LLM Honeypot with Beelzebub framework

Mario: You can’t defend. You can’t prevent. The only thing you can do is detect and respond. By Bruce Schneier

Overview

As cybercrime continues to be a major threat to businesses and individuals, it’s important to have effective measures in place to detect attacks.

One such measure is the use of a honeypot, a computer system that is set up to attract and trap cybercriminals or malware in order to study their behavior.

Traditionally, we have two types of honeypots. Low-interaction honeypots rely on static data and rules, making them easily detectable by cybercriminals or malware. Another solution is high-interaction honeypots, which are fully functional computer systems but require constant supervision.

That’s where LLM Honeypot comes in. You don’t have to supervise it, and it replicates a real environment.

LLM honeypot implemented with Beelzebub framework:

The following lines illustrate how to implement an AI honeypot using the Beelzebub framework.

apiVersion: "v1"
protocol: "ssh"
address: ":2222"
description: "SSH interactive LLM honeypot"
commands:
  - regex: "^(.+)$"
    plugin: "LLMHoneypot"
serverVersion: "OpenSSH"
serverName: "ubuntu"
passwordRegex: "^(root|qwerty|Smoker666|123456|jenkins|minecraft|sinus|alex|postgres|Ly123456)$"
deadlineTimeoutSeconds: 60
plugin:
   llmModel: "llama3"
   host: "http://example.com/api/chat" #default http://localhost:11434/api/chat

apiVersion: "v1"
protocol: "http"
address: ":8080"
description: "HTTP honeypot LLM
commands:
  - regex: "^(.+)$"
    plugin: "LLMHoneypot"
    statusCode: 200
plugin:
   llmModel: "gpt4-o"
   openAISecretKey: "sk-proj-123456"

For more information, please visit our Docs