Research Article
AI-Powered Intrusion Detection System with Honeypot Integration
Aditya Nimmagadda
,
Shideh Yavary Mehr*
Issue:
Volume 14, Issue 4, August 2025
Pages:
70-76
Received:
30 July 2025
Accepted:
15 August 2025
Published:
3 September 2025
DOI:
10.11648/j.ijiis.20251404.11
Downloads:
Views:
Abstract: In response to the increasing complexity and frequency of cyber threats, this project presents an AI-powered Intrusion Detection System (IDS) enhanced by honeypot integration. Traditional IDS techniques, heavily reliant on signature-based detection, often fail to recognize novel or polymorphic attacks, leaving systems vulnerable to zero-day exploits and advanced persistent threats (APTs). To address this limitation, the proposed system leverages machine learning models ‘both supervised and unsupervised’ trained on data captured from a controlled virtual environment simulating real-world scenarios. Honeypots, specifically the Cowrie honeypot, are deployed to lure attackers and collect rich behavioral data, which in turn enhances the system’s detection capabilities by capturing indicators of compromise (IOCs) and attack patterns that traditional datasets may miss. The architecture consists of a multi-VM setup ensuring isolated and secure experimentation, preventing compromise of production systems during testing. Using Random Forest and Logistic Regression models, along with Isolation Forest for anomaly detection, the system achieves high detection accuracy, minimal false positives, and strong adaptability to emerging threats. Data preprocessing and feature engineering are applied to ensure model robustness, while hyperparameter tuning further optimizes performance. A Flask-based real-time API enables live threat classification and rapid response, and integration with Kibana and Power BI dashboards provides comprehensive visualization, monitoring, and historical analysis of network events. The system is designed for scalability and continuous improvement through an automated retraining pipeline, allowing it to adapt autonomously as new threat intelligence becomes available. This ensures that detection capabilities evolve alongside the changing tactics, techniques, and procedures (TTPs) of malicious actors. Future enhancements will focus on incorporating deep learning approaches such as Long Short-Term Memory (LSTM) networks for temporal sequence analysis and Convolutional Neural Networks (CNN) for traffic pattern recognition, further strengthening the IDS against sophisticated attacks. This work demonstrates a proactive, intelligent, and adaptable IDS solution capable of defending against both known and unknown threats, offering a foundation for next-generation AI-driven cybersecurity systems.
Abstract: In response to the increasing complexity and frequency of cyber threats, this project presents an AI-powered Intrusion Detection System (IDS) enhanced by honeypot integration. Traditional IDS techniques, heavily reliant on signature-based detection, often fail to recognize novel or polymorphic attacks, leaving systems vulnerable to zero-day exploit...
Show More
