League chain assisted size model collaborative sagvn threat decoy method

By using a consortium blockchain-assisted large-scale model collaboration framework, leveraging LLM for global situational analysis and SLM for honeypot strategy generation, the problem of cross-network coordinated trapping in the SAGVN environment is solved. This achieves an efficient threat capture and incentive mechanism, improving the effectiveness and policy adaptability of attack trapping.

CN122160087APending Publication Date: 2026-06-05NANJING TECH UNIV

Patent Information

Authority / Receiving Office
CN · China
Patent Type
Applications(China)
Current Assignee / Owner
NANJING TECH UNIV
Filing Date
2026-01-12
Publication Date
2026-06-05

AI Technical Summary

Technical Problem

In the context of the Space-Air-Ground Integrated Vehicle Network (SAGVN), existing technologies struggle to achieve cross-network coordinated threat capture and lack effective incentive mechanisms. This results in honeypot strategies lacking adaptability and cross-network coordination, making them unable to effectively counter complex attacks.

Method used

A collaborative framework of large and small models assisted by consortium blockchains is adopted. Global security situation analysis is performed through edge-side large language model (LLM), which guides the end-side small language model (SLM) to generate high-fidelity honeypot strategies. The model fingerprints, threat capture summaries and strategy contributions are recorded through consortium blockchains to build an auditable and incentivized proactive defense ecosystem.

Benefits of technology

It enables cross-network coordinated threat capture, improves threat capture efficiency and strategy adaptability, reduces incentive costs, suppresses low-quality contributions and free-riding behavior, and increases attack session duration and interaction depth.

✦ Generated by Eureka AI based on patent content.

Smart Images

  • Figure CN122160087A_ABST
    Figure CN122160087A_ABST
Patent Text Reader

Abstract

The application discloses a kind of alliance chain assisted size model coordination SAGVN threat decoy method, steps include: first, edge side LLM is packaged by MCP multi-source knowledge, is associated with air, space, ground three-layer network threat semantics, models whole network security posture, and dynamically generates, releases cross-layer decoy task.Subsequently, under the guidance of LLM high layer perception result, air space ground side SLM generates high fidelity, with cooperativity and individualized honeypot strategy locally.Captured threat is standardized and stored in retrieval enhanced generation knowledge base after processing.Threat score and abstract are written into alliance chain after being verified by prophet, to drive reputation update and task state evolution.Finally, a closed-loop incentive model is developed, and on-chain auditable records are used to trace the capturer and his collaborators of the threat, as the basis for reward distribution.The application improves the capture effect of cross-network attacks under SAGVN.
Need to check novelty before this filing date? Find Prior Art

Description

Technical Field

[0001] This invention relates to the field of network security technology, specifically a consortium blockchain-assisted method for large and small model collaborative air-space-ground integrated vehicle-to-everything (SAGVN) threat trapping. Background Technology

[0002] The Internet of Vehicles (IoV) is a product of the deep integration of information and communication technology and intelligent transportation system. Under the architecture of Space-Air-Ground Integrated Vehicular Networks (SAGVN), vehicles access the network through multi-source heterogeneous communication methods, including Low Earth Orbit (LEO) communication, Unmanned Aerial Vehicles (UAV) relay communication and terrestrial 5G-V2X (Vehicle To Everything) network, thereby achieving true ubiquitous interconnection and seamless coverage [1]. Compared with traditional terrestrial networks, SAGVN has high openness, heterogeneity and dynamism. Its open communication interface makes it vulnerable to multi-dimensional attacks such as signal spoofing, denial of service, man-in-the-middle attacks, and malicious code injection [2]. In addition, the heterogeneity of protocols, functions and operating environments across network layers can be used by attackers to launch coordinated attacks. For example, after compromising a vehicle network, attackers may exploit configuration or synchronization mechanisms to penetrate sensitive data across satellite / user terminals [3][4], while vulnerabilities in vehicle modules can be abused to achieve remote code execution and hijack vehicles or ground base stations [5][6]. These attacks are characterized by covert execution, strategic coordination, and evolving paths, posing a significant challenge to traditional defenses based on static rules [7] or features [8].

[0003] Honeypots[9] are a proactive defense technology that uses a simulated environment that is highly similar to the real system environment to lure potential attackers to attack, thereby capturing attack behavior and tracing the source of threats. In existing research, honeypots are mostly deployed in static environments such as enterprise boundary networks or data centers, and low-interaction or high-interaction simulation strategies are used to record attack behavior

[10] . This type of trapping mechanism relies on predefined static response content and lacks adaptability and cross-network linkage. SAGVN has a multi-dimensional attack surface including sensors, V2X communication modules and in-vehicle communication protocols

[11] . They are directly or indirectly coupled. Once an exploitable vulnerability is breached in a certain network, existing attack experience will be transferred to other networks to try similar attacks. For example, when weak passwords and scanning attacks against vehicles are detected, the system can use this as a reference to guide drones and LEO satellites to deploy corresponding honeypot strategies in advance. Nevertheless, the prerequisite for this collaborative defense is to accurately judge the network security situation and attack propagation path.

