Open SarkerM1 opened 3 days ago
I would love to learn how the network & programming languages can interact, especially in a cybersecurity environment. I've been reading up on network+ course material to help understand PowerShell and this project is a perfect place perfect time. It's very helpful to have a reference code that's well-documented so that other members can pick up the new concepts.
I can help contribute to the Python codebase and web framework. My proficiency is Python has dwindled since Freshman year but the concepts will never leave. If you need a log of access to the network, PowerShell is great for monitoring personal networks and creating a database.
Project Abstract
This document proposes an application of Honeypot in a Linux Shell using LLM. A Honeypot is used to distract attackers from real targets by luring them into a fake environment. When the attacker is in this environment, they will interact with fake applications, in which we will attempt to analyze the purpose of the attacker’s breach. In many cases, attackers are able to differential between a real terminal and a fake one. By using an LLM, we can generate linux-like responses to lure the attacker for a longer period of time.
Conceptual Design
Based on the initial design concept, it will use Python and a LLM to create an interactive shell. A large portion of this project will revolve around prompt engineering. A web framework will also be implemented so that it can display logs as well as return analysis of the attacker’s purpose of breaching. While the attacker is breaching the “shell,” we will receive real-time report on what is supposedly being executed.
Proof of Concept
For Proof of Concept, we should begin with installation of dependencies. First, since we will be coding primarily in python, we must download Python from the official website. We should obtain the appropriate API key for the Generative AI. This will be used to gain access to our model. In our initial example, we will be using Google Gemini API. We must install the libraries related to this LLM. It can be done using the following commands:
pip install google-generativeai
This will install the Google AI Python SDK. Place your API Key and the user should be ready to run the sample code below.
Note, that while the above response is not accurate for our scenario, it should be sufficient enough to display the generative capabilities of the LLM.
Background
Original inspiration came from an article from Penn State, “HoneyLLM: Enabling Shell Honeypots with Large Language Models” [1]. At the moment, I have not noticed any open-source potion of this code. On the other hand, we have SheLLM, [2] where the user creates a Shell LLM using ChatGPT API. This code is open source. We intend to create a similar project from scratch using Google Gemini and real-time logging and analysis that will be displayed on our website.
Required Resources
For this project, there are no hardware requirements. As for software resources, we need a an API Key for the LLM of our choice. Other than that, we would just need to download the appropriate dependencies and software to implement all the features requested.
References
[1] C. Guan, G. Cao and S. Zhu, "HoneyLLM: Enabling Shell Honeypots with Large," Department of Computer Science and Engineering, Pennsylvania State Univesity.
[2] M. Sladic, V. Valeros, C. Catania and S. Garcia, "SheLLM (Version 1.0.0) [Computer software]. https://github.com/stratosphereips/SheLLM," 2023.
SLIDES:
https://docs.google.com/presentation/d/133r5aS7rjYUezYZgXyHIvDnDNnxSdcXVx67HZTVmf7k/edit?usp=sharing