HoneyGAN Pots: A Deep Learning Approach for Generating Honeypots
Ryan Gabrys, Daniel Silva, Mark Bilinski
TL;DR
This work investigates using generative adversarial networks to create realistic decoy configurations for low-interaction honeypots, addressing the challenge of selecting and generating effective decoys. A simple data model and two conditional GANs (OS- and device-type-conditioned) are proposed to generate network configurations conditioned on OS or service types, with an unconditional GAN providing diverse outputs. Evaluation using precision-recall distributions shows strong fidelity for generated configurations and robustness against honeypot detectors, while conditional models offer controllability at some cost to PRD. HoneyD-based experiments using GAN-generated decoys yield Karma values comparable to real configurations, underscoring the practical potential of GAN-driven decoy generation for proactive cyber defense.
Abstract
This paper investigates the feasibility and effectiveness of employing Generative Adversarial Networks (GANs) for the generation of decoy configurations in the field of cyber defense. The utilization of honeypots has been extensively studied in the past; however, selecting appropriate decoy configurations for a given cyber scenario (and subsequently retrieving/generating them) remain open challenges. Existing approaches often rely on maintaining lists of configurations or storing collections of pre-configured images, lacking adaptability and efficiency. In this pioneering study, we present a novel approach that leverages GANs' learning capabilities to tackle these challenges. To the best of our knowledge, no prior attempts have been made to utilize GANs specifically for generating decoy configurations. Our research aims to address this gap and provide cyber defenders with a powerful tool to bolster their network defenses.