AI - Enabled Honeypot

Abstract

The growing prevalence and impact of cyber-attacks have led many countries to rank cybersecurity failure as a top risk. Honeypots offer a means to detect attacks and enhance security measures by enticing attackers to compromised devices and collecting data during their interactions. Although Artificial Intelligence (AI) has the potential to strengthen cybersecurity by detecting attacks more quickly and accurately, its adoption in practice remains limited. This project was developed to address the increasing number of cyber-attacks in the era of cloud computing and remote work. The study employed a unique methodology of using AI and Machine Learning to identify patterns in data and improve security measures. The research focused on SSH attacks, which involved mass scanning, brute force attacks, reconnaissance commands, and file uploads. The data extracted from the Cowrie log files was heterogeneous, making it challenging to analyze and utilize for training a machine learning model. To address this, feature engineering was performed to create new features and transform existing ones. The study shifted from a binary classification of traffic to analyzing the behaviour of attackers and predicting their next moves. The machine learning algorithm used was LSTM, which achieved an accuracy of 98% after tuning the parameters. The study concluded that AI could ease the burden on SOC analysts and allow them to be more productive by learning adaptively and finding new patterns that could speed up the process of identifying, containing, and responding to attacks.

Keywords: AI honeypot, Cyber-attacks, ELK stack, LSTM, Machine learning, SSH attacks.

View PDF