Research Output
Academic papers, open-source tools, and technical documents produced by the morphosis.ai team at DFKI Kaiserslautern.
This work systematically investigates the use of Large Language Models to create a variety of honeytokens. Out of seven different honeytoken types — including configuration files, databases, and log files — two were used to evaluate the optimal prompt. The generation of robots.txt files and honeywords was used to systematically test 210 different prompt structures based on 16 prompt building blocks. All honeytokens were tested across different state-of-the-art LLMs to assess varying model performance. Honeywords generated by GPT-3.5 were found to be less distinguishable from real passwords compared to previous methods of automated honeyword generation.
A threat intelligence platform that extracts attack data from T-POT honeypots and generates feeds for attack prevention and detection purposes.
Protecting Content Management Systems from vulnerability scanners with cyber deception and obfuscation — a WordPress security plugin implementing defensive techniques against automated scanning tools.
High-level architecture document describing the DevOps and LLMOps pipelines, component integration, and the RAG-based honeypot communication layer. Intended as a foundation for the StartUpSecure Phase 2 proposal.
Formal definition of the threat model (MS1.1), the deception strategy within the dissimulation/simulation framework (MS1.2), and the attacker attention model — defining what constitutes measurable attention in an information security context (MS1.3).
Classification of honeytoken families (credentials, documents, databases, network artefacts, personal data) against the threat and attention models. Includes a ranked cost-to-impact hierarchy to guide model specialisation and data generation priorities.