ICCK Transactions on Cybersecurity Home About Editors Current Issue
-
CiteScore
-
Impact Factor
  1. Home
  2. Journals
  3. ICCK Transactions on Cybersecurity
  4. Volume 1, Issue 1
AI-Driven Intrusion Detection System Using SSH Honeypots
Research Article | Published: 19 August 2025
ICCK Transactions on Cybersecurity Volume 1, Issue 1, 2025: 3-12
Volume 1, Issue 1, ICCK Transactions on Cybersecurity
Volume 1, Issue 1, 2025
Submit Manuscript Edit a Special Issue
Article QR Code
Article QR Code
Scan the QR code for reading
Popular articles
Research on A Ship Trajectory Classification Method Based on Deep Learning Bridging Modalities: A Survey of Cross-Modal Image-Text Retrieval A Mimic Fusion Algorithm for Dual Channel Video Based on Possibility Distribution Synthesis Theory YOLOv7-Bw: A Dense Small Object Efficient Detector Based on Remote Sensing Image Deep Prediction Network Based on Covariance Intersection Fusion for Sensor Data Case Studies on Integrating Artificial Intelligence in Finance to Transform Decision Making and Risk Management for Enhanced Financial Outcomes Visual Feature Extraction and Tracking Method Based on Corner Flow Detection Inaugural Editorial of the Chinese Journal of Information Fusion YOLOv8-Lite: A Lightweight Object Detection Model for Real-time Autonomous Driving Systems Short and Long-Term Renewable Electricity Demand Forecasting Based on CNN-Bi-GRU Model
ICCK Transactions on Cybersecurity, Volume 1, Issue 1, 2025: 3-12

