Journal of Advances in Cryptography and Network Security

As cyber threats become more sophisticated, traditional security measures struggle to detect and mitigate advanced attacks. This paper introduces ThreatHive, an AI- powered Intrusion Detection System (IDS) integrated with a honeypot to enhance attacker behavior analysis and threat intelligence. The system employs machine learning models, including LightGBM, trained on the CICIDS-2017 dataset to detect various cyberattacks in real time. Upon identifying a threat, the system automatically redirects attackers to the Honeypot via a PFSense firewall, where their interactions are logged for further analysis. Threat intelligence is visualized using Elastic Stack (Elasticsearch, Kibana), providing real-time insights into attack patterns. Additionally, the captured data feeds back into the AI model, improving future detection accuracy. Experimental evaluations demonstrate the system’s effectiveness in mitigating both brute force and complex cyberattacks, making it a robust and adaptive cybersecurity solution.

J. B. Garcia, High-Interaction Honeypots using Docker: a scalable approach, International Journal of Cybersecurity Engineering, vol. 5, no. 1, pp. 83-98, 2023

A. Auti, J. Makwana, S. Pagar, V. Mishra, and S. Borade, HoneyTrack: An improved Honeypot, IEEE International Students' Conference on Electrical, Electronics and Computer Science (SCEECS), doi: 10.1109/SCEECS57921.2023.10063105,2023.

M. R. Amal and P. Venkadesh, H-DOCTOR: Honeypot-based Firewall Tuning for attack prevention, Measurement: Sensors, vol. 25, pp. 100664, 2024.

J. Ren and Q. Zhi, An efficient Multiplex Network Model for effective Honeypot roaming against DDoS attacks, IEEE Transactions on Network Science and Engineering, vol. 11, no. 2, pp. 148-164, 2024.

T. Yu, Y. Xin, and C. Zhang, HoneyFactory: Container-based comprehensive cyber deception Honeynet Architecture, MDPI Electronics, vol. 19, no. 2, pp. 361-378, 2023.

K. Ke, J. Liu, and M. Chen, LightGBM: A highly efficient Gradient Boosting Model for Honeypot-Based Cybersecurity, Neural Information Processing Systems (NeurIPS), pp. 233-250, 2017.

M. Deshpande, R. Patel, and S. Sharma, Kippo Honeypot for Secure SSH Monitoring, International Journal of Cyber Security and Digital Forensics, vol. 5, no. 2, pp. 67-78, 2016.

V. Paxson, Suricata: Next-Generation Intrusion Detection, ACM Transactions on Information and System Security, vol. 12, no. 4, pp. 1-22, 2010.

M. Roesch, Snort: lightweight Intrusion Detection for networks, USENIX Security Symposium, 1999

P. Kandanaarachchi, M. Kaushalya, and L. Perera, Honeyboost: A Machine Learning-based adaptive Honeypot for real-time threat analysis, IEEE Transactions on Information Forensics, vol. 27, no. 1, pp. 104-120, 2022.