Enhancing Cybersecurity Through Honeypot Integration with Deep Learning: A Dual-Phase Approach to Threat Detection
DOI:
https://doi.org/10.70917/ijcisim-2026-2848Keywords:
Cybersecurity, Honeypot System, SYN-food Attacks, Pentbox Tool, CNN, Random Forest, KNNAbstract
This research aims at assessing the effectiveness of a two-stage approach to enhance cybersecurity through the use of honeypot systems and machine learning algorithms. The first stage is to use honeypots with the Pentbox tool and a Flask-based application to detect and report malicious activity like SYN-flood attacks. The Pentbox tool was used as a quick-deployable tool to record the detailed attack information, in tandem with Flask-based honeypot that allowed the extensive analysis of the HTTP requests and responses. In the second phase, the collected data was pre-processed and fed into deep learning - machine learning hybrid algorithms like CNNs hybridized with Random Forest, Naive Bayes, K-Nearest Neighbour (KNN), and Logistic Regression to identify and classify the cyber risks. The CNN with Random Forest model gave the best results as compared to the other models with an accuracy of 0.96, precision of 0.98, recall of 0.82, and F1-score of 0.88. This higher performance is as a result of its ensemble-ness which helps in minimizing over-fitting and at the same time correctly dealing with both nominal and ordinal data. The honeypots were able to collect important information of DoS-attack and the ML models, particularly the Random Forest model, was effective in the identification of threats and their categorisation. This integrated strategy not only improves the threat detection, but it also has significant implications for the development of real-time cybersecurity solutions, providing organisations with powerful means to counter current and emerging cyber threats.