[0004] Large Language Model (LLM) can process complex situational information and integrate heterogeneous data from multiple sources, providing effective support for situational analysis and solution generation

[12] . With the help of retrieval-enhanced generation

[13] and contextual reasoning

[14] , LLM has great potential in understanding network security situation and mining cross-network attack correlations. However, the resources of LEO satellites / drones / vehicles are limited, making it difficult to support the input and real-time reasoning of LLM

[14]

[15] . In this regard, Slam Language Model (SLM)

[44] is lightweight and flexible in deployment, making it suitable for deployment on the edge and enabling the generation of honeypot strategies. It can be seen that the collaboration of large and small models is a promising threat capture and situational awareness enabling technology: LLM acts as an analyst to guide SLM on LEO satellites / drones / vehicles to adaptively generate linked and deceptive honeypot content; the threat data captured and refined by SLM can be used to update the knowledge and prompts of LLM, strengthening its security situational analysis.

[0005] 1.1 Challenges and Related Work

[0006] Despite the enormous potential of large and small model collaboration, designing a secure and highly available architecture to support coordinated attack trapping in heterogeneous and distributed SAGVN environments still presents some challenging problems:

[0007] 1) Closed-loop collaboration between large and small models. Cross-network threat trapping under SAGVN requires global security situation analysis and local personalized honeypot strategies, which are interdependent. Liu et al.

[17] proposed a distributed retrieval-augmented generation mechanism for device-cloud collaboration. Speculative aggregation algorithms are used to fuse edge-cloud knowledge to support cross-domain threat fusion and reasoning under heterogeneous networks. The MoRSE framework

[18] is a retrieval-augmented generation (RAG) framework for network security. It relies on parallel RAG retrieval to access non-parametric, constantly updated security knowledge bases. Sun et al.

[43] introduced security purification signatures on this basis. The cloud LLM is encapsulated as a san-crafted model that is "unavailable on the edge and recoverable on the end". After the base station completes batch authentication, CR-values ​​are injected into the terminal TEE to realize collaborative reasoning and secure delivery under 6G MEC network. Existing cloud-edge-end model collaboration mainly focuses on single-layer and static scenarios, which are difficult to support cross-domain joint trapping under SAGVN.

[0008] 2) The linkage generated by air-space-ground trapping. For cross-network composite attacks, honeypots must have the ability to link across nodes / networks, but most existing solutions adopt a node / network-centric design. Pauna et al.

[19] used reinforcement learning (RL) to observe the attacker's interaction and output the trapping strategy, allowing the honeypot to actively adjust the trapping behavior. HoneyIoT

[37] is a honeypot RL-assisted for Internet of Things (IoT) environments, which optimizes the response by learning real attack trajectories. Siniosoglou

[20] used a pre-trained deep neural network module to simulate real pcap traffic and integrated it into the Conpot honeypot to enhance interactivity and realism. Otal

[21] et al. guided a large language model to generate high-fidelity shell interaction responses through the Prompt project, thereby constructing a highly interactive honeypot environment and improving the trapping effect. Based on the generative artificial intelligence (AI-Generated Content, AIGC) external network honeypot framework

[16] . The crawled website features are generated into honeypots with "hook" features in the form of Prompt. In reference

[38] , GraphRAG

[40] was used to retrieve hierarchical semantics from knowledge graphs to drive LLM to dynamically generate high-fidelity responses. These schemes, due to their lack of interconnectivity, cannot cope with compound attacks under SAGVN.

[0009] 3) Differentiated incentives for joint trapping. In joint trapping, nodes act as both honeypot strategy providers and threat hunters, making it difficult to unify the fairness and quantifiability of reward distribution. Under the vehicle threat sharing framework proposed by He et al.

[22] , a two-stage dynamic contract incentive mechanism was designed to dynamically match the privacy preferences of vehicles, thereby continuously stimulating their enthusiasm for participating in threat sharing. For drone collaborative defense, Wang et al.

[23] proposed an incentive mechanism based on contract theory and RL. In the case of information asymmetry, the strategy hill climbing algorithm is used to achieve fair and efficient benefit distribution. Li et al.

[24] proposed a blockchain-based crowdsourcing framework, in which reputation evaluation mechanism and Shapley value are used to alleviate malicious evaluation and incentive unfairness. Wu et al.

[25] introduced reputation and contract theory into reward distribution to ensure the continuous contribution of high-quality nodes and fair distribution of rewards. Wu et al.

