Real Time Intrusion Detection Using Honeypots and Large Language Models
摘要
Cybersecurity is a crucial area in today’s world, and one of the major challenges organizations face is protecting their infrastructures and data, etc. Using Intrusion Detection Systems (IDS) or SIEM has limitations. In this study, we propose a novel approach using Large Language Models (LLMs) to visualize and analyze in real-time threat intelligence with the ELK Stack (Elasticsearch, Logstash, Kibana). In this paper, honeypots play the role of decoy systems to attract attackers and collect behavior data. Our methodology involves deploying a cluster of honeypots such as Cowrie, Dionea, and Mailoney, integrated with the ELK Stack through a pipeline that centralizes and stores data collected from different logs generated by these honeypots, which is then visualized through a dashboard. The difference between this work and previous papers is the integration of honeypots with APIs, like the Mistral or DeepSeek models, which can simulate realistic responses to attacker commands and generate incident reports. As a result of the application, we demonstrated various attacks types, for example, brute-force attacks, to identify common credentials. This research ensures the potential of emerging deception techniques driven by AI for scalability and proactive security solutions.