- International Journal of Innovative Engineering Applications
- Cilt: 9 Sayı: 2
- Adaptive Honeypot Systems via RAG: Enhancing Threat Intelligence with Generative AI
Adaptive Honeypot Systems via RAG: Enhancing Threat Intelligence with Generative AI
Authors : Anıl Sezgin
Pages : 175-183
Doi:10.46460/ijiea.1797978
View : 88 | Download : 451
Publication Date : 2025-12-29
Article Type : Research Paper
Abstract :Honeypots have long been invaluable resources for intrusion detection and cyber threat intelligence, yet they suffer from an intractable trade-off: low-interaction systems are too artificial, and high-interaction systems pose operational risks and scalability challenges. This paper introduces a new honeypot architecture that uses Retrieval-Augmented Generation (RAG) with the Llama 3.1 8B model to overcome this fidelity–risk dilemma. Instead of running live commands, our system uses a curated database of sanitized command–output pairs for historic Linux commands. When an attacker issues a command, the highest-relevant historic output is recalled and contextualized via Large Language Model (LLM), and the response is empirically informed and dynamically flexible. This architecture maintains realistic interactions without allowing compromise. We built an extensible pipeline spanning data acquisition, preprocessing, retrieval, and response generation, complemented with logging for threat intelligence purposes. Evaluation was performed on six hundred canonical Linux commands using BLEU and ROUGE metrics. Analysis indicates that the RAG-enhanced variant is an order-of-magnitude improvement beyond vanilla LLM setup, with BLEU and ROUGE-L scores rising from 0.04 and 0.24, respectively, to 0.47 and 0.72, respectively. Beyond quantitative fidelity, qualitative analysis indicates that RAG strongly diminishes hallucinations, secures session consistency, and enhances attacker engagement. Extended and more coherent adversary sessions give the defender richer behavioral context with less compromise detection risk. This proposed system illustrates that generative AI, when tied to empirical basis, can achieve high-fidelity deception without operational exposure. Findings demonstrate not only the technical possibility of RAG-based honeypots but also their promise for use in scalable, adaptive, and safe deception resources for both research infrastructures and operational uses.Keywords : Büyük dil modelleri, tehdit istihbaratı, uyarlanabilir honeypot sistemleri
ORIGINAL ARTICLE URL