[39] proposed an AIGC incentive that integrates accuracy, token quantity and timeliness. A user-service provider game model was constructed to empower personalized services and on-demand resource allocation in heterogeneous environments. Nevertheless, few incentive schemes have been proposed for end-to-end threat capture. Summary of the Invention

[0010] To address the aforementioned challenges and limitations, this invention proposes a large-scale model security collaboration framework for SAGVN threat trapping, aiming to build a secure and reliable proactive defense ecosystem that links heterogeneous nodes / networks.

[0011] This invention presents a consortium blockchain-assisted SAGVN threat trapping method that integrates large and small model (LLM-SLM) collaboration with trusted consortium blockchain cooperation into the SAGVN threat trapping scenario, constructing a proactive defense paradigm that supports cross-network linkage, is auditable, and incentivized. Through policy atomic modeling and a task orchestration mechanism driven by the Model Context Protocol (MCP), a method is built to support the reuse of trapping knowledge across different network layers. The consortium blockchain records model fingerprints, threat capture summaries, and policy contributions; the contribution relationships between trappers and collaborators are characterized in joint trapping.

[0012] Experimental results show that the edge-side small language model (SLM) can stably generate high-fidelity honeypot interactive content after efficient parameter fine-tuning. The linked trapping strategy outperforms the non-linked and static strategies in terms of attack session duration, interaction depth, and threat capture quantity. Meanwhile, the closed-loop incentive mechanism of this invention achieves higher threat capture benefits under the same reward budget and suppresses low-quality contributions and free-riding behavior.

[0013] The large and small model security collaboration framework of this invention adopts a loosely coupled modular design in model selection, honeypot construction and consortium blockchain support. It does not rely on specific network topology or hardware capability assumptions, so it has high replicability and can be extended to active security scenarios such as vehicle network threat sharing, drone swarm defense and other heterogeneous edge networks.

[0014] This invention mainly includes three contributions:

[0015] (1) Parallel Air-Ground-Air Consortium Chain Framework. An autonomous consortium system is formed by edge-side LLMs (acting as security situation analysts) and end-side SLMs (acting as honeypot policy generators), with the ground, air, and air chains operating in parallel and managed uniformly by smart contracts. Edge-side LLMs access policy atoms in the security knowledge base using the Model Context Protocol (MCP) to synthesize trapping tasks. These policy atom indices and task attribute parameters are written to the corresponding chains. End-side SLMs support on-demand fine-tuning. The fine-tuned model fingerprint is stored on the chain to ensure the verifiability of model distribution and end-user deployment.

[0016] (2) Active defense through collaboration between large and small models. Nodes on different network layers receive tasks on their corresponding chains. Referring to the security situation analysis results from LLM, SLMs on vehicles, drones, and LEO satellites generate honeypot strategies in a coordinated and prior manner. The captured threat summaries are normalized and written into the knowledge base, and the capture proof is recorded on the corresponding chain to ensure the authenticity and traceability of the trapping process.

[0017] (3) Closed-loop incentive for size-oriented models. The incentive method considers the contributions of both the capturer and the collaborator to the joint trapping. Once the threat submitted by the capturer is verified, the adopted policy atomic index will be used to trace the policy provider (i.e., the collaborator). Under this incentive, task issuance, policy contribution, and threat capture form a closed loop, driving the continuous optimization of the honeypot strategy.

[0018] This invention uses the fisco-bcos (https: / / fisco-bcos-documentation.readthedocs.io / zh-cn / latest / ) and Beelzebub (https: / / docs.beelzebub.ai / ) systems to build a SAGVN threat trapping simulation platform, focusing on simulating cross-network attack trapping and secure interaction between large and small models for SAGVN. Experimental results demonstrate that, compared with honeypot strategies (based on AIGC and rules) and benchmark methods (node-centric, Shapley value-based), the framework proposed in this invention exhibits high efficiency and flexibility, capturing more attacks with lower incentive costs. Attached Figure Description

[0019] Figure 1 This represents a secure collaborative architecture for large and small models;

[0020] Figure 2 This indicates the generation of the trapping task;

[0021] Figure 3 This example illustrates the fine-tuning, updating, and evidence storage of the vehicle-mounted SLM.

[0022] Figure 4 This represents the workflow for collaborative trapping using both large and small models.

[0023] Figures 5(a) and 5(b) respectively show the Prompt orchestration on SLM, where:

[0024] Figure 5(a) shows the strategy atoms for the trapping task.

[0025] Figure 5(b) shows the Propmt update;

[0026] Figure 6 This indicates the evidence collection and incentive workflow for coordinated trapping.

[0027] Figures 7(a) and 7(b) show the performance comparison of different base stations in the SSH honeypot generation task, respectively.

[0028] Figure 7(a) shows the performance before fine-tuning.

[0029] Figure 7(b) shows the performance after fine-tuning;

[0030] Figures 8(a) and 8(b) respectively show the performance analysis of four honeypot strategies, where:

[0031] Figure 8(a) shows the number of times the honeypot was detected.

[0032] Figure 8(b) shows the average interaction time of honeypots;

[0033] Figures 9(a) to 9(c) show the changes in reputation value and reward over rounds, respectively.

