Honeypot- Enabled Authentication System

Abstract

Honey Shield represents a deception-driven cybersecurity paradigm focused on deceiving, redirecting, and tracking malicious activities targeting web application authentication systems. The paradigm provides a centralized security service interface that enables the use of multiple defense strategies, such as bot protection, honeypot redirection, and SQL injection protection. Upon the detection of malicious activity, such as repeated login attempts within a certain time period, the malicious user is automatically redirected to a decoy system, thus effectively isolating malicious traffic from the actual web application. All security incidents, including suspicious access events, timestamps, request patterns, and activity types, are recorded and stored in a secure database for ease of analysis after the incident. An interactive dashboard is available for the visualization of login attempts, blocked attacks, and selected security services. By combining deception-driven defense and centralized logging, HoneyShield improves authentication security, attack analysis, and provides an ethical platform for advancing web application security best practices.

Introduction

HoneyShield is a deception-oriented, honeypot-based authentication protection system designed to enhance web login security. Traditional security methods—such as CAPTCHAs, rate limiting, and account lockouts—primarily block attacks but fail to provide detailed insight into malicious behavior. HoneyShield addresses this gap by tricking attackers into a controlled decoy environment, allowing safe monitoring and logging of bot activity, brute-force attempts, credential stuffing, and phishing simulations.

Key Features and Architecture:

• Deception-Based Detection: Hidden trap fields in login forms detect automated bots, while malicious traffic is redirected to a fake dashboard that simulates a successful login.

• Behavioral Analysis: Tracks IP addresses, login frequency, user agents, and credential patterns to identify suspicious activity and reduce false positives.

• Data Persistence & Forensic Logging: MongoDB stores detailed logs for real-time and historical attack analysis, supporting risk assessment and proactive defense.

• Admin Dashboard: Provides visualization of attack patterns, IP groupings, and threat levels for timely security decisions.

• Modular Tiered Architecture:

  • Presentation Tier: Honeypot login interface and admin dashboard.

  • Logic Tier: Node.js/Express backend for request handling, bot detection, and dashboard redirection.

  • Data Tier: Structured log storage for forensic intelligence.

  • Security Tier: Deception and isolation to protect production systems.

Methodology: HoneyShield combines trap field detection, brute-force monitoring, behavioral analysis, and real-time notifications. Suspicious activities are classified into risk levels and analyzed to distinguish between legitimate users and automated attacks.

Experimental Deployment: In lab tests with simulated attacks, HoneyShield successfully detected bots and repeated login attempts, logged detailed attack data, and visualized results in real time without affecting legitimate users.

Summary: HoneyShield transforms login security from a reactive “block-only” approach to a proactive, intelligence-driven strategy, combining deception, monitoring, and forensic logging to strengthen web application authentication and provide actionable insights against evolving cyber threats.

Conclusion

The creation of HoneyShield effectively remedies the critical security deficiency within modern web authentication systems. Throughout this research, it is clear that while login-based services are a critical component of digital platforms, traditional safeguarding solutions are often employed in a reactive manner and lack any real-world visibility into malicious activity. Automated bot attacks, brute-force attacks, and credential-stuffing attacks remain prevalent due to the lack of deception-based monitoring and forensic logging. By leveraging the defense paradigm from simple blocking solutions to a proactive, honeypot-driven solution, this research makes it clear that malicious login activity can now be identified, segmented, and analyzed before the integrity of a web application is compromised. The inclusion of hidden trap fields, brute-force thresholds, and intelligent redirects into a controlled decoy environment confirms the viability of deception-based security solutions.Through the use of a Node.js-based backend solution coupled with a MongoDB-based persistence solution, HoneyShield is able to handle malicious authentication traffic while continuing to handle normal user traffic.The results of the experiment show that the system is capable of detecting malicious activity through automated processes and providing enough logs to facilitate forensic analysis.

References

[1] Honeypots: Tracking Hackers. Lance Spitzner [2] Virtual Honeypots: From Botnet Tracking to Intrusion Detection. Niels Provos; Thorsten Holz [3] Guide to Intrusion Detection and Prevention Systems (IDPS). Karen Scarfone; Peter Mell [4] A Survey of Man-in-the-Middle Attacks. Mauro Conti; Nicola Dragoni; Viktor Lesyk [5] Evaluation of Machine Learning Algorithms for Intrusion Detection Systems. Mohammad Almseidin; Maen Alzubi; Szabolcs Kovacs; Mousa Alkasassbeh [6] Detection of Brute Force Attacks on Web Applications. S. R. Chavan; S. P. Patil [7] Web Application Security: Attacks and Countermeasures. Dafydd Stuttard; Marcus Pinto [8] OWASP Top 10 Web Application Security Risks. OWASP Foundation [9] An Improved Honeypot-Based Intrusion Detection System Using Machine Learning. A. M. Alatawi; F. Alsubaei [10] Credential Stuffing Attacks: Analysis and Prevention Techniques. Akamai Security Intelligence Group [11] A Network Attack Blocking Scheme Based on Threat Intelligence. Kun Li; Rui Wang; Haiwei Li; Yan Hao [12] Intrusion Detection and Prevention Using Blocking and Back Tracking for IP Spoofing. Ritesh Kumar; Sunita G; Rajeshwari M [13] Deception-Based Cyber Defense Strategies. Jeffrey Pawlick; Edward Colbert; Quanyan Zhu [14] MongoDB for High-Volume Log Management in Security Applications. MongoDB Technical Documentation Team [15] Behavioral Analysis for Web-Based Intrusion Detection. S. Axelsson [16] Detection of Automated Bots in Web Applications Using Hidden Form Fields. T. Bursztein; A. Moscicki [17] Deep Learning for Intrusion Detection Systems: A Review. Yisroel Mirsky; Tom Mahler; Ilan Shelef; Yuval Elovici [18] Zero Trust Architecture. National Institute of Standards and Technology (NIST [19] Modern Web Authentication Threats and Mitigation Techniques. SANS Institute Research Team [20] Honeypot-Based Authentication Protection Systems. K. Alieyan; A. Almomani

Copyright

Copyright © 2026 Mr. R. Rajasekhar, M. Lalitha Anusha, M. Shriya Goud, Y. Vinay. This is an open access article distributed under the Creative Commons Attribution License, which permits unrestricted use, distribution, and reproduction in any medium, provided the original work is properly cited.