Sunday, May 18, 2025
HomeAISplunk Introduces "DECEIVE" an AI-Powered Honeypot to Track Cyber Threats

Splunk Introduces “DECEIVE” an AI-Powered Honeypot to Track Cyber Threats

Published on

SIEM as a Service

Follow Us on Google News

Splunk has unveiled DECEIVE (DECeption with Evaluative Integrated Validation Engine), an innovative, AI-augmented honeypot that mimics real-world systems to lure and study cyber attackers.

By leveraging advanced artificial intelligence, DECEIVE provides organizations with a powerful means of tracking, analyzing, and understanding malicious activities in real time, offering actionable insights into attacker tactics and techniques.

Revolutionizing Cybersecurity with DECEIVE

Traditional honeypots require significant effort to simulate realistic environments; they must be seeded with credible data and software to effectively engage attackers.

- Advertisement - Google News

DECEIVE eliminates this challenge by using AI to create highly believable, customizable system simulations.

This new approach allows enterprises to detect and investigate cyber threats while proactively maintaining minimal overhead.

DECEIVE is designed to emulate a Linux server accessible via the SSH protocol, logging all user activity, analyzing attacker behavior, and categorizing sessions as benign, suspicious, or malicious.

The lightweight and intuitive design is particularly useful for cybersecurity research, training, and internal testing.

Key Features Include:

  • AI-Powered Realism: DECEIVE uses AI to simulate operating environments based on user-configurable prompts, making tailored honeypots easy to deploy.
  • Comprehensive Logging: All username, password, and command inputs, as well as AI-generated responses, are logged to offer complete session insights.
  • Intelligence-Driven Analysis: Sessions are automatically classified into benign, suspicious, or malicious based on attacker actions.
  • Cross-Platform Support: Initially developed for macOS 15 (Sequoia), DECEIVE also runs on most UNIX-like systems, including Linux and Windows (via Windows Subsystem for Linux).

Getting Started with DECEIVE

To set up DECEIVE, users can follow these steps:

  1. Clone the Repository:
    Fetch the latest version of DECEIVE from its GitHub repository with this command:
git clone https://github.com/splunk/DECEIVE
  1. Install Dependencies:
    Ensure Python3 is installed, and use the following command to install the required Python modules:
pip3 install -r requirements.txt
  1. Generate SSH Host Keys:
    Create the necessary SSH TLS keypair with this command:
ssh-keygen -t rsa -b 4096 -f SSH/ssh_host_key
  1. Configure the Honeypot:
    • Copy the configuration template:
cp SSH/config.ini.TEMPLATE SSH/config.ini
  1. Edit the SSH/config.ini file to define system behavior, including the usernames and passwords attackers may attempt to use.
  2. Customize the SSH/prompt.txt file to describe the system being emulated. For example, you can specify:
    “You are a video game developer’s system containing realistic source and asset files.”
  3. Start the Server:
    Launch the honeypot by running the following command from the SSH directory:
python3 ./ssh_server.py

The server will listen for SSH connections on the configured port, silently logging all activity.

Splunk emphasizes that DECEIVE is a proof-of-concept and not yet production-grade. While the tool is invaluable for threat analysis, it must be deployed cautiously, as it logs sensitive information, such as usernames and passwords, for research purposes.

The project is open-source and available under the MIT license, encouraging contributions from the cybersecurity community. Developers and researchers can access the code, suggest improvements, or adapt DECEIVE to meet specific use cases.

The launch of DECEIVE underscores Splunk’s commitment to enhancing defensive cybersecurity measures.

By flipping the script and studying attackers in action, organizations can stay a step ahead in the ever-evolving threat landscape.

Investigate Real-World Malicious Links & Phishing Attacks With Threat Intelligence Lookup - Try for Free

Divya
Divya
Divya is a Senior Journalist at GBhackers covering Cyber Attacks, Threats, Breaches, Vulnerabilities and other happenings in the cyber world.

Latest articles

VMware ESXi, Firefox, Red Hat Linux & SharePoint Hacked – Pwn2Own Day 2

Security researchers demonstrated their prowess on the second day of Pwn2Own Berlin 2025, discovering...

Critical WordPress Plugin Flaw Puts Over 10,000 Sites of Cyberattack

A serious security flaw affecting the Eventin plugin, a popular event management solution for...

Sophisticated NPM Attack Leverages Google Calendar2 for Advanced Communication

A startling discovery in the npm ecosystem has revealed a highly sophisticated malware campaign...

New Ransomware Attack Targets Elon Musk Supporters Using PowerShell to Deploy Payloads

A newly identified ransomware campaign has emerged, seemingly targeting supporters of Elon Musk through...

Resilience at Scale

Why Application Security is Non-Negotiable

The resilience of your digital infrastructure directly impacts your ability to scale. And yet, application security remains a critical weak link for most organizations.

Application Security is no longer just a defensive play—it’s the cornerstone of cyber resilience and sustainable growth. In this webinar, Karthik Krishnamoorthy (CTO of Indusface) and Phani Deepak Akella (VP of Marketing – Indusface), will share how AI-powered application security can help organizations build resilience by

Discussion points


Protecting at internet scale using AI and behavioral-based DDoS & bot mitigation.
Autonomously discovering external assets and remediating vulnerabilities within 72 hours, enabling secure, confident scaling.
Ensuring 100% application availability through platforms architected for failure resilience.
Eliminating silos with real-time correlation between attack surface and active threats for rapid, accurate mitigation

More like this

VMware ESXi, Firefox, Red Hat Linux & SharePoint Hacked – Pwn2Own Day 2

Security researchers demonstrated their prowess on the second day of Pwn2Own Berlin 2025, discovering...

Critical WordPress Plugin Flaw Puts Over 10,000 Sites of Cyberattack

A serious security flaw affecting the Eventin plugin, a popular event management solution for...

Sophisticated NPM Attack Leverages Google Calendar2 for Advanced Communication

A startling discovery in the npm ecosystem has revealed a highly sophisticated malware campaign...