[0034] Figure 9 (a) Credit Changes

[0035] Figure 9 (b) shows the changes in rewards.

[0036] Figure 9 (c) Cumulative reward value;

[0037] Figure 10 This indicates the difference in rewards for different trapping tasks;

[0038] Figure 11(a) to Figure 1 1 (d) represents the average transaction time for each of the four phases, where:

[0039] Figure 11(a) shows the task release phase.

[0040] Figure 11 (b) Task acceptance phase,

[0041] Figure 11 (c) Node evidence storage stage,

[0042] Figure 11 (d) Reward settlement stage. Detailed Implementation

[0043] The present invention will be further described below with reference to the accompanying drawings and specific embodiments.

[0044] 1. Overview

[0045] The SAGVN (Super-Aero-Vehicle Connectivity) system, integrating air, space, and ground networks, exhibits high openness and cross-domain interconnectivity, but it also reveals significant vulnerabilities, particularly when facing combined cross / node network attacks. To address this, this invention proposes a consortium blockchain-assisted large-scale model security collaborative trapping mechanism to improve the capture effect of cross-network attacks in SAGVN.

[0046] First, the edge-side Large Language Model (LLM) uses multi-source knowledge encapsulated based on the Model Context Protocol (MCP) to associate the semantics of network threats in the air, space, and ground layers, model the overall network security situation, and dynamically generate and release cross-layer trapping tasks.

[0047] Subsequently, guided by the results of the LLM high-level perception, the Small Language Model (SLM) on the space-air-ground edge generates high-fidelity honeypot strategies locally, combining collaboration and personalization. Captured threats are standardized and stored in a retrieval-enhanced knowledge base. Threat scores and summaries are verified by an oracle and written to the consortium blockchain to drive reputation updates and task state evolution.

[0048] Finally, a closed-loop incentive model was developed, in which auditable on-chain records were used to trace the threat hunters and their collaborators as the basis for reward distribution.

[0049] In the experiment, a consortium blockchain-driven threat trapping simulation platform was built, and a method based on generative artificial intelligence (AI-Generated Content, AIGC) and rules was selected as the benchmark. The results show that, under the same type of attack (same number of threats captured), the proposed method captures more threats (incentive cost) than the benchmark method.

[0050] The main variables and symbols used later are summarized in Table 1.

[0051] Table 1: Definitions of Main Variables and Symbols

[0052]

[0053] 2. A secure collaboration framework based on consortium blockchains

[0054] Figure 1 This paper demonstrates the constructed consortium blockchain-assisted large-scale model (SAGVN) collaborative framework. Nodes in SAGVN must register on the chain to obtain a unique blockchain address and associate it with reputation and incentive accounts, providing foundational support for subsequent trusted collaboration, malicious behavior accountability, and incentive allocation. This invention designs a parallel chain architecture comprising a ground chain, an empty chain, and a sky chain. Edge-side LLMs acting as security situation analysts and end-side SLMs generating honeypot strategies are incorporated into this framework. Each chain independently manages the node addresses, reputation data, and task completion status of its corresponding network layer, and achieves cross-layer collaboration between trapping tasks and threat information through cross-chain smart contracts. From a functional perspective, the proposed trapping system is abstracted as follows:

[0055] Perception Layer: Edge-side LLMs access the off-chain knowledge base with the help of MCP, analyze the overall security situation, and issue trapping tasks to the air, space, and ground chains.

[0056] Honeypot Layer: LEO / Drone / Vehicle performing the trapping mission. During the trapping process, referencing hints from LLMs, SLM drives vehicle, drone, and spaceborne honeypots to generate trapping schemes. The hash value of the threat data is submitted to the contract layer, while the threat data itself is stored in a knowledge base.

[0057] Contract Layer: Smart contracts are pre-deployed in the consortium blockchain ledger, uniformly constraining the processes of trapping task matching, threat data assessment, and reward allocation. Upon completion of the task, the execution result is packaged into a block and submitted to the consensus layer for confirmation, and then synchronized to other sub-chains via cross-chain mechanisms.

[0058] Consensus Layer: Base stations with high security assessment values ​​are selected as central consensus layer nodes. Operating as a distributed blockchain with the assistance of smart contracts, it evaluates the execution results of the contract layer and records the threat data hash, node reputation, and task summary from the results on the corresponding air, sky, and ground chains.

[0059] 2.1 Security Situation Analysis Driven by LLM

[0060] The LLM's knowledge base aggregates threat summaries certified by smart contracts from three layers of networks: air, space, and ground. The MCP interface is used to access the local knowledge base and third-party security knowledge sources. Edge-side LLMs leverage the MCP to access the knowledge base, enabling global threat situational awareness across air, space, and ground networks and adaptive orchestration of trapping tasks. The generation, matching, and execution status of tasks (timestamps and verification results, etc.) are recorded on the corresponding blockchain. To enable LLMs to systematically model and reuse trapping knowledge, this section abstracts the trapping-related knowledge organization in the knowledge base as follows:

[0061] Policy Atom: The smallest unit in the knowledge base used to describe a single vulnerability characteristic, attack inducement, or trap trigger condition, such as "the target area has an exploitable privilege bypass vulnerability" or "the system contains a hard-coded key that can be abused".

