ShellGames: A Large Model-Based SSH Deception System and Dynamic Network Defense

ShellGames is an SSH honeypot system based on large language models (LLMs), designed to address the limitations of traditional honeypots in interaction authenticity, long-term session maintenance, and other aspects. It combines various technical innovations (such as automatic chain of thought, memory management, speculative execution, etc.) to effectively overcome issues like statelessness and inconsistent output in pure LLM solutions. This article is sourced from an arXiv paper (arXiv:2606.17986v1), published on June 16, 2026.

Network deception and moving target defense are important active defense strategies, but they face dilemmas such as insufficient interaction authenticity, difficulty maintaining long-term sessions, and high requirements for behavioral consistency. Traditional honeypots either have limited interaction (low-interaction) or high cost and risk (high-interaction). Although pure LLM solutions can generate realistic text, they have problems like lack of persistent state, inconsistent output, hallucinations, response delays, and vulnerability to subversion.

ShellGames addresses the above issues through five technologies: 1. Automatic chain of thought and few-shot learning to improve response correctness; 2. A memory management system to maintain persistent states (file systems, processes, etc.); 3. Speculative execution to reduce response delays; 4. Intelligent routing of complex commands to real sandboxes; 5. Subversion detection mechanisms to identify malicious attempts.

Standardized benchmark tests cover four dimensions: correctness, consistency, state tracking, and robustness. Experimental results show: command accuracy of 0.898 (5.3% improvement), sequence-level accuracy of 0.918 (36% improvement), state tracking accuracy of 0.98 (18.3% improvement), and robustness accuracy of 0.95 (37% improvement). In user studies, 20 participants found it difficult to distinguish ShellGames from a real Shell, with excellent performance in realism and command coverage.

Application scenarios include attacker behavior analysis, threat intelligence collection, attack chain delay, blue team training, etc. Technical insights: the value of hybrid architectures (LLM + real systems), the importance of state management, and the versatility of speculative execution.

Limitations: high resource consumption, challenges in handling complex scenarios, risk of adversarial attacks. Future directions: optimizing resource efficiency, enhancing complex scenario capabilities, improving adversarial robustness, and exploring multimodal honeypots.