AI-Driven Intrusion Detection System Using SSH Honeypots
Research Article  ·  Published: 19 August 2025
Issue cover
ICCK Transactions on Cybersecurity
Volume 1, Issue 1, 2025: 3-12
Research Article Free to Read

AI-Driven Intrusion Detection System Using SSH Honeypots

1 School of Computing, MIT ADT University, Pune 412201, Maharashtra, India
* Corresponding Author: Chhaya Mhaske, [email protected]
Volume 1, Issue 1

Article Information

Abstract

With the rapid evolution of cyber threats targeting critical services like SSH, traditional Intrusion Detection Systems (IDS) are often unable to handle zero-day attacks and advanced persistent threats. This work proposes an intelligent IDS powered by SSH honeypots combined with machine learning. The honeypots simulate vulnerable SSH services to capture attacker behavior, which is then analyzed using Random Forest classifiers and Autoencoders for accurate intrusion detection. Our AI-based framework shows robust detection rates across multiple attack vectors, offering dynamic adaptability to evolving threats. The proposed system demonstrates a promising defense mechanism, bridging the gap between traditional signature-based systems and modern AI-driven security solutions.

Graphical Abstract

AI-Driven Intrusion Detection System Using SSH Honeypots

Keywords

intrusion detection system (IDS) SSH Honeypot machine learning anomaly detection cybersecurity

Data Availability Statement

Data will be made available on request.

Funding

This work was supported without any funding.

Conflicts of Interest

The authors declare no conflicts of interest.

Ethical Approval and Consent to Participate

Not applicable.