[0062] Honeypot strategy: Based on threat category, multiple semantically related Policy-like atoms are combined to form a honeypot policy. This policy is then input as a Prompt into the edge SLM to generate a trapping scheme for a specific threat.

[0063] The trapping scheme (corresponding to the output of SLM): The trapping scheme is given in a structured or semi-structured form, which clarifies the trapping process, interaction steps and key parameters, and is further parsed into configuration instructions and interaction templates that the honeypot can recognize.

[0064] To facilitate understanding of the interconnectedness of the trapping task, this invention provides an example, for reference... Figure 2 .

[0065] Figure 2 On the left is a threat instance captured by a vehicle-mounted honeypot, with its summary recorded on the ground chain; Figure 2 The right side shows multiple trapping tasks generated by the LLM based on this. Let... This represents a normalized description of threat instances retrieved via MCP using LLM. Based on... LLM will Threat events and threat categories Associate and retrieve the corresponding set of strategy atoms. .Depend on Each policy atom in the index and its semantic description Correlation. The correlation function registered by LLM through MCP. To evaluate and description of each atom The semantic alignment between them aims to reuse honeypot strategies to characterize threat instances. This correlation score characterizes the policy atom. capture The degree of matching of the required honeypot strategy is determined and used as the basis for subsequent strategy selection and optimization. Given a relevance score, a binary activation variable is used. To instantiate threat categories The honeypot strategy, the formula is as follows:

[0066] (1)

[0067] let The optimal solution represents (1), and the resulting honeypot strategy is: . It is further structured into a trapping task description form and distributed to each subchain to guide the SLM on different networks such as air, space, and ground to generate coordinated trapping schemes.

[0068] 2.2 Security Fine-tuning of SLM

[0069] Taking a vehicle as an example, the vehicle-mounted honeypot system consists of four modules: 1) a parameter configuration module, used to preset static decoys and connect to LLM; 2) a network interface module, simulating the vehicle network communication stack (such as 5G, OBD-II), and opening simulation service ports to reproduce the real attack surface; 3) a protocol simulation module, which, together with the log recording module, generates protocol simulation logic according to the configuration, responds to attack interactions, and records key attack behaviors; and 4) a blockchain module, which realizes secure interaction between the vehicle-mounted honeypot system and the blockchain infrastructure through the vehicle-mounted blockchain communication gateway. It also relies on HSM or TEE to ensure key security and node authentication.

[0070] SLM needs to be fine-tuned as needed to adapt to threat evolution. Figure 3 The process of fine-tuning, updating, and storing evidence for the vehicle-mounted SLM was demonstrated.

[0071] and This constitutes a pair of inputs and desired outputs for the model. Let... This represents a set of threat categories. The corpus for fine-tuning SLM was formed and used to fine-tune SLM in the form of multi-turn question and answer. Low-rank adaptation (LoRA)

[26] was used to implement parameter-efficient fine-tuning (PEFT). The initial parameters of SLM Fine-tuned and updated to

[0072] (2)

[0073] To ensure the credibility of the source and facilitate version auditing, the fine-tuned model fingerprint... The update time and version number are recorded on the blockchain. The Merkle hashing mechanism is used to verify the integrity of the SLM's origin. End-side nodes can verify the source credibility of the fine-tuned model by calculating the critical path hash (root hash) in the blockchain.

[0074] 3. Honeypot generation strategy based on collaboration between large and small models

[0075] Figure 4 To establish a collaborative trapping workflow for large and small models on a consortium blockchain, covering task distribution and strategy generation, the specific details are described in 3.1 and 3.2.

[0076] 3.1 LLM-based trapping task orchestration

[0077] Edge-side LLM analyzes the overall network security posture and issues trapping missions to ground, air, and space chains. This is a collection of capture tasks of type c. In the initial stage, the tasks... Storage address in the knowledge base ,expiration date Reputation threshold and incentive budget It is registered on the corresponding chain. Node After successful on-chain registration, the key pair and account address It was returned.

[0078] make To accept the mission The set of nodes and their on-chain addresses are represented as follows: It was stored in a file about the task. In the queue. The corresponding honeypot strategy. Will be assigned to node Regarding the task The on-chain metadata is ,in Indicates the task status. ( The ) indicates a matchable (locked) state. The matching process for on-chain tasks includes:

[0079] 1) Task Issuance: Task Private Key Decomposed into subkeys by secret sharing mechanism

[27] and was assigned Includes all nodes. After publishing, it will be linked to the task. Associated on-chain contract address The set of capturer threat scores and the activation function are initialized on the chain (see [link]). Figure 4 Step ①);

[0080] 2) Task Acceptance: Task status is queried All tasks can be selected. The corresponding acceptance proof is submitted to the contract;

[0081] 3) Contract verification: Node Registration information and reputation score The inspection (see) Figure 4 Step ③). When , Updated to And account deposit Locked. and It is returned via a secure channel after being encrypted (see...) Figure 4 Step 4).

