Integrating Generative AI into Honeypots for Capturing Botnets
Abstract
A honeypot is a defense technique that complements defense systems, which are generally composed of firewalls and intrusion detection systems. A honeypot consists of a "bait" system that simulates attractive and vulnerable targets for potential attackers. In this article, we address the problem of the lack of dynamism in traditional honeypots, which are based on static scripts, with a special focus on botnet-type threats. To tackle this problem, the proposed solution integrates a large language model into a honeypot, capable of interacting with the attacker by dynamically imitating a target device. The open-source tool Cowrie was used as the traditional reference honeypot to receive functionalities from the large language model, including command response generation, log data analysis, and the emission of alerts and actions. Regarding the evaluation, tests were conducted to measure the accuracy of the command responses produced by the proposed honeypot, the time required for response generation, and the number of tokens. The obtained results reveal the viability of the proposed integration, showing that a large language model is a promising alternative for honeypots to achieve a higher level in deceiving attackers, especially botnets.References
Bagui, S. e Li, K. (2021). Resampling imbalanced data for network intrusion detection datasets. Journal of Big Data, 8(1):6.
Bertino, E. e Islam, N. (2017). Botnets and internet of things security. Computer, 50(2):76–79.
Christli, J. A., Lim, C., e Andrew, Y. (2024). Ai-enhanced honeypots: Leveraging llm for adaptive cybersecurity responses. In 2024 16th International Conference on Information Technology and Electrical Engineering (ICITEE), pages 451–456. IEEE.
Guan, C., Cao, G., e Zhu, S. (2024). Honeyllm: Enabling shell honeypots with large language models. In 2024 IEEE Conference on Communications and Network Security (CNS), pages 1–9.
Guan, C., Liu, H., Cao, G., Zhu, S., e La Porta, T. (2023). Honeyiot: Adaptive high-interaction honeypot for iot devices through reinforcement learning. In Proceedings of the 16th ACM Conference on Security and Privacy in Wireless and Mobile Networks, pages 49–59.
Koroniotis, N., Moustafa, N., Sitnikova, E., e Turnbull, B. (2019). Towards the development of realistic botnet dataset in the internet of things for network forensic analytics: Bot-iot dataset. Future Generation Computer Systems, 100:779–796.
Kristyanto, M. A. e Louk, M. H. L. (2024). Evaluation and comparison of the use of reinforcement learning algorithms on ssh honeypot. Teknika, 13(1):77–85.
Ma, L., Chen, M., e Liu, L. (2024). Vdh: a dynamic honeynet technology based on game theory. In Fourth International Conference on Machine Learning and Computer Application (ICMLCA 2023), volume 13176, pages 430–438. SPIE.
Memos, V. A. e Psannis, K. E. (2022). Nfv-based scheme for effective protection against bot attacks in ai-enabled iot. IEEE Internet of Things Magazine, 5(1):91–95.
Omar, A. H. E., Soubra, H., Moulla, D. K., e Abran, A. (2024). An innovative honeypot architecture for detecting and mitigating hardware trojans in iot devices. IoT, 5(4):730–755.
Trajanovski, T. e Zhang, N. (2021). An automated and comprehensive framework for iot botnet detection and analysis (iot-bda). IEEE Access, 9:124360–124383.
Winkler, I. e Gomes, A. T. (2016). Advanced persistent security: a cyberwarfare approach to implementing adaptive enterprise protection, detection, and reaction strategies. Syngress.
Zhang, W., Zhang, B., Zhou, Y., He, H., e Ding, Z. (2019). An iot honeynet based on multiport honeypots for capturing iot attacks. IEEE Internet of Things Journal, 7(5):3991–3999.
Bertino, E. e Islam, N. (2017). Botnets and internet of things security. Computer, 50(2):76–79.
Christli, J. A., Lim, C., e Andrew, Y. (2024). Ai-enhanced honeypots: Leveraging llm for adaptive cybersecurity responses. In 2024 16th International Conference on Information Technology and Electrical Engineering (ICITEE), pages 451–456. IEEE.
Guan, C., Cao, G., e Zhu, S. (2024). Honeyllm: Enabling shell honeypots with large language models. In 2024 IEEE Conference on Communications and Network Security (CNS), pages 1–9.
Guan, C., Liu, H., Cao, G., Zhu, S., e La Porta, T. (2023). Honeyiot: Adaptive high-interaction honeypot for iot devices through reinforcement learning. In Proceedings of the 16th ACM Conference on Security and Privacy in Wireless and Mobile Networks, pages 49–59.
Koroniotis, N., Moustafa, N., Sitnikova, E., e Turnbull, B. (2019). Towards the development of realistic botnet dataset in the internet of things for network forensic analytics: Bot-iot dataset. Future Generation Computer Systems, 100:779–796.
Kristyanto, M. A. e Louk, M. H. L. (2024). Evaluation and comparison of the use of reinforcement learning algorithms on ssh honeypot. Teknika, 13(1):77–85.
Ma, L., Chen, M., e Liu, L. (2024). Vdh: a dynamic honeynet technology based on game theory. In Fourth International Conference on Machine Learning and Computer Application (ICMLCA 2023), volume 13176, pages 430–438. SPIE.
Memos, V. A. e Psannis, K. E. (2022). Nfv-based scheme for effective protection against bot attacks in ai-enabled iot. IEEE Internet of Things Magazine, 5(1):91–95.
Omar, A. H. E., Soubra, H., Moulla, D. K., e Abran, A. (2024). An innovative honeypot architecture for detecting and mitigating hardware trojans in iot devices. IoT, 5(4):730–755.
Trajanovski, T. e Zhang, N. (2021). An automated and comprehensive framework for iot botnet detection and analysis (iot-bda). IEEE Access, 9:124360–124383.
Winkler, I. e Gomes, A. T. (2016). Advanced persistent security: a cyberwarfare approach to implementing adaptive enterprise protection, detection, and reaction strategies. Syngress.
Zhang, W., Zhang, B., Zhou, Y., He, H., e Ding, Z. (2019). An iot honeynet based on multiport honeypots for capturing iot attacks. IEEE Internet of Things Journal, 7(5):3991–3999.
Published
2025-09-29
How to Cite
REIS, Cleber; LOURENÇO, Eduardo; SANTOS, Reginaldo; RIKER, André.
Integrating Generative AI into Honeypots for Capturing Botnets. In: NATIONAL MEETING ON ARTIFICIAL AND COMPUTATIONAL INTELLIGENCE (ENIAC), 22. , 2025, Fortaleza/CE.
Anais [...].
Porto Alegre: Sociedade Brasileira de Computação,
2025
.
p. 688-699.
ISSN 2763-9061.
DOI: https://doi.org/10.5753/eniac.2025.14010.