References

  1. Amornchantanakorn, S., & Phumdara, T. (2025, February). Remote Server techniques with SSH (Secure Shell) for Managing Server Computers of The Office of General Education and Innovative Electronic Learning, Suan Sunandha Rajabhat University. In INTERNATIONAL ACADEMIC MULTIDISCIPLINARY RESEARCH CONFERENCE ICBTSOSLO2025 (pp. 92-98).
    [Google Scholar]
  2. Rabzelj, M., & Sedlar, U. (2025). Beyond the Leak: Analyzing the Real-World Exploitation of Stolen Credentials Using Honeypots. Sensors, 25(12), 3676.
    [CrossRef] [Google Scholar]
  3. Nawrocki, M., Wählisch, M., Schmidt, T. C., Keil, C., & Schönfelder, J. (2016). A Survey on Honeypot Software and Data Analysis. arXiv e-prints, arXiv-1608.
    [Google Scholar]
  4. Morić, Z., Dakić, V., & Regvart, D. (2025). Advancing Cybersecurity with Honeypots and Deception Strategies. In Informatics (Vol. 12, No. 1, p. 14). MDPI AG.
    [CrossRef] [Google Scholar]
  5. Priya, V. D., & Chakkaravarthy, S. S. (2023). Containerized cloud-based honeypot deception for tracking attackers. Scientific Reports, 13(1), 1437.
    [CrossRef] [Google Scholar]
  6. Patel, A., Qassim, Q., & Wills, C. (2010). A survey of intrusion detection and prevention systems. Information Management & Computer Security, 18(4), 277-290.
    [CrossRef] [Google Scholar]
  7. Kumar, C. M., Kumar, A., & Devi, B. K. (2025, March). Advance Threat Detection Using Machine Learning Techniques With Ssh Honeypot An Integrated Approach. In 2025 International Conference on Data Science, Agents & Artificial Intelligence (ICDSAAI) (pp. 1-6). IEEE.
    [CrossRef] [Google Scholar]
  8. Almohannadi, H., Awan, I., Al Hamar, J., Cullen, A., Disso, J. P., & Armitage, L. (2018, May). Cyber threat intelligence from honeypot data using elasticsearch. In 2018 IEEE 32nd International Conference on Advanced Information Networking and Applications (AINA) (pp. 900-906). IEEE.
    [CrossRef] [Google Scholar]
  9. Doubleday, H., Maglaras, L., & Janicke, H. (2016). SSH honeypot: building, deploying and analysis. International Journal of Advanced Computer Science and Applications, 7(5).
    [CrossRef] [Google Scholar]
  10. Koniaris, I., Papadimitriou, G., & Nicopolitidis, P. (2013, July). Analysis and visualization of SSH attacks using honeypots. In Eurocon 2013 (pp. 65-72). IEEE.
    [CrossRef] [Google Scholar]
  11. Yang, X., Yuan, J., Yang, H., Kong, Y., Zhang, H., & Zhao, J. (2023). A highly interactive honeypot-based approach to network threat management. Future Internet, 15(4), 127.
    [CrossRef] [Google Scholar]
  12. Alatawi, E., & Albalawi, U. (2025). Harnessing AI for Cyber Defense: Honeypot-Driven Intrusion Detection Systems. Symmetry, 17(5), 628.
    [CrossRef] [Google Scholar]
  13. Haffar, R., Domingo-Ferrer, J., & Sánchez, D. (2020, August). Explaining misclassification and attacks in deep learning via random forests. In International Conference on Modeling Decisions for Artificial Intelligence (pp. 273-285). Cham: Springer International Publishing.
    [CrossRef] [Google Scholar]
  14. Choi, H., Kim, M., Lee, G., & Kim, W. (2019). Unsupervised learning approach for network intrusion detection system using autoencoders. The Journal of Supercomputing, 75(9), 5597-5621.
    [CrossRef] [Google Scholar]
  15. Anagnostopoulos, C. (2019). Weakly supervised learning: how to engineer labels for machine learning in cyber-security. In Data Science for Cyber-Security (pp. 195-226).
    [CrossRef] [Google Scholar]
  16. James, G., Witten, D., Hastie, T., Tibshirani, R., & Taylor, J. (2023). Unsupervised learning. In An introduction to statistical learning: with applications in Python (pp. 503-556). Cham: Springer International Publishing.
    [CrossRef] [Google Scholar]
  17. Hachmi, F., Boujenfa, K., & Limam, M. (2019). Enhancing the accuracy of intrusion detection systems by reducing the rates of false positives and false negatives through multi-objective optimization. Journal of Network and Systems Management, 27(1), 93-120.
    [CrossRef] [Google Scholar]
  18. AbdulRaheem, M., Oladipo, I. D., Imoize, A. L., Awotunde, J. B., Lee, C. C., Balogun, G. B., & Adeoti, J. O. (2024). Machine learning assisted snort and zeek in detecting DDoS attacks in software-defined networking. International Journal of Information Technology, 16(3), 1627-1643.
    [CrossRef] [Google Scholar]
  19. Kelly, C., Pitropakis, N., Mylonas, A., McKeown, S., & Buchanan, W. J. (2021). A comparative analysis of honeypots on different cloud platforms. Sensors, 21(7), 2433.
    [CrossRef] [Google Scholar]
  20. Lucchese, M. (2024). Design, implementation and evaluation of a physics-aware honeynet for Industrial Control Systems.
    [Google Scholar]
  21. Alzahrani, R. J., & Alzahrani, A. (2021). Security analysis of ddos attacks using machine learning algorithms in networks traffic. Electronics, 10(23), 2919.
    [CrossRef] [Google Scholar]
  22. Lanka, P., Gupta, K., & Varol, C. (2024). Intelligent threat detection—AI-driven analysis of honeypot data to counter cyber threats. Electronics, 13(13), 2465.
    [CrossRef] [Google Scholar]
  23. Subhash, P., Qayyum, M., Likhitha Varsha, C., Mehernadh, K., Sruthi, J., & Nithin, A. (2023, October). A security framework for the detection of targeted attacks using honeypot. In International Conference on Computer & Communication Technologies (pp. 183-192). Singapore: Springer Nature Singapore.
    [CrossRef] [Google Scholar]
  24. Jaiswal, A., Sodhi, H. S., Muzamil H, M., Chandhok, R. S., Oore, S., & Sastry, C. S. (2021, October). Controlling BigGAN image generation with a segmentation network. In International Conference on Discovery Science (pp. 268-281). Cham: Springer International Publishing.
    [CrossRef] [Google Scholar]
  25. Ali, W., Sajid, A., Ghodke, T. A., Malik, R., Malik, N., & Kaushik, K. (2024, November). Honeypot Comparison of Attack Detection and Mitigation of SSH Attack. In 2024 3rd Edition of IEEE Delhi Section Flagship Conference (DELCON) (pp. 1-5). IEEE.
    [CrossRef] [Google Scholar]
  26. Sadasivam, G. K., Hota, C., & Anand, B. (2018). Honeynet data analysis and distributed SSH brute-force attacks. In Towards Extensible and Adaptable Methods in Computing (pp. 107-118). Singapore: Springer Singapore.
    [CrossRef] [Google Scholar]
  27. Arnob, A. K. B., Mridha, M. F., Safran, M., Amiruzzaman, M., & Islam, M. R. (2025). An Enhanced LSTM Approach for Detecting IoT-Based DDoS Attacks Using Honeypot Data. International Journal of Computational Intelligence Systems, 18(1), 19.
    [CrossRef] [Google Scholar]

