Intelligent Honeypot Threat Detection and Reputation System Analysis

Honeypots are effective network security systems built to study the tactics of attackers and their intents. In this paper, we deployed honeypot to analyze Secure Shell attacks. Both the dictionary attack and intrusion activities of attackers have been discussed and we collected usernames and passwords that are attempted by dictionary attack targeting Secure Shell service. We have traced the frequently attacking machines based on their IP addresses. We have also recorded the command they executed after successful logins to the Secure Shelf only pot server. We logged a vast amount of connection requests destined to a number of ports originating from different locations of the world. From our honeypot system, we have collected attack data that enables us to. Index Terms—Secure Shell, Dictionary Dionaea, Honeypot, Intrusion. This honeypot involves the design, development, and deployment of a low-interaction, SSH honeypot to attract detect, and analyze automated and manual cyberattacks in real-time. The honeypot acts as a decoy system, mimicking a vulnerable SSH service to lure attackers away from legitimate network resources. The primary goal is to gather threat intelligence, including attacker IP addresses, usernames, passwords, and executed command attempts, without compromising actual production systems. The project will utilize tools like shodan and virus total or a custom script built with a Python library and deploy it on a virtual private server (VPS) for exposure to internet traffic. SSH honeypot infrastructure, leveraging techniques such as emulation and deception to lure potential attackers.