Publications

You can also find my articles on my Google Scholar profile.

Journal Articles

A Comparison of an Adaptive Self-Guarded Honeypot with Conventional Honeypots

Published in Applied Science, 2022

In this paper, we compare Asgard and its variant Midgard with two conventional SSH honeypots: Cowrie and a real Linux system. The goal of the paper is (1) to demonstrate the effectiveness of the adaptive honeypot that can learn to compromise between collecting attack data and keeping the honeypot safe, and (2) the benefit of coupling of the environment state and the action in reinforcement learning to define the reward function to effectively learn its objectives.

Recommended citation: Touch, S., & Colin, J. N. (2022). A comparison of an adaptive self-guarded honeypot with conventional honeypots. Applied Sciences, 12(10), 5224.
Download Paper

Book chapters

An Adaptive Self-guarded and Risk-Aware Honeypot using DRL

Published in SECAI/ESORICS 2025 International Workshops, Toulouse, France 25-26th September 2025, 2026

We propose a novel adaptive self-guarded honeypot called Asgard2.0, designed to capture shell-based attacks on real Linux-based systems via remote SSH access and to automatically recover when severely compromised. Asgard2.0 leverages Deep Q-Networks (DQN), a Deep Reinforcement Learning (DRL) algorithm, to balance two often conflicting objectives: (i) Collecting attack data and (ii) Preventing deep compromise of the honeypot itself. By employing a rich environmental state representation and risk-aware reward functions, Asgard2.0 develops a nuanced understanding of its operational context, enabling informed and flexible decision-making to learn its objectives. Asgard2.0 was evaluated in a real-world deployment alongside its predecessor Asgard1.0 (a more restricted version), as well as two conventional honeypots: Cowrie, a medium-interaction honeypot (MiHP), and a non-filtered Linux-based system serving as a high-interaction honeypot (HiHP). Experimental results demonstrate that Asgard2.0 effectively collects attack data while significantly reducing the risk of deep compromise compared to the other systems. These findings highlight its ability to strike a well-balanced trade-off between MiHP and HiHP approaches.

Recommended citation: Touch, S., Colin, JN. (2026). An Adaptive Self-guarded and Risk-Aware Honeypot Using DRL. In: Laborde, R., et al. Computer Security. ESORICS 2025 International Workshops. ESORICS 2025. Lecture Notes in Computer Science, vol 16232. Springer, Cham. https://doi.org/10.1007/978-3-032-16092-8_11
Download Paper

Automated Risk Assessment of Shell-Based Attacks Using a LLM

Published in LNCS, vol 15456. Springer, Cham, 2025

We propose a novel approach to assess the risk of shell commands by classifying them into five risk levels ranging from very low risk (R0) to extremely high risk (R4), evaluating the potential adversarial impact of executing them on a system. The proposed approach is then used to build a classification model using a large-language model (LLM), RoBERTa, to automatically assess commands based on their defined risk levels.

Recommended citation: Touch, S., Fink, J., Colin, JN. (2025). Automated Risk Assessment of Shell-Based Attacks Using a LLM. In: Collart-Dutilleul, S., Ouchani, S., Cuppens, N., Cuppens, F. (eds) Risks and Security of Internet and Systems. CRiSIS 2024. Lecture Notes in Computer Science, vol 15456. Springer, Cham.
Download Paper

Conference Papers

Asguard: Adaptive Self-guarded Honeypot

Published in WEBIST, 2021

Cybersecurity is of critical importance to any organisations on the Internet, with attackers exploiting any security loopholes to attack them.

Recommended citation: Touch, S., & COLIN, J. N. (2021, October). Asguard: Adaptive Self-guarded Honeypot. In 17th International Conference on Web Information Systems and Technologies-Volume 1: DMMLACS, (pp. 565-574). SciTePress. https://doi.org/10.5220/0010719100003058
Download Paper

Sereysethy Touch