Cite This Article

APA Style
Satpute, A., Nikam, S., Gaikwad, V., Kakade, Y., & Mhaske, C. (2025). AI-Driven Intrusion Detection System Using SSH Honeypots. ICCK Transactions on Cybersecurity, 1(1), 3–12. https://doi.org/10.62762/TC.2025.521799
Export Citation
RIS Format
Compatible with EndNote, Zotero, Mendeley, and other reference managers
TY  - JOUR
AU  - Satpute, Abhishek
AU  - Nikam, Suraj
AU  - Gaikwad, Vishwajit
AU  - Kakade, Yash
AU  - Mhaske, Chhaya
PY  - 2025
DA  - 2025/08/19
TI  - AI-Driven Intrusion Detection System Using SSH Honeypots
JO  - ICCK Transactions on Cybersecurity
T2  - ICCK Transactions on Cybersecurity
JF  - ICCK Transactions on Cybersecurity
VL  - 1
IS  - 1
SP  - 3
EP  - 12
DO  - 10.62762/TC.2025.521799
UR  - https://www.icck.org/article/abs/TC.2025.521799
KW  - intrusion detection system (IDS)
KW  - SSH Honeypot
KW  - machine learning
KW  - anomaly detection
KW  - cybersecurity
AB  - With the rapid evolution of cyber threats targeting critical services like SSH, traditional Intrusion Detection Systems (IDS) are often unable to handle zero-day attacks and advanced persistent threats. This work proposes an intelligent IDS powered by SSH honeypots combined with machine learning. The honeypots simulate vulnerable SSH services to capture attacker behavior, which is then analyzed using Random Forest classifiers and Autoencoders for accurate intrusion detection. Our AI-based framework shows robust detection rates across multiple attack vectors, offering dynamic adaptability to evolving threats. The proposed system demonstrates a promising defense mechanism, bridging the gap between traditional signature-based systems and modern AI-driven security solutions.
SN  - 3069-3349
PB  - Institute of Central Computation and Knowledge
LA  - English
ER  - 
BibTeX Format
Compatible with LaTeX, BibTeX, and other reference managers
@article{Satpute2025AIDriven,
  author = {Abhishek Satpute and Suraj Nikam and Vishwajit Gaikwad and Yash Kakade and Chhaya Mhaske},
  title = {AI-Driven Intrusion Detection System Using SSH Honeypots},
  journal = {ICCK Transactions on Cybersecurity},
  year = {2025},
  volume = {1},
  number = {1},
  pages = {3-12},
  doi = {10.62762/TC.2025.521799},
  url = {https://www.icck.org/article/abs/TC.2025.521799},
  abstract = {With the rapid evolution of cyber threats targeting critical services like SSH, traditional Intrusion Detection Systems (IDS) are often unable to handle zero-day attacks and advanced persistent threats. This work proposes an intelligent IDS powered by SSH honeypots combined with machine learning. The honeypots simulate vulnerable SSH services to capture attacker behavior, which is then analyzed using Random Forest classifiers and Autoencoders for accurate intrusion detection. Our AI-based framework shows robust detection rates across multiple attack vectors, offering dynamic adaptability to evolving threats. The proposed system demonstrates a promising defense mechanism, bridging the gap between traditional signature-based systems and modern AI-driven security solutions.},
  keywords = {intrusion detection system (IDS), SSH Honeypot, machine learning, anomaly detection, cybersecurity},
  issn = {3069-3349},
  publisher = {Institute of Central Computation and Knowledge}
}

Article Metrics

Citations
Crossref
0
Scopus
0
Views
4673
PDF Downloads
462

Publisher's Note

ICCK stays neutral with regard to jurisdictional claims in published maps and institutional affiliations.

Rights and Permissions

Institute of Central Computation and Knowledge (ICCK) or its licensor holds exclusive rights to this article under a publishing agreement with the author(s) or other rightsholder(s); author self-archiving of the accepted manuscript version of this article is solely governed by the terms of such publishing agreement and applicable law.
ICCK Transactions on Cybersecurity
ICCK Transactions on Cybersecurity
ISSN: 3069-3349 (Online)
Portico
Preserved at
Portico