[0082] 3.2 Generation of SLM-based Trapping Schemes

[0083] This section designs a trap generation strategy based on SLM.

[0084] The default Prompt template includes placeholder fields such as "Attack Topic" and "Exploitable Vulnerabilities." These placeholder fields are dynamically replaced by the honeypot strategy used by the node, thereby driving SLM to output a trapping scheme that conforms to the current environment (see...). Figure 4 Step ⑤). Taking the Web API interface honeypot in Figures 5(a) and 5(b) as an example, the node Strategy Atoms Used It includes content such as "API permission bypass" (see the purple highlighted content in Figure 5(a)) and "JWT forgery, token replay, etc." (see the green highlighted content in Figure 5(a)). The placeholder fields of the original Prompt have been replaced. of Update to the green and blue content of Figure 5(b).

[0085] Prompts must consider honeypot type and clearly define boundary identities, following these principles:

[0086] Structure alignment: Honeypot policies composed of policy atoms should be explicitly embedded in structured Prompt reserved fields to guide SLM outputs in response that conforms to the current environment;

[0087] Attack chain alignment: Honeypot strategies should not be vague or generalized; they need to be aligned with the honeypot strategy after LLM situational analysis. Consistent constraints should be maintained to avoid generic or context-insensitive behavior;

[0088] Prompt features: The prompt should include attractive "hook features" to attackers, guiding them to trigger more malicious behavior or expose attack patterns;

[0089] Boundary control: The output of SLM needs to be strictly controlled so that it only presents the expected response of the honeypot and avoids generating additional interpretive or inferential language to prevent the honeypot's identity from being exposed or the trapping strategy from failing.

[0090] In response to an attacker's request, SLM returns HTTP responses that conform to the protocol. These responses simulate successful execution by conveying an accepted status, but do not contain diagnostics or execution details, thus creating the illusion that the command has been confirmed and maintaining the stealth of the honeypot.

[0091] 4. Evidence collection and incentives for coordinated trapping

[0092] Regarding threat capture, this section designs a trustworthy scoring and reward allocation workflow (see...). Figure 6 It includes the following three stages:

[0093] 1) Threat Submission and Evidence Storage: The threat summary submitted by the trapper is preprocessed and vectorized before being injected into the knowledge base, and the corresponding trapping proof is submitted to the smart contract to prove the completion of the task;

[0094] 2) Threat scoring: The oracle

[41] connects to the consortium blockchain via a smart contract. The threat score of the LLM arbitrator is verified and recorded on the blockchain, driving the update of reputation and the distribution of rewards. Threat data is used to enhance the policy atoms of the knowledge base;

[0095] 3) Reward distribution: Based on the strategy atomic index used by the capturer, the smart contract traces back to the collaborator through the on-chain identity registry and distributes the reward.

[0096] 4.1 Threat Detection and Evidence Preservation

[0097] once node When suspicious or malicious behavior is successfully detected, the corresponding threat digest is sent to the subkey. Encryption is performed and stored in a knowledge base. The corresponding capture proof is recorded on the blockchain. Specifically, nodes... Calculate the captured threat data The hash, using the task's subkey. Encrypt it and use a private key Sign the obtained ciphertext hash. Record the timestamp of the signature as . The capture proof, consisting of the signature result, signature time, and node public key, is formalized as follows: .

[0098] During the verification phase, if ,and Then the node is considered Submitted Valid; the corresponding task is complete. After successful verification... Recorded as a task Its effective contribution. (This is followed by an unrelated phrase: "Let") This represents the minimum number of participating nodes required for the security task to be completed. If , It was rebuilt via secret recovery and sent to Oracle for threat scoring.

[0099] address The corresponding threat summary is input into the LLM. By parsing and normalizing the threat semantic features, the LLM integrates the execution effects and feedback logs of historical policy atoms (see...). Figure 1(Each policy atom is linked to a ground list) to generate new policy atoms that match it, or to enhance existing policy atoms. These updates constitute measurable knowledge gains and determine the marginal contribution of capture to the defense system.

[0100] 4.2 Explainable Threat Score

[0101] This section designs a threat scoring mechanism that focuses on the knowledge gain and policy coverage of threat summaries for overall defense.

