Mimicry-Protocol

An AI-powered honeypot that deceives hackers with LLM-generated responses while you watch the action live in a cyberpunk command center.

Comment

Mimicry Protocol: AI-Powered Deception System

Turning the tables on attackers with intelligent, real-time honeypots.

Inspiration

Traditional honeypots are static and easily detectable. Attackers quickly identify scripted responses and move on. The core question driving this project was: What if a honeypot could think?

The rise of large language models provided the answer. I envisioned a system that could hold convincing conversations with attackers, waste their time with believable fake data, and give defenders a ringside seat to watch hackers operate in real-time — all while gathering valuable threat intelligence.

Mimicry Protocol is the result: an AI-powered deception system that transforms the defensive landscape.

What It Does

Mimicry Protocol is a full-stack honeypot system comprising three core components:

  1. Tentacle (The Collector): A Rust-based SSH server that accepts connections on port 2222, capturing every keystroke and command in a high-performance async environment.
  2. Brain (The Logic): A Python backend powered by Groq's Llama 3.3 70B model. It generates realistic terminal responses. When a hacker types ls -la, they see convincing fake files like password.txt and db_credentials.txt.
  3. Dashboard (The Command Center): A cyberpunk-styled React interface featuring:
    • Real-time 3D Globe: Visualizes attack origins globally.
    • Live Activity Feed: Real-time command logging and session tracking.
    • "God Mode" Controls: Operators can TARPIT (slow down latency) or INK (flood the session with fake data) to confuse the attacker.
    • Session Analytics: Comprehensive data export and behavioral analysis.

How I Built It

Technical Stack

Layer Technologies
Frontend Next.js 16, React 19, Framer Motion, react-globe.gl
Backend FastAPI, WebSockets, SQLite
AI Engine Groq API (Llama 3.3 70B)
Honeypot Rust, Tokio (Async SSH)
Audio Web Audio API (Procedural Synthesis)
  • Custom UI: I designed the interface with a glassmorphism and neon aesthetic using a custom CSS design system to enhance the "War Room" experience.
  • Procedural Sound: I avoided static audio files entirely, instead using oscillators to generate sci-fi pings and alarms dynamically via the Web Audio API.

Challenges I Faced

  • Latency vs. Realism: Initially, local LLMs (Ollama/Mistral) took 5–15 seconds to respond, breaking the "immersion." Migrating to Groq slashed response times to under 1 second, maintaining the illusion of a real shell.
  • State Management: Real-time dashboards require robust WebSocket reconnection logic. I implemented exponential backoff to handle backend restarts gracefully without losing session data.
  • Responsive 3D Assets: Getting the 3D globe to resize properly across different screen sizes required complex container management and event listeners.
  • Browser Autoplay Policies: To comply with modern security standards, I built a dedicated user-interaction toggle system to enable the ambient procedural audio.

Accomplishments I'm Proud Of

  • End-to-End Engineering: Built a complete deception system—from the low-level Rust server to the React frontend—within a single hackathon timeframe.
  • Sub-Second Latency: Achieved AI response times fast enough to make the honeypot indistinguishable from a real Linux terminal.
  • Active Defense Mechanisms: Developed "God Mode" controls that allow manual intervention, moving beyond passive logging to active adversary engagement.
  • Zero-Dependency Audio: Engineered an immersive soundscape using pure code (Web Audio API) rather than external assets.

What I Learned

  • Inference Speed is Critical: Groq’s speed makes real-time AI agents genuinely viable for interactive security tools.
  • Psychology of Deception: In honeypots, convincing fake data is significantly more effective than sheer volume.
  • Resilient Architecture: I gained a deeper appreciation for careful state management in WebSocket-heavy applications to ensure production reliability.

What's Next for Mimicry Protocol

  • Threat Intel Export: Automatic extraction of IOCs (Indicators of Compromise) into STIX/TAXII formats.
  • Multi-tenancy: Support for deploying a fleet of honeypots across different networks from a single dashboard.
  • Attack Pattern Recognition: Implementing ML clustering to identify attack campaigns and TTPs automatically.
  • Playbook Automation: Configurable response rules (e.g., auto-TARPIT if specific sensitive files are accessed).

Built With

  • fastapi
  • framermotion
  • groq
  • lucide
  • nextjs
  • pydantic
  • python-dotenv
  • react
  • reqwest
  • rust
  • tailwind
  • tokio
  • uvicorn
Share this project:

Updates