Real-Time Threat Detection in Docker-Based Integrated Honeypot and IDS Environments Using Explainable AI Techniques
摘要
Intrusion Detection Systems are traditional security tools used for monitoring network traffic and capturing suspicious activities through rules based or the anomaly methods. Traditional IDS systems may fail to provide adequate protection against new emerging cyber threats because of their increased complexity. This research examines an inclusive security solution of Suricata IDS with the Cowrie honeypot system which is conducted in Docker containers in WSL on windows. It integrates and records the happening events in the network transforming JSON logs into a CSV format in a way amicable to NSL-KDD dataset for analysis. After data preprocessing, the machine learning models are trained, and we also perform hyperparameter optimization to achieve maximum detection rate and minimum false alarm rate. This work provides a solid, easily scalable model for identifying and studying cyber threats, which provides realistic recommendations for the integration of IDS and honeypots for threats in dynamic security environments. This work provides a reliable and flexible approach for identifying and characterising cyber threats and provides valuable information on the integration of IDS and honeypots for threat detection in dynamic environments. The results of the performance assessments of the proposed machine learning models indicated that the MLP model provided the highest accuracy of 95.32% and therefore the most decisive algorithm in the integrated IDS and honeypot system for accurate threat identification and categorization.