Improving adaptive honeypot functionality with efficient reinforcement learning parameters for automated malware

This paper presents an intelligent honeypot that uses reinforcement learning to proactively engage with and learn from attacker interactions. It adapts its behaviour for automated malware to optimise the volume of data collected. Malware employs highly automated methods to create a global botnet. These automated methods are used to self-propagate and compromise hosts. Honeypots have been deployed to capture these automated interactions. Machine-learning techniques have previously been employed to retrospectively model botnet interactions. We develop a honeypot that uses reinforcement learning with a specific state action space formalism to interact with automated malware. It compares functionality with similar intelligent honeypots which target human interaction. It also demonstrates that datasets collected from an intelligent honeypot deployment are considerably larger than standard high interaction deployments and existing adaptive honeypots. © 2018, © 2018 Informa UK Limited, trading as Taylor & Francis Group.