Objective
Creating an automated pipeline in the end that detects suspicious traffic with low-interaction honeypots, triggers alerts, auto-spawns high-interaction honeypots for deep analysis, and provides feedback to system to improve efficiency and reduce costs. This reduces the cloud bill to a greater extent
Pipeline Architecture
Internet Traffic
↓
Low-Interaction Honeypots --- (Cheap, Scalable detections)[SSH, HTTP decoys]
↓
Event Engine (Kafka, Redis) --- (Real time Analysis and Attack Classification)
↓
Auto-Spawn High Interaction Honeypots --- (On-demand deep analysis, Full OS env, Isolated Safe Zone)
↓
Feedback Loop ML Engine Efficiency --- (System Optimization, Cost Reduction, Pattern Learning)
Benefits
-Cost Efficiency
- Low-HP: Always running (cheap)
- High-HP: Only when needed (expensive)
-Smart Detection
- Low-HP: Catch 95% of attacks
- Auto-spawn: Deep analysis for interesting and complex attacks
-Automated Response
- Detection → Trigger → Analysis: <30 seconds
- No manual intervention required
- 24/7 automated defense system
Objective
Creating an automated pipeline in the end that detects suspicious traffic with low-interaction honeypots, triggers alerts, auto-spawns high-interaction honeypots for deep analysis, and provides feedback to system to improve efficiency and reduce costs. This reduces the cloud bill to a greater extent
Pipeline Architecture
Benefits
-Cost Efficiency
-Smart Detection
-Automated Response