[0102] make Regarding the mission The set of threat hunters. For the hunters The submitted threats are parsed and mapped by the LLM. One or more policy atoms in the array. Let the capturer... Contribution strategy atoms The description is The feature mapping between the strategy and the samples is denoted as... .for The present invention retrieves its based on cosine similarity

[28] . The nearest neighbors .Depend on The knowledge benefits brought are defined as

[0103] (3)

[0104] in, Represents cosine similarity. ( () indicates high (low) similarity, capturer The resulting increase in knowledge is low (high). Finally, The pre-trained language model BERT

[45] is embedded as a 768-dimensional normalized vector and injected into the Milvus

[29] knowledge base. Weight coefficients Used to quantify sources from the ground ( ), in the air ( ) and satellite ( Threat levels. Regarding the capturer. Contribution strategy atoms The threat score is

[0105] (4)

[0106] Its range is [0,1]. If the knowledge base does not cover... If the threat is considered a new situation, then the maximum score will be assigned to it. .

[0107] 4.3 Reward Allocation for Role Perception

[0108] Threat scores in LLM are used for the fair distribution of rewards, and nodes participating in joint trapping are divided into trappers and collaborators. The former, as direct contributors, identify and trap threats; the latter, as indirect contributors, provide the policy atoms needed to execute the trapping. This section constructs a closed-loop incentive model to unlock the potential for collaboration.

[0109] The reward allocation process is described as Algorithm 1, which includes the following three steps:

[0110] 1) Reward weight calculation. Regarding... The minimum acceptable threat fraction of a medium atom is expressed as lower than It will be discarded, and the corresponding node account will have its deposit deducted. (See line 7 of Algorithm 1). Valid threat (i.e. Its capturer Strategies used Called by smart contract Locate the collaborator set on the corresponding chain. (See line 13 of Algorithm 1). Capturer Regarding the task The reward weight was set to

[0111] (5)

[0112] in, To contribute marginal knowledge to the capture of threats, For the capturer Historical credibility. Used to adjust the weight of historical reputation in this task.

[0113] 2) Capturer Reward Distribution. Under the linkage strategy, the capturer... The reward is allocated as follows (see line 22 of Algorithm 1).

[0114] (6)

[0115] Capturer corresponding Updated to

[0116] (8)

[0117] in, For the growth rate of reputation, As a penalty item, This is the coefficient for the penalty term. If... , You will be promoted. If the value falls below the threshold, a penalty is triggered.

[0118] 3) Collaborator reward distribution. Collaborators The additional reward allocated is (see line 26 of Algorithm 1).

[0119] (7)

[0120] in, This represents the reward percentage for collaborators. After reward settlement is completed on-chain, the summary of the task execution results for vehicle-mounted, airborne, and spaceborne honeypots is confirmed and written to the corresponding hierarchical ledger, ensuring node privacy and transparent storage.

[0121]

[0122] As threats are continuously captured, the policy atoms in the knowledge base are constantly expanded and enhanced. Benefiting from this, the decision space, context awareness, and threat matching capabilities of LLM, as well as its guidance for generating trapping strategies in SLM, are continuously improved. Therefore, this section, together with Section 3, constructs a closed-loop optimization covering task matching, trapping strategy generation, threat capture, and reward allocation, achieving continuous improvement of honeypot strategies.

[0123] 5. Experimental Preparation

[0124] 5.1 Heterogeneous Honeypot Environment Configuration

[0125] This experiment uses the fisco-bcos consortium blockchain to build a SAGVN honeypot experiment. In each time slot, the edge LLM publishes 10 types of trapping tasks on an empty chain, an aerial chain, or a ground chain, with a total reward of 20 per round. To closely resemble the resource-constrained edge environment, this experiment does not configure a high-interaction honeypot, but instead chooses the lightweight low / medium interaction honeypot Beelzebub. This framework simulates services such as SSH, TCP, and HTTP at the service layer. The vehicle-mounted, airborne, and spaceborne honeypots and their corresponding SLMs are all containerized using Docker, encapsulating and simulating ground, air, and space computing environments. Default simulation parameter settings are listed in Table 2.

[0126] Table 2 Simulation Parameter Settings

[0127]

[0128] Vehicles were targeted with weak password traps (low-privilege decoy accounts were set up in / etc / passwd with simple passwords). Sensitive information theft traps were triggered upon successful attacker login (forged configuration files or database connection strings were deployed under / home / ). Drones and satellite nodes at the air and satellite network layers were deployed with forged business processes (such as nginx_process and mysql_process) to lure attackers into exploiting vulnerabilities and performing lateral movement.

[0129] 5.2 Selection and Fine-tuning of LLM and SLM

[0130] Llama3-70B was selected as the base for edge LLL. The retrieval enhancement generation

[13] knowledge base, as an add-on to the LLM, covers typical threats such as weak passwords, service vulnerabilities, permission bypass, man-in-the-middle, tunnel penetration and backdoor persistence and their corresponding honeypot strategies. The knowledge base query is encapsulated as an MCP interface for asynchronous calls by the LLM. The LlamaFactory

[30] toolset and LoRA were used to fine-tune the SLM. During fine-tuning, the dropout rate was 0.01, the fine-tuning rounds were 3 epochs, and the learning rate was The warm-up ratio was 0.03. A dataset covering various Linux interactive command scenarios (https: / / huggingface.co / datasets / hotal / honeypot_logs.) was used for experimental evaluation, in which 452 commands were selected and transformed into multi-turn dialogues.

