Design and Development of Honeypot to prevent Phishing using ML Techniques:

Hey, I am your friend InfoMaster 🧙. I am here to give you some security information and believe me it is the most important thing in your life except your family.

You know, Around the world, 30,000 sites are hacked every day. 64% of the organization worldwide have encountered somewhere around one type of digital assault. There were 20M penetrated records in March 2021.

Then what is the SOLUTION of it?

Ummm…. Yeah there is much technology to protect you, but we are going to learn about one cool tool That’s Our Doctor strange or you can say HONEYPOT. And we know Dr. Strange also has a Time stone to protect the world. Then who is Time stone here? Mistry revealed Time stone is machine learning which gives more power to HONEYPOT. SO, let’s have some introduction about all of these things.

What is Honeypots?

A honeypot is a PC designed to be defenceless trying to log and concentrate on unapproved associations (interaction). Since Internet-confronting frameworks are dependent upon consistent computerized assaults, it is essential to know that any port open to the web gives a scaffold to outside gatherings to cooperate with your framework. At the point when we forget about our honeypots, we are emulating indications of weak frameworks trusting assailants come in and attempt to execute their assaults(attack). Think about that next time you’re looking at vulnerability reports.

Honeypot uses:

Honeypots are used to collect data on attacking behaviours. The assault(attack) source, strategies utilized, their prosperity or disappointment rates, and malware tests can be in every way removed from honeypot logs. Security groups might make a move given knowledge obtained from the dissected information. Patterns seen in the attacker’s behaviour are identified within security logs to alert on security events that matched the behaviours observed in honeypot logs. Security groups are benefited because it offers them an extraordinary chance to proactively blocklist dubious practices before frameworks are tainted.

Honeypot Categories:

Low interaction honeypots extend a few behaviours to an attacker. Often, just enough to allow a connection. Information gathered from low communication honeypots are regularly restricted to assaulting IP and the username and secret word mix endeavoured joined by occasion timestamps.

Medium communication honeypots stretch out some cooperation to the assailant (for example bash shell). The distinction here is that a piece of a real system is emulated, attackers are not given a real environment, shell, or operating system — essentially not the one it seems, by all accounts, to be.

High connection honeypots are more concentrated both computationally and in hazard thought as full conduct is reached out to the assailant and nothing is imitated.

Then why use machine learning if honeypot is so good in its work???

Top Attacked Services

As we learn about the honeypot (Dr. Strange), now we will continue our discussion with machine learning(Time stoneđź’Ž)

As indicated by information delivered by GData, the quantity of malware keeps on expanding. In the last part of 2014, there were 4,150,068 new kinds of malware. This number expanded by practically 2.3 times from the principal semester of that very year which added up to 1,848,617 kinds of malware. With the goal that generally the recorded malware in 2014 was 5,998,685. given the class, the largest number of malwares is in Trojan Horse malware while in Adware malware is the most fundamentally expanded malware

With the advancement of Internet innovation, honeypots assume a huge part in network security. Notwithstanding, the assailants could undoubtedly recognize whether or not the server has conveyed honeypot administrations. In light of tackling such a danger, analysts need to make their honeypot administration more practical and work on the inward instrument and external connection point of the honeypot structure. As of late, numerous analysts begin to zero in on the most proficient method to naturally recognize a honeypot server.

In a way of protecting our honeypot, we can use various machine learning classification algorithms like naive Bayes, SVM, KNN, etc.

And for cross-validation, we can split our data. The cross-approval structure is made out of three sections. First and foremost, the information D was separated into ten comparative unrelated subsets in the information split (D was the assortment:). Then, at that point, the isolated information could be moved to preparing and testing.

And for evaluation we can use :-


A Honeypot is a thought and not an instrument that can be recently passed on. One needs to know well what they intend to acknowledge, and afterward, just the honeypot can be changed ward on their specific prerequisites. But we know that honeypot alone is not sufficient to handle various types of attacks. So, making a powerful honeypot and security system we can use machine learning. Using different ML algorithms, we can create a powerful honeypot.




Web devloper, data science enthusiast and self-learner

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store
Rohan Pardeshi

Rohan Pardeshi

Web devloper, data science enthusiast and self-learner

More from Medium

Setup OpenPose in Ubuntu 20.04

SIEM Tools

Understanding the precise risk of a vulnerability in an environment with Dynatrace

Security Countermeasures in risk management