search

cis3296f24 / Section3ProjectPresentation

cis3296f24-classroom-project-presentation-ProjectsFeedbackBoard-template created by GitHub Classroom
0 stars 0 forks source link

Honeypot Shell with LLM #9

Open SarkerM1 opened 3 days ago

SarkerM1 commented 3 days ago

Project Abstract

This document proposes an application of Honeypot in a Linux Shell using LLM. A Honeypot is used to distract attackers from real targets by luring them into a fake environment. When the attacker is in this environment, they will interact with fake applications, in which we will attempt to analyze the purpose of the attacker’s breach. In many cases, attackers are able to differential between a real terminal and a fake one. By using an LLM, we can generate linux-like responses to lure the attacker for a longer period of time.

Conceptual Design

Based on the initial design concept, it will use Python and a LLM to create an interactive shell. A large portion of this project will revolve around prompt engineering. A web framework will also be implemented so that it can display logs as well as return analysis of the attacker’s purpose of breaching. While the attacker is breaching the “shell,” we will receive real-time report on what is supposedly being executed.

Proof of Concept

For Proof of Concept, we should begin with installation of dependencies. First, since we will be coding primarily in python, we must download Python from the official website. We should obtain the appropriate API key for the Generative AI. This will be used to gain access to our model. In our initial example, we will be using Google Gemini API. We must install the libraries related to this LLM. It can be done using the following commands:

pip install google-generativeai

This will install the Google AI Python SDK. Place your API Key and the user should be ready to run the sample code below. 

import google.generativeai as genai
import os

#This sets the Google API Key for Gemini into our environment
#For Security Purposes, this would typically be in a different file
os.environ['GOOGLE_API_KEY'] = ''

genai.configure(api_key=os.environ["GOOGLE_API_KEY"])

model = genai.GenerativeModel(model_name="gemini-1.5-flash-002", system_instruction="You are a linux terminal. When I enter a linux command, you will respond like a typical linux terminal." + """Your default file list is
                            Desktop
                            Documents
                            Music
                            Pictues """ + """Do not use user@localhost. Instead, let the localhost be 'temple.edu' and let the user be 'temp'.""")

pwd = "temp@temple.edu"

n = 0
while(n < 3):
    prompt = input(pwd + "$: ")
    response = model.generate_content([prompt, "\n\n"])
    print(response.text)
    n += 1

print("\n\nSuccessful Quit")

#Removes the Gemini API Key from OS environment
os.environ.pop('GOOGLE_API_KEY')

Note, that while the above response is not accurate for our scenario, it should be sufficient enough to display the generative capabilities of the LLM.

Background

Original inspiration came from an article from Penn State, “HoneyLLM: Enabling Shell Honeypots with Large Language Models” [1]. At the moment, I have not noticed any open-source potion of this code. On the other hand, we have SheLLM, [2] where the user creates a Shell LLM using ChatGPT API. This code is open source. We intend to create a similar project from scratch using Google Gemini and real-time logging and analysis that will be displayed on our website.

Required Resources

For this project, there are no hardware requirements. As for software resources, we need a an API Key for the LLM of our choice. Other than that, we would just need to download the appropriate dependencies and software to implement all the features requested.

References

[1] C. Guan, G. Cao and S. Zhu, "HoneyLLM: Enabling Shell Honeypots with Large," Department of Computer Science and Engineering, Pennsylvania State Univesity.

[2] M. Sladic, V. Valeros, C. Catania and S. Garcia, "SheLLM (Version 1.0.0) [Computer software]. https://github.com/stratosphereips/SheLLM," 2023.

SLIDES:

Project Proposal Presentation

https://docs.google.com/presentation/d/133r5aS7rjYUezYZgXyHIvDnDNnxSdcXVx67HZTVmf7k/edit?usp=sharing

JonCherryy commented 18 hours ago

I would love to learn how the network & programming languages can interact, especially in a cybersecurity environment. I've been reading up on network+ course material to help understand PowerShell and this project is a perfect place perfect time. It's very helpful to have a reference code that's well-documented so that other members can pick up the new concepts.

I can help contribute to the Python codebase and web framework. My proficiency is Python has dwindled since Freshman year but the concepts will never leave. If you need a log of access to the network, PowerShell is great for monitoring personal networks and creating a database.