Top 12 Study Abroad Scholarships 2025 for International Students
Explore the best study abroad scholarships 2025 for global students. Find funding for tuition, travel, and more—start your journey today!
Exploring Splunk's DECEIVE: An AI-Generated Honeypot Program
Table of contents [Show]
In this post, we’ll dive into Splunk’s DECEIVE, an AI-generated honeypot program designed to detect and analyze suspicious SSH activity. Created by David Bianco, DECEIVE uses AI to create high-fidelity honeypots that mimic real systems, making it a powerful tool for cybersecurity professionals. Let’s explore how it works and how you can set it up in your lab environment.
DECEIVE is a proof-of-concept honeypot powered by AI. It simulates realistic systems, such as a video game developer’s environment or a financial company’s server, to lure attackers. Once an attacker interacts with the honeypot, DECEIVE logs their activity and generates a session summary using AI. This summary evaluates the commands entered, their intent, and whether they are benign, suspicious, or malicious.
Key features of DECEIVE include:
Here’s a step-by-step guide to setting up DECEIVE in your lab environment:
git clone https://github.com/splunk/deceive.git
.pip3 install -r requirements.txt
.config.ini.template
file to config.ini
and customize it with your OpenAI API key and other settings.python3 ./ssh_server.py
.Once the honeypot is running, you can SSH into it and interact with the simulated environment.
DECEIVE allows you to customize the honeypot to mimic different environments. For example, you can change the prompt in the prompt.txt
file to simulate a financial company’s server instead of a video game developer’s system. Here’s an example of a customized prompt:
You are a CEO at a financial company. The system includes financial documents, disclosures, reports, personal notes, and calendar invites. The internet-facing mail server is for a big tech company with state-sponsored facilities in Virginia. Valid user accounts include admin and guest.
This customization makes the honeypot more convincing and tailored to your needs.
After an attacker interacts with the honeypot, DECEIVE generates a session summary in JSON format. This summary includes:
For example, if an attacker navigates through directories and inspects files, the AI might classify the activity as “suspicious” and note that it aligns with early stages of an attack.
DECEIVE offers several advantages for cybersecurity professionals:
While DECEIVE is currently a proof-of-concept, it has the potential to become a powerful tool for detecting and analyzing cyber threats.
Splunk’s DECEIVE is an innovative AI-generated honeypot that brings a new level of realism and intelligence to cybersecurity. By simulating realistic systems and providing detailed session summaries, DECEIVE helps professionals better understand and defend against cyber threats. While it’s not yet production-ready, it’s a promising tool for lab environments and future development.
For a more detailed walkthrough, check out the YouTube video. Thanks for reading, and stay tuned for more cybersecurity insights!
Alice could not help thinking there MUST be more to be otherwise than what it meant till now.' 'If.
Explore the best study abroad scholarships 2025 for global students. Find funding for tuition, travel, and more—start your journey today!
Discover the best CRM software for small business in 2025! Manage leads, boost sales, and grow smarter with top tools built for small teams.
Looking for a car accident lawyer in the USA? Explore the top 7 attorneys, legal tips, and what to expect after a crash. Learn your rights now!