[0131] Traditional machine translation metrics (such as BLEU

[31] , ROUGE

[32] ) rely on strict The current matching method is unsuitable for simulating honeypots. Therefore, this experiment introduces four complementary similarity metrics, taking into account character-level accuracy, lexical coverage, and semantic consistency, to evaluate the difference between the SLM output and the expected response:

[0132] Jaro-Winkler similarity

[21] : This metric gives a weighted reward to common prefixes based on Jaro similarity, and combines character count, transposition (character order difference) and prefix consistency, accurately distinguishing fine-grained spelling, transposition and symbol differences between SLM response and expected output in command echo.

[0133] BoW cosine similarity

[33] : Based on the bag-of-words model, the occurrence of words is statistically analyzed, and the cosine similarity is used to measure the similarity of word sets, ignoring the influence of word order. This indicator can reflect whether the output of SLM has basic deceptive effectiveness at the information level.

[0134] TF-IDF cosine similarity

[33] : Based on BoW, it introduces word frequency-inverse document frequency weight, which can reduce the interference of common meaningless words and thus more accurately evaluate the matching degree of the predicted response at the keyword level.

[0135] MiniLM semantic similarity

[33] : It uses the lightweight sentence vector model of Transformer to calculate the embedded representation of the prediction and the reference text, which makes up for the shortcomings of surface word matching and better characterizes the semantic similarity between the output and the expectation of SLM.

[0136] 5.3 Benchmark Methods and Ablation Assessment

[0137] AIGC-based and rule-based methods were selected as benchmarks, as shown in Table 3, for comprehensive comparison. Baseline-1 is a Cowire static honeypot used to simulate passive capture. Baseline-2 and Baseline-3 are both honeypots with certain interactive capabilities. The former integrates a data quality-aware incentive mechanism

[42] , while the latter relies on reward allocation based on Shapley values ​​

[24] . In order to observe the impact of different strategies and configurations on overall performance, this experiment performs ablation classification on the proposed framework, as shown in Table 4. The differences between Proposed-1 and Proposed-4 are reflected in the selection of SLM base and parameter scale. Proposed-5 to Proposed-7 compare different incentive strategies and parameter configurations.

[0138] Table 3 Classification of ablation experiments

[0139]

[0140] Table 4 Ablation studies of the proposed method

[0141]

[0142] 6. Experimental Results

[0143] The performance evaluation includes four sets of experiments and one case study. The first set of experiments was used to determine the selection of the SLM. Based on this, the second and third sets analyzed the impact of honeypots and incentive strategies on threat capture, respectively. The fourth set verified the reasonableness of transaction latency under the FISCO-BCOS platform. Finally, this experiment provides a generative decoy case study to visually demonstrate the details of the proposed linked capture.

[0144] 6.1 The impact of SLM fine-tuning on honeypot performance

[0145] In the first set of experiments, SLMs with different bases / parameter values ​​were fine-tuned using 116 evaluation commands. After fine-tuning, the spelling accuracy, keyword coverage, and semantic fidelity of the model's command simulation were generally improved. Table 5 further quantifies the fine-tuning gain by comparing the performance before and after fine-tuning.

[0146] Table 5 Performance Gains After Fine-Tuning

[0147]

[0148] As shown in Figure 7(a), for the simulation task of 116 Shell instructions for SSH honeypots, the performance of the SLMs of each base without fine-tuning varies greatly, making it difficult to guarantee stable interaction of the honeypots. Due to the introduction of rich and high-quality code and system instruction data in the pre-training stage, the 8B SLM improves the reliability and stability of policy generation in the Shell instruction simulation task of SSH honeypots. Compared with 8B, the 4B SLM converges faster on small datasets, thus performing better in the word-level TF-IDF metric. As expected, after fine-tuning, as shown in Figure 7(b), Qwen-3-8B (Proposed-2) performs satisfactorily in the four metrics of Jaro-Winkler, BoW, TF-IDF, and MiniLM, especially in the semantic similarity metric MiniLM, which reaches 76.8%. In contrast, before fine-tuning, Qwen-3-4B (Proposed-1), with the smallest parameter size, generates the lowest response similarity. After fine-tuning, Proposed-1 showed the most significant performance improvement, with a 19.6% increase in TF-IDF metrics, compared to 3.61% for Proposed-2, 3.86% for Proposed-3, and 4.69% for Proposed-4. Since Proposed-2 performed best in the honeypot strategy generation task, its Qwen-3 8B platform was chosen as the SLM base for subsequent experiments.

