The reviewed record of science sign in
Pith

arxiv: 2406.01882 · v2 · pith:3XJKEVCY · submitted 2024-06-04 · cs.CR · cs.AI· cs.ET· cs.SE

HoneyGPT: Breaking the Trilemma in Terminal Honeypots with Large Language Model

Reviewed by Pithpith:3XJKEVCYopen to challenge →

classification cs.CR cs.AIcs.ETcs.SE
keywords honeygptengagementevaluationbaselinecomparisondeceptiondepthengineering
0
0 comments X
read the original abstract

Honeypots, as a strategic cyber-deception mechanism designed to emulate authentic interactions and bait unauthorized entities, often struggle with balancing flexibility, interaction depth, and deception. They typically fail to adapt to evolving attacker tactics, with limited engagement and information gathering. Fortunately, the emergent capabilities of large language models and innovative prompt-based engineering offer a transformative shift in honeypot technologies. This paper introduces HoneyGPT, a pioneering shell honeypot architecture based on ChatGPT, characterized by its cost-effectiveness and proactive engagement. In particular, we propose a structured prompt engineering framework that incorporates chain-of-thought tactics to improve long-term memory and robust security analytics, enhancing deception and engagement. Our evaluation of HoneyGPT comprises a baseline comparison based on a collected dataset and a three-month field evaluation. The baseline comparison demonstrates HoneyGPT's remarkable ability to strike a balance among flexibility, interaction depth, and deceptive capability. The field evaluation further validates HoneyGPT's superior performance in engaging attackers more deeply and capturing a wider array of novel attack vectors.

This paper has not been read by Pith yet.

discussion (0)

Sign in with ORCID, Apple, or X to comment. Anyone can read and Pith papers without signing in.

Forward citations

Cited by 3 Pith papers

Reviewed papers in the Pith corpus that reference this work. Sorted by Pith novelty score.

  1. Honeyval: A Comprehensive Evaluation Framework for LLM-powered HTTP Honeypots

    cs.CR 2026-05 unverdicted novelty 7.0

    Honeyval evaluates LLM HTTP honeypots with AI attackers and shows they produce longer interactions, lower detection rates, and cost advantages over rule-based baselines.

  2. Honeypot Protocol

    cs.CR 2026-04 unverdicted novelty 7.0

    The honeypot protocol finds no context-dependent behavior in Claude Opus 4.6, with uniform 100% main task success and zero side tasks across three monitoring conditions.

  3. Ghost Without Shell: Measuring Non-Interactive SSH Attacks on Honeypots

    cs.CR 2026-06 unverdicted novelty 6.0

    Large-scale SSH honeypot deployment shows 99.23% of authenticated sessions are non-interactive, suggesting most attacks do not involve shell interaction.