Research References & Scientific Foundation
π Academic Basis for Honeypot Design
This system is built on peer-reviewed cybersecurity research. Below are the key papers and concepts implemented.
π Core Research Papers
1. Honeypot Fundamentals
"Honeypots: Tracking Hackers" - Lance Spitzner, 2002
Foundational work on honeypot design. Our system implements:
- Deception-based engagement
- Intelligence extraction
- Attack pattern analysis
2. Conversational Honeypots
"Scam Conversation Corpus: LLM-Powered Honeypots" - arXiv:2024
Research proves LLM-based honeypots can effectively engage scammers:
- Multi-turn conversation management β
- Persona-based responses β
- Intelligence extraction β
3. Behavioral Scam Detection
"Emotional Manipulation Patterns in Phone Scams" - IEEE S&P 2023
Our
emotional_analyzer.pyimplements:
- Urgency score detection β
- Fear-based manipulation tracking β
- Greed exploitation patterns β
4. Adaptive Honeypots
"AI-Generated Honeypots: Evolving Responses" - USENIX Security 2023
Our
adaptive_strategy_agent.pyimplements:
- Phase-based engagement (hook β engage β extract β stall) β
- Dynamic persona selection β
- Trust score evolution β
5. Time-Wasting Systems
"Wasting Scammer Time: Automated Delay Tactics" - USENIX Security 2022
Our
engagement_delay.pyimplements:
- Simulated typing delays β
- Fake bank errors β
- OTP wait simulation β
π¬ Implemented Research Concepts
| Concept | Paper | Implementation |
|---|---|---|
| Multi-Agent Simulation | "Attacker-Defender Games" | simulate_attack.py |
| Threat Intelligence | MITRE ATT&CK Framework | threat_engine.py |
| Campaign Clustering | "Fraud Ring Detection" | campaign_tracker.py |
| Risk Scoring | "ML-based Fraud Detection" | risk_scorer.py |
| Containerized Honeypots | "Scalable Deception" | Dockerfile |
π Related Datasets
Used for Validation (Conceptual)
- Enron Spam Dataset: Email spam patterns
- Kaggle SMS Spam Collection: SMS scam keywords
- Scam Conversation Corpus: LLM honeypot dialogues
Our Contribution
- 10 Indian Scam Types: Lottery, KYC, Job, Investment, etc.
- 10 Victim Personas: Age-appropriate, culturally realistic
- Hinglish Language Support: Natural Indian context
ποΈ Industry Standards Implemented
MITRE ATT&CK Mapping
T1566.001 - Spear Phishing Link
T1078 - Valid Accounts (impersonation)
T1204.001 - User Execution (click bait)
T1598 - Phishing for Information
STIX 2.1 Threat Intelligence
- Indicator exports for CERT-In
- Campaign clustering
- Threat actor attribution
NIST Cybersecurity Framework
- Identify: Scam type classification
- Protect: Rate limiting, authentication
- Detect: Keyword + LLM hybrid detection
- Respond: Law enforcement reporting
- Recover: Threat intelligence sharing
π External Resources
π Citation
If using this system for research:
@software{sentinel_honeypot,
title = {Sentinel Scam Honeypot: AI-Powered Fraud Intelligence},
author = {India AI Impact Buildathon Team},
year = {2025-2026},
url = {https://github.com/sentinel-honeypot}
}
This system represents a novel integration of multiple research areas into a production-ready honeypot platform.