865474.

[4] P. Radoglou-Grammatikis, P. Sarigiannidis, P. Diamantoulakis, T. Lagkas, T. Saoulidis, E. Fountoukidis, and G. Karagiannidis, “Strategic honeypot deployment in ultra-dense beyond 5G networks: A reinforcement learning approach,” IEEE Trans. Emerg. Topics Comput., vol. 12, no. 2, pp. 643–655, 2024, doi: 10.1109/TETC.2022.3184112.

[5] R. D. Ravipati and M. Abualkibash, “A survey on different machine learning algorithms and weak classifiers based on KDD and NSL-KDD datasets,” Int. J. Artif. Intell. Appl. (IJAIA), vol. 10, no. 3, pp. 1–11, 2019, doi: 10.5121/ijaia.2019.10301.

[6] R. C. Joshi and A. Sardana, Honeypots: A New Paradigm to Information Security. Enfield, NH, USA: Science Publishers (CRC Press), 2011.

[7] X. Yang, J. Yuan, H. Yang, Y. Kong, H. Zhang, and J. Zhao, “A highly interactive honeypot-based approach to network threat management,” Future Internet, vol. 15, no. 4, art. no. 127, 2023, doi: 10.3390/fi15040127.

[8] S. Srinivasa, J. M. Pedersen, and E. Vasilomanolakis, “Gotta catch ‘em all: A multistage framework for honeypot fingerprinting,” Digital Threats: Research and Practice, vol. 4, no. 3, art. no. 28, 2023.

[9] H. T. Otal and M. A. Canbaz, “LLM honeypot: Leveraging large language models as advanced interactive honeypot systems,” in Proc. IEEE Conf. Communications and Network Security (CNS), 2024, doi: 10.1109/CNS62487.2024.10735607.

[10] S. B. Weber, M. Feger, and M. Pilgermann, “Don’t stop believin’: A unified evaluation approach for LLM honeypots,” IEEE Access, 2024, doi: 10.1109/ACCESS.2024.3472460.

[11] C. Vasilatos, D. J. Mahboobeh, H. Lamri, M. Alam, and M. Maniatakos, “LLMPot: Automated LLM-based industrial protocol and physical process emulation for ICS honeypots,” arXiv preprint, 2024.

[12] A. Sezgin and A. Boyacı, “DecoyPot: A large language model-driven web API honeypot for realistic attacker engagement,” Computers & Security, vol. 154, art. no. 104458, 2025, doi: 10.1016/j.cose.2025.104458.

[13] S. A. Kareem, R. C. Sachan, and R. K. Malviya, “AI-driven adaptive honeypots for dynamic cyber threats,” SSRN preprint, 2024, doi: 10.2139/ssrn.4966935.

[14] M. Balamurugan, “AI-enhanced honeypots for zero-day exploit detection and mitigation,” Int. J. Multidisciplinary Res., vol. 6, no. 6, 2024, doi: 10.36948/ijfmr.2024.v06i06.32866.

[15] S. O. Tortosa, R. Barchino, J. A. Medina-Merodio, J. J. Martínez-Herráiz, P. Lanka, K. Gupta, and C. Varol, “Intelligent threat detection – AI-driven analysis of honeypot data to counter cyber threats,” Electronics, vol. 13, no. 13, art. no. 2465, 2024, doi: 10.3390/electronics13132465.

[16] Cackalacky, “DIY generative AI driven honeypot – Savvyjuan,” YouTube, 7 Jul. 2024. [Online]. Available: https://www.youtube.com/watch?v=0rzEpiAfeos

[17] M. B. Ozkok, B. Birinci, O. Cetin, B. Arief, and J. Hernandez-Castro, “Honeypot’s best friend? Investigating ChatGPT’s ability to evaluate honeypot logs,” in Proc. ACM Int. Conf. Series, 2024, pp. 128–135, doi: 10.1145/3655693.3655716.

[18] OpenAI et al., “GPT-4 technical report,” arXiv preprint arXiv:2303.08774, 2023.

