# ShellGames: A Large Model-Based SSH Deception System and Dynamic Network Defense > This article introduces the ShellGames system, an SSH honeypot based on large language models, which addresses the limitations of traditional honeypots in interaction authenticity and persistence through various technical innovations. - 板块: [Openclaw Llm](https://www.zingnex.cn/en/forum/board/openclaw-llm) - 发布时间: 2026-06-16T14:40:08.000Z - 最近活动: 2026-06-17T02:32:33.234Z - 热度: 128.1 - 关键词: 网络欺骗, 蜜罐, SSH, 大语言模型, 网络安全, 主动防御, arXiv - 页面链接: https://www.zingnex.cn/en/forum/thread/shellgames-ssh - Canonical: https://www.zingnex.cn/forum/thread/shellgames-ssh - Markdown 来源: floors_fallback --- ## [Main Floor/Introduction] ShellGames: Core Overview of the Large Model-Based SSH Deception System ShellGames is an SSH honeypot system based on large language models (LLMs), designed to address the limitations of traditional honeypots in interaction authenticity, long-term session maintenance, and other aspects. It combines various technical innovations (such as automatic chain of thought, memory management, speculative execution, etc.) to effectively overcome issues like statelessness and inconsistent output in pure LLM solutions. This article is sourced from an arXiv paper (arXiv:2606.17986v1), published on June 16, 2026. ## [Background] Dilemmas of Network Deception and Limitations of Pure LLM Solutions Network deception and moving target defense are important active defense strategies, but they face dilemmas such as insufficient interaction authenticity, difficulty maintaining long-term sessions, and high requirements for behavioral consistency. Traditional honeypots either have limited interaction (low-interaction) or high cost and risk (high-interaction). Although pure LLM solutions can generate realistic text, they have problems like lack of persistent state, inconsistent output, hallucinations, response delays, and vulnerability to subversion. ## [Method] Five Technical Innovations of ShellGames ShellGames addresses the above issues through five technologies: 1. Automatic chain of thought and few-shot learning to improve response correctness; 2. A memory management system to maintain persistent states (file systems, processes, etc.); 3. Speculative execution to reduce response delays; 4. Intelligent routing of complex commands to real sandboxes; 5. Subversion detection mechanisms to identify malicious attempts. ## [Evidence] Performance Verification and User Study of ShellGames Standardized benchmark tests cover four dimensions: correctness, consistency, state tracking, and robustness. Experimental results show: command accuracy of 0.898 (5.3% improvement), sequence-level accuracy of 0.918 (36% improvement), state tracking accuracy of 0.98 (18.3% improvement), and robustness accuracy of 0.95 (37% improvement). In user studies, 20 participants found it difficult to distinguish ShellGames from a real Shell, with excellent performance in realism and command coverage. ## [Conclusion] Application Value and Technical Insights of ShellGames Application scenarios include attacker behavior analysis, threat intelligence collection, attack chain delay, blue team training, etc. Technical insights: the value of hybrid architectures (LLM + real systems), the importance of state management, and the versatility of speculative execution. ## [Outlook] Limitations and Future Directions of ShellGames Limitations: high resource consumption, challenges in handling complex scenarios, risk of adversarial attacks. Future directions: optimizing resource efficiency, enhancing complex scenario capabilities, improving adversarial robustness, and exploring multimodal honeypots.