AI-DRIVEN HONEYPOTS: REVOLUTIONIZING CYBERSECURITY RESPONSE

Abstract

This thesis presents a novel approach to cybersecurity by developing honeypots en- hanced with the LLaMA-3 model. These honeypots aim to revolutionize threat de- tection through dynamic and interactive capabilities. Traditional honeypots are often easily identified and bypassed by skilled attackers. To address this, the research fo- cuses on creating sophisticated decoy systems capable of engaging attackers for ex- tended periods. By leveraging LLaMA-3 for real-time, adaptive interactions, this study enhances the realism and efficacy of honeypots and deepens our understanding of at- tacker methodologies. The integration of advanced AI into honeypot frameworks was evaluated using the Levenshtein distance to measure response similarity between the honeypot and a real system. Results showed significant improvement in the honeypot’s ability to mimic real system behaviors, particularly for basic system information and user interaction commands. However, limitations such as the lack of persistent memory and areas for improvement in command coverage were identified. Future work should focus on implementing persistent memory, expanding command coverage, utilizing dif- ferent AI models, and fine-tuning models for enhanced response realism. This research represents a significant advancement in the application of AI for cybersecurity, offer- ing a promising path to improve threat detection, analysis, and understanding of cyber threats through prolonged attacker engagement.