Large Language Models as Defensive Honeypots
Coach Name
Dr. Juan Juan
EU Organization
Czech Technical University (CTU)
Members
- Sebastian Garcia
- Muris Sladic
- Veronica Valeros
- Carlos Catania
CA Organization
University of Montreal (UofM)
Members
- Masarah Paquet-Clouston
Project Overview
Melisseus aims to revolutionize cybersecurity by creating a high-interaction, AI-driven honeypot system. The project’s primary focus is on defending organizations from cyberattacks through advanced deception techniques. By simulating realistic systems using AI, Melisseus engages attackers in a controlled environment, making it possible to detect and delay attacks while gathering critical intelligence. Its high fidelity and ease of deployment ensure that organizations can enhance their security without risking their production systems.
The project’s AI-powered deception technologies are designed to mimic real systems, creating fake environments where attackers believe they are making progress, but in reality, they are being monitored and studied. This approach offers an innovative and practical solution for both large enterprises and smaller organizations looking to protect their sensitive data and systems.
Methods and approaches
High-Interaction Honeypots
The project uses high-interaction honeypots driven by AI to create a realistic environment that attracts and engages attackers.
Deception-Based Security
By redirecting attackers to simulated systems, the solution buys time for defenders, allows for the collection of detailed attack patterns, and improves overall threat intelligence.
SSH-Based Redirection
The system uses SSH-based redirection to secure the honeypot setup, ensuring that production systems remain safe while attackers interact with the decoy system.
Collaborative Research
The collaboration with the University of Montreal focused on criminology-based attacker behavior modeling to refine the honeypot's deception capabilities.
Key Achievements
Innovative Honeypot System
Successfully developed an AI-driven honeypot that simulates realistic system environments, creating a robust and dynamic defense against cyberattacks.
Validation Through Peer-Review
The project’s research was peer-reviewed and presented at top cybersecurity conferences such as BlackHat EU 2024 and IEEE EuroS&P Workshops.
Commercialization and Research
While technical milestones have been achieved, the project is continuing to work on commercialization strategies, including partnerships with cybersecurity firms.
Publications and Recognition
Awarded the best short-paper award at EuroS&P 2024 for research on AI-driven deception technologies in cybersecurity. Published research on the effectiveness of AI-driven honeypots in industry-leading journals.
Impact & Results
Enhanced Organizational Security
By using Melisseus' AI-driven honeypots, organizations can detect and neutralize cyber threats more effectively, with faster response times and deeper insights into attack methodologies.
Decreased Attack Success
The project significantly increases the difficulty of executing successful attacks on systems protected by Melisseus, providing a robust defense mechanism.
Knowledge Sharing
Through various conferences and publications, Melisseus has contributed to advancing the academic and practical understanding of cyber deception, benefiting the broader cybersecurity community.
Path to Commercialization
While the technology is still evolving, Melisseus has already made significant strides toward commercialization, focusing on integrating its technology with existing cybersecurity solutions.
Publications and Open-Source Contributions
- LLM in the Shell: Generative Honeypots: Presented at the 2024 IEEE European Symposium on Security and Privacy Workshops (EuroS&PW). Read more
- Best Short Paper Award at EuroS&P 2024: Award Announcement
- VelLMes, a high-interaction AI-based deception framework: Presentation at BlackHat EU 2024. Watch Presentation
- GitHub Repository: Melisseus Project on GitHub
Future directions
Product Commercialization
The team is actively working on refining the product for market readiness, aiming to establish commercial partnerships with major cybersecurity firms.
Next-Gen Research
Ongoing research to improve the technology, focusing on advanced AI models for even more sophisticated attacker profiling and deception.
Expanding the Ecosystem
Plans to expand the application of the technology, including extending support for additional protocols and improving the adaptability of the system.
Open-Source Collaboration
Continue to engage with open-source communities to refine the honeypot system, ensuring it stays compatible with widely-used cybersecurity frameworks and tools.