[19] J. Franco, A. Aris, B. Canberk, and A. S. Uluagac, “A survey of honeypots and honeynets for Internet of Things, Industrial Internet of Things, and cyber-physical systems,” IEEE Commun. Surveys Tuts., 2021.

[20] F. Setianto, E. Tsani, F. Sadiq, G. Domalis, D. Tsakalidis, and P. Kostakos, “GPT-2C: A GPT-2 parser for Cowrie honeypot logs,” 2021.

[21] D. Farrell and M. Kennedy, The Well-Grounded Python Developer: How the Pros Use Python and Flask. Shelter Island, NY, USA: Manning, 2023.

[22] V. Cutting and N. Stephen, “A review on using Python as a preferred programming language for beginners,” Int. Res. J. Eng. Technol. (IRJET), 2021. [Online]. Available: https://www.irjet.net

[23] R. Diver, “AI jailbreaks: What they are and how they can be mitigated,” Microsoft Security Blog, 4 Jul. 2024. [Online]. Available: https://www.microsoft.com/en-us/security/blog/2024/06/04/ai-jailbreaks-what-they-are-and-how-they-can-be-mitigated/

[24] A. Zakari, A. A. Lawan, and G. Bekaroo, “Towards improving the security of low-interaction honeypots: Insights from a comparative analysis,” in Lecture Notes in Electrical Engineering, vol. 416, 2017, pp. 314–321, doi: 10.1007/978-3-319-52171-8_28.

[25] Y. Kocaogullar, O. Cetin, B. Arief, C. Brierley, J. Pont, and J. Hernandez-Castro, “Hunting high or low: Evaluating the effectiveness of high-interaction and low-interaction honeypots,” 2025.

[26] N. Ilg, P. Duplys, D. Sisejkovic, and M. Menth, “A survey of contemporary open-source honeypots, frameworks, and tools,” J. Netw. Comput. Appl., vol. 220, art. no. 103737, 2023, doi: 10.1016/j.jnca.2023.103737.

[27] A. Javadpour, F. Ja’fari, T. Taleb, M. Shojafar, and C. Benzaïd, “A comprehensive survey on cyber deception techniques to improve honeypot performance,” Computers & Security, vol. 140, art. no. 103792, 2024, doi: 10.1016/j.cose.2024.103792.

[28] U. Bartwal, S. Mukhopadhyay, R. Negi, and S. Shukla, “Security orchestration, automation, and response engine for deployment of behavioral honeypots,” in Proc. 5th IEEE Conf. Dependable and Secure Computing (DSC), 2022, doi: 10.1109/DSC54232.2022.9888808.

[29] M. Oosterhof, “Cowrie: SSH/Telnet honeypot,” GitHub Repository. [Online]. Available: https://github.com/cowrie/cowrie (accessed Mar. 24, 2025).

[30] Computer Security Resource Center (CSRC), “Honeypot – Glossary,” NIST, CNSSI 4009-2015 from IETF RFC 4949 v2. [Online]. Available: https://csrc.nist.gov/glossary/term/honeypot (accessed Apr. 9, 2025).

[31] L. Zhang and Vrizlynn. L. L. Thing, “Three Decades of Deception Techniques in Active Cyber Defense - Retrospect and Outlook,” Computers & Security, vol. 106, p. 102288, Apr. 2021, doi: https://doi.org/10.1016/j.cose.2021.102288.

[32] L. Teo, Y. . -A. Sun and G. . -J. Ahn, "Defeating Internet attacks using risk awareness and active honeypots," Second IEEE International Information Assurance Workshop, 2004. Proceedings., Charlotte, NC, USA, 2004, pp. 155-167, doi: https://doi.org/10.1109/IWIA.2004.1288045

Downloads

Published

2026-07-07

Issue

Section

Research Articles for the Regular Issue

How to Cite

[1]
“AI-Driven Honeypot: An Innovative Approach to Adaptive Cyber Security Defense”, LAJC, vol. 13, no. 2, pp. 14–29, Jul. 2026, doi: 10.33333/lajc.vol13n2.01.