Open Access | Research Article | 19 August 2025
AI-Driven Intrusion Detection System Using SSH Honeypots
by
Abhishek Satpute Abhishek Satpute 1
Suraj Nikam Suraj Nikam 1
Vishwajit Gaikwad Vishwajit Gaikwad 1
Yash Kakade Yash Kakade 1
Chhaya Mhaske Chhaya Mhaske 1 *
1 School of Computing, MIT ADT University, Pune 412201, Maharashtra, India
* Corresponding Author: Chhaya Mhaske, [email protected]
DOI: 10.62762/TC.2025.521799
Received: 21 May 2025, Accepted: 10 July 2025, Published: 19 August 2025  
   PDF  (4.62 MB)
Article Metrics Cite This Article
Abstract
With the rapid evolution of cyber threats targeting critical services like SSH, traditional Intrusion Detection Systems (IDS) are often unable to handle zero-day attacks and advanced persistent threats. This work proposes an intelligent IDS powered by SSH honeypots combined with machine learning. The honeypots simulate vulnerable SSH services to capture attacker behavior, which is then analyzed using Random Forest classifiers and Autoencoders for accurate intrusion detection. Our AI-based framework shows robust detection rates across multiple attack vectors, offering dynamic adaptability to evolving threats. The proposed system demonstrates a promising defense mechanism, bridging the gap between traditional signature-based systems and modern AI-driven security solutions.
Graphical Abstract
AI-Driven Intrusion Detection System Using SSH Honeypots
Keywords
intrusion detection system (IDS)
SSH Honeypot
machine learning
anomaly detection
cybersecurity
Data Availability Statement
Data will be made available on request.
Funding
This work was supported without any funding.
Conflicts of Interest
The authors declare no conflicts of interest.
Ethical Approval and Consent to Participate
Not applicable.
References
  1. Amornchantanakorn, S., & Phumdara, T. (2025, February). Remote Server techniques with SSH (Secure Shell) for Managing Server Computers of The Office of General Education and Innovative Electronic Learning, Suan Sunandha Rajabhat University. In INTERNATIONAL ACADEMIC MULTIDISCIPLINARY RESEARCH CONFERENCE ICBTSOSLO2025 (pp. 92-98).
    [Google Scholar]
  2. Rabzelj, M., & Sedlar, U. (2025). Beyond the Leak: Analyzing the Real-World Exploitation of Stolen Credentials Using Honeypots. Sensors, 25(12), 3676.
    [CrossRef]   [Google Scholar]
  3. Nawrocki, M., Wählisch, M., Schmidt, T. C., Keil, C., & Schönfelder, J. (2016). A Survey on Honeypot Software and Data Analysis. arXiv e-prints, arXiv-1608.
    [Google Scholar]
  4. Morić, Z., Dakić, V., & Regvart, D. (2025). Advancing Cybersecurity with Honeypots and Deception Strategies. In Informatics (Vol. 12, No. 1, p. 14). MDPI AG.
    [CrossRef]   [Google Scholar]
  5. Priya, V. D., & Chakkaravarthy, S. S. (2023). Containerized cloud-based honeypot deception for tracking attackers. Scientific Reports, 13(1), 1437.
    [CrossRef]   [Google Scholar]
  6. Patel, A., Qassim, Q., & Wills, C. (2010). A survey of intrusion detection and prevention systems. Information Management & Computer Security, 18(4), 277-290.
    [CrossRef]   [Google Scholar]
  7. Kumar, C. M., Kumar, A., & Devi, B. K. (2025, March). Advance Threat Detection Using Machine Learning Techniques With Ssh Honeypot An Integrated Approach. In 2025 International Conference on Data Science, Agents & Artificial Intelligence (ICDSAAI) (pp. 1-6). IEEE.
    [CrossRef]   [Google Scholar]
  8. Almohannadi, H., Awan, I., Al Hamar, J., Cullen, A., Disso, J. P., & Armitage, L. (2018, May). Cyber threat intelligence from honeypot data using elasticsearch. In 2018 IEEE 32nd International Conference on Advanced Information Networking and Applications (AINA) (pp. 900-906). IEEE.
    [CrossRef]   [Google Scholar]
  9. Doubleday, H., Maglaras, L., & Janicke, H. (2016). SSH honeypot: building, deploying and analysis. International Journal of Advanced Computer Science and Applications, 7(5).
    [CrossRef]   [Google Scholar]
  10. Koniaris, I., Papadimitriou, G., & Nicopolitidis, P. (2013, July). Analysis and visualization of SSH attacks using honeypots. In Eurocon 2013 (pp. 65-72). IEEE.
    [CrossRef]   [Google Scholar]
  11. Yang, X., Yuan, J., Yang, H., Kong, Y., Zhang, H., & Zhao, J. (2023). A highly interactive honeypot-based approach to network threat management. Future Internet, 15(4), 127.
    [CrossRef]   [Google Scholar]
  12. Alatawi, E., & Albalawi, U. (2025). Harnessing AI for Cyber Defense: Honeypot-Driven Intrusion Detection Systems. Symmetry, 17(5), 628.
    [CrossRef]   [Google Scholar]
  13. Haffar, R., Domingo-Ferrer, J., & Sánchez, D. (2020, August). Explaining misclassification and attacks in deep learning via random forests. In International Conference on Modeling Decisions for Artificial Intelligence (pp. 273-285). Cham: Springer International Publishing.
    [CrossRef]   [Google Scholar]
  14. Choi, H., Kim, M., Lee, G., & Kim, W. (2019). Unsupervised learning approach for network intrusion detection system using autoencoders. The Journal of Supercomputing, 75(9), 5597-5621.
    [CrossRef]   [Google Scholar]
  15. Anagnostopoulos, C. (2019). Weakly supervised learning: how to engineer labels for machine learning in cyber-security. In Data Science for Cyber-Security (pp. 195-226).
    [CrossRef]   [Google Scholar]
  16. James, G., Witten, D., Hastie, T., Tibshirani, R., & Taylor, J. (2023). Unsupervised learning. In An introduction to statistical learning: with applications in Python (pp. 503-556). Cham: Springer International Publishing.
    [CrossRef]   [Google Scholar]
  17. Hachmi, F., Boujenfa, K., & Limam, M. (2019). Enhancing the accuracy of intrusion detection systems by reducing the rates of false positives and false negatives through multi-objective optimization. Journal of Network and Systems Management, 27(1), 93-120.
    [CrossRef]   [Google Scholar]
  18. AbdulRaheem, M., Oladipo, I. D., Imoize, A. L., Awotunde, J. B., Lee, C. C., Balogun, G. B., & Adeoti, J. O. (2024). Machine learning assisted snort and zeek in detecting DDoS attacks in software-defined networking. International Journal of Information Technology, 16(3), 1627-1643.
    [CrossRef]   [Google Scholar]
  19. Kelly, C., Pitropakis, N., Mylonas, A., McKeown, S., & Buchanan, W. J. (2021). A comparative analysis of honeypots on different cloud platforms. Sensors, 21(7), 2433.
    [CrossRef]   [Google Scholar]
  20. Lucchese, M. (2024). Design, implementation and evaluation of a physics-aware honeynet for Industrial Control Systems.
    [Google Scholar]
  21. Alzahrani, R. J., & Alzahrani, A. (2021). Security analysis of ddos attacks using machine learning algorithms in networks traffic. Electronics, 10(23), 2919.
    [CrossRef]   [Google Scholar]
  22. Lanka, P., Gupta, K., & Varol, C. (2024). Intelligent threat detection—AI-driven analysis of honeypot data to counter cyber threats. Electronics, 13(13), 2465.
    [CrossRef]   [Google Scholar]
  23. Subhash, P., Qayyum, M., Likhitha Varsha, C., Mehernadh, K., Sruthi, J., & Nithin, A. (2023, October). A security framework for the detection of targeted attacks using honeypot. In International Conference on Computer & Communication Technologies (pp. 183-192). Singapore: Springer Nature Singapore.
    [CrossRef]   [Google Scholar]
  24. Jaiswal, A., Sodhi, H. S., Muzamil H, M., Chandhok, R. S., Oore, S., & Sastry, C. S. (2021, October). Controlling BigGAN image generation with a segmentation network. In International Conference on Discovery Science (pp. 268-281). Cham: Springer International Publishing.
    [CrossRef]   [Google Scholar]
  25. Ali, W., Sajid, A., Ghodke, T. A., Malik, R., Malik, N., & Kaushik, K. (2024, November). Honeypot Comparison of Attack Detection and Mitigation of SSH Attack. In 2024 3rd Edition of IEEE Delhi Section Flagship Conference (DELCON) (pp. 1-5). IEEE.
    [CrossRef]   [Google Scholar]
  26. Sadasivam, G. K., Hota, C., & Anand, B. (2018). Honeynet data analysis and distributed SSH brute-force attacks. In Towards Extensible and Adaptable Methods in Computing (pp. 107-118). Singapore: Springer Singapore.
    [CrossRef]   [Google Scholar]
  27. Arnob, A. K. B., Mridha, M. F., Safran, M., Amiruzzaman, M., & Islam, M. R. (2025). An Enhanced LSTM Approach for Detecting IoT-Based DDoS Attacks Using Honeypot Data. International Journal of Computational Intelligence Systems, 18(1), 19.
    [CrossRef]   [Google Scholar]
Cite This Article
APA Style
Satpute, A., Nikam, S., Gaikwad, V., Kakade, Y., & Mhaske, C. (2025). AI-Driven Intrusion Detection System Using SSH Honeypots. ICCK Transactions on Cybersecurity, 1(1), 3–12. https://doi.org/10.62762/TC.2025.521799
Article Metrics
Citations:

Google Scholar
0

Crossref

0

Scopus

0

Web of Science

0
Article Access Statistics:
Views: 22
PDF Downloads: 7
Publisher's Note
ICCK stays neutral with regard to jurisdictional claims in published maps and institutional affiliations.
Rights and Permissions
CC BY Copyright © 2025 by the Author(s). Published by Institute of Central Computation and Knowledge. This article is an open access article distributed under the terms and conditions of the Creative Commons Attribution (CC BY) license (https://creativecommons.org/licenses/by/4.0/), which permits use, sharing, adaptation, distribution and reproduction in any medium or format, as long as you give appropriate credit to the original author(s) and the source, provide a link to the Creative Commons licence, and indicate if changes were made.
ICCK Transactions on Cybersecurity

ICCK Transactions on Cybersecurity

ISSN: request pending (Online) | ISSN: request pending (Print)

Email: [email protected]

Portico

Portico

All published articles are preserved here permanently:
https://www.portico.org/publishers/icck/