Malicious User Detection using Honeypot

Malicious User Detection using Honeypot

The Problem

Password-based authentication is still everywhere, but it’s vulnerable. Once attackers gain access to hashed password files, tools like dictionary attacks, brute force, and GPU-accelerated cracking make it trivial to reverse hashes into real credentials.

Existing systems only detect breaches passively (if at all). There’s no mechanism to react to intrusion attempts or trace the attacker. That’s a huge blind spot.

The Honeyword Concept

Originally proposed by Juels and Rivest, Honeywords are fake passwords stored alongside the real ones in a database. If an attacker attempts to use one of these, the system knows it’s under attack. But this paper pushes it further.

Each user has:

  • One real password

  • A set of algorithmically generated decoy passwords (Honeywords)

These are indistinguishable from the real one to outsiders. If a honeyword is used, it’s game over (for the attacker).

Technical Highlights

The proposed model introduces real-time malicious user detection + active response mechanisms:

  1. Decoy Data Redirection: If a honeyword is entered, the system serves fake but realistic-looking data to mislead the attacker.

  2. IP Tracking & Blacklisting: The intruder’s IP is logged and added to a blacklist, preventing future access attempts.

  3. Embedded Virus in Decoy Data: The system plants a stealth virus in the decoy files, capable of:

    • Extracting system-level info (cookies, OS, browser, geolocation)

    • Reporting back attacker details to the original user or admin

  4. HoneyChecker Mechanism: A secure secondary server verifies whether the entered password is real or fake without exposing the actual data.

  5. Intruder Cam (Future Work): A next-gen feature will activate the system’s webcam to capture a snapshot of the intruder, adding another layer of identity confirmation.

  6. User Alerts: Email/SMS alerts will notify the legitimate user with attacker info: IP, location, and webcam snapshot.

Why This Matters

Unlike traditional login systems that simply deny access, this approach is proactive. It doesn’t just block hackers — it:

  • Wastes their time

  • Traps them in fake environments

  • Traces their digital footprint

  • And potentially exposes their identity

This is next-level deception tech—an intersection of cybersecurity, behavioral analysis, and offensive defense.

Real-World Use Cases

  • Enterprise systems storing sensitive customer data

  • Government or military databases

  • Financial institutions

  • Cloud-based platforms managing large user bases

Conclusion

By combining honeyword generation, decoy mechanisms, IP tracking, and retaliatory countermeasures, this model flips the cybersecurity script. It doesn’t just defend — it hunts back.

This research isn’t just theoretical. It lays the foundation for active security systems that don’t wait to be breached — they bait, detect, and react in real time.