Muris Sladić, a cybersecurity student in our Stratosphere Lab, was awarded for his research on using Large Language Models (LLM) in deception honeypots.

Since 1980, the IEEE Symposium on Security and Privacy has been the premier forum for presenting developments in computer security and electronic privacy. Following this story of success, IEEE initiated the European Symposium on Security and Privacy (EuroS&P), which is organized every year in a European city. The 9th EuroS&P edition was held at the University of Vienna.

At the workshop on Active Defense and Deception (AD&D), our bright student Muris Sladić presented his paper "LLM in the Shell: Generative Honeypots" which was co-authored by Carlos Catania, Sebastian Garcia and Veronica Valeros. This paper is part of Muris' larger work in deception honeypots using Large Language Models (LLM) including his master thesis which he successfully defended in June 2023.

Figure from the awarded paper: Process for evaluating the honeypot software. Users interact with the LLM honeypot and send answers with their assessment to be evaluated. Security experts compare the output of the LLM with the answers of the participants, determining for each answer if it was an FP/FN/TN/TP.

Abstract

Honeypots are essential tools in cybersecurity. However, most of them (even the high-interaction ones) lack the required realism to engage and fool human attackers. This limitation makes them easily discernible, hindering their effectiveness. This work introduces a novel method to create dynamic and realistic software honeypots based on Large Language Models. Preliminary results indicate that LLMs can create credible and dynamic honeypots capable of addressing important limitations of previous honeypots, such as deterministic responses, lack of adaptability, etc. We evaluated the realism of each command by conducting an experiment with human attackers who needed to say if the answer from the honeypot was fake or not. Our proposed honeypot, called shelLM, reached an accuracy of 0.92. The source code and prompts necessary for replicating the experiments have been made publicly available. Read the full article here!