AdvancedShelLM: A Stateful Multi-Agent LLM Honeypot for SSH Deception

๐Ÿ“… 2026-06-26
๐Ÿ“ˆ Citations: 0
โœจ Influential: 0
๐Ÿ“„ PDF
๐Ÿค– AI Summary
This work addresses the limited deception efficacy of existing large language model (LLM)-based SSH honeypots, which are often easily detected by determined attackers. The authors propose a novel dual-agent, multi-LLM collaborative architecture that partitions responsibilities between a Manager and a Worker to achieve more accurate command interpretation and response generation. For the first time, the system incorporates a persistent file system that maintains shared state across multiple concurrent attackers, ensuring dynamic environmental consistency. Evaluated through the AI-driven attack assessment framework ARACNE and validated via real-world internet deployment, the system achieves a 99.02% pass rate in unit tests and demonstrates superior deception performance over Cowrie against both AI and human adversaries, significantly influencing actual attacker behavior.
๐Ÿ“ Abstract
LLM-based SSH honeypots can generate believable interactions, but evaluations indicate they remain somewhat identifiable to determined attackers, indicating the need for a better scaffolding. We present a new LLM-based honeypot design that uses a multi-agent, multi-LLM architecture to address the limitations of the previous shelLM LLM honeypot. Our honeypot, called AdvancedShelLM, uses two LLM agents, a Manager and a Worker, that better understand the commands while reducing incorrect responses and increasing deception. It implements an advanced permanent filesystem, allowing many simultaneous attackers to see the same changing files for the first time. It was evaluated with: (i) unit tests for generative capabilities, (ii) an AI attacker (ARACNE) to assess realism and deception, (iii) human attackers to assess its deceptive capability, and (iv) an Internet deployment to evaluate deception in real-world attacks. In unit test results, AdvancedShelLM achieved a pass rate of up to 99.02%. The AI attacker ARACNE had issues making a decision if the system is honeypot or not, but showed slight bias towards saying honeypot, even for a real Ubuntu shell. With human attackers, AdvancedShelLM deceived more humans than Cowrie, but had similar results as shelLM. The Internet deployment showed concrete evidence that the output of AdvancedShelLM can influence the behaviour of real-life attackers.
Problem

Research questions and friction points this paper is trying to address.

SSH honeypot
deception
large language model
stateful interaction
attack detection
Innovation

Methods, ideas, or system contributions that make the work stand out.

multi-agent LLM
SSH honeypot
stateful deception
persistent filesystem
adversarial evaluation
๐Ÿ”Ž Similar Papers
No similar papers found.