 
    From left to right: Guohong Cao, distinguished professor of computer science and engineering, Tom La Porta, Evan Pugh Professor and director of the School of Electrical Engineering and Computer Science, and David Miller, professor of electrical engineering, teamed up to build a “honeypot,” a decoy suite of fake networks, devices and domains to entrap and deceive hackers of U.S. military targets. Credit: Poornima Tomy/Penn State.
Building a ‘honeypot’ of fake cameras, networks to deceive military adversaries
Jan 23, 2025
By Mariah Lucas
UNIVERSITY PARK, Pa. — As technology has evolved, so have ways to manipulate it for nefarious purposes. Attackers of U.S. military bases, for example, no longer need boots on the ground to gain intelligence. Now, they can hack the Wi-Fi system and access cameras to survey whether a ship has left port or if troops are moving. To learn about the bad actors attempting to infiltrate military systems, three computer science researchers in the Penn State School of Electrical Engineering and Computer Science (EECS) are teaming up to build a “honeypot,” a decoy suite of fake networks, devices and domains, to entrap and deceive such hackers.
The research team received a two-year, $557,000 grant from the U.S. Army’s Combat Capabilities Development Command (DEVCOM), with the possibility of renewal, to fund the cybersecurity honeypot project. While the name has multiple potential origin stories, the researchers likened the approach to luring a bear with a pot of honey.
“We are seeing that hackers are getting very sophisticated, and they’re trying to compromise assets from multiple domains, such as air and land, to learn intelligence from both systems,” said co-principal investigator Tom La Porta, Evan Pugh Professor and director of EECS. “They can compromise a Wi-Fi network, for example, and see there’s a ship on the network. From there, they can hack into the ship’s GPS. So, that would be multidomain deception: going from cyber to sea.”
Along with co-principal investigators Guohong Cao, distinguished professor of computer science and engineering, and David Miller, professor of electrical engineering, La Porta will work on building sophisticated, multidomain fake networks to attract attackers to upload their malware, so that the researchers can gain information about their adversaries and how they attack.
There must be a consistency across domains, La Porta explained, meaning that all the systems — the Wi-Fi routers, the fake cameras, and smart system devices like light switches and thermostats — must work together to fool hackers. That is because attackers typically verify that a system is legitimate by adjusting a light switch or thermostat and seeing if the camera on the same network reflects the change.
“If the hackers think they have a camera and a light switch in the same room, from a network perspective, the addresses of these devices have to look like they’d be on the same network,” La Porta said. “To keep track of all the fake devices and networks, we are building a database that has the attributes of every fake device and what its impact on its environment is.”

Mingli Yu, a computer science doctoral student who is advised by Evan Pugh Professor Tom La Porta, will assist on the DEVCOM grant. Credit: Poornima Tomy/Penn State.
While La Porta develops the fake networks, Cao will build fake devices to deploy on the honeypot.
“We will build honeypots using software to emulate various devices that appear real but are actually just software,” Cao said. “These honeypots will be deployed on a cloud-based system like Amazon cloud computing, where anyone, including hackers, can see and interact with our fake cameras, router, Google voice, network devices and more.”
Miller will develop and enhance fake video feeds deployed on the honeypot through real-time video editing.
“Using generative deep neural network learning, I will create realistic fake videos, in order to deceive an attacker into believing that they have co-opted a camera system,” Miller said. “This may involve generating fake video from scratch, consistent with the supposed physical location of the network that has been infiltrated, or editing an existing video to make it consistent with underlying weather conditions, such as displaying rain or snow, or the time of day, such as moving shadows throughout the day.”
If attackers believe the systems are legitimate, they will spend time observing the fake systems, wasting time they could be spending on real systems, La Porta explained. And once hackers upload their malware, researchers can get an idea of their intentions.
“By interacting with our honeypot, they tell us what they want and how they will do their attack,” Cao said. “Do they want to hack the GPS of a submarine, observe troop movements, understand the layout of a military base, upload ransomware to ask for ransom, mine bitcoin or something else?”
The idea is that, once the adversaries’ intentions are revealed, the appropriate agencies can take further action, according to the team. The researchers said they plan to work with DEVCOM to refine their system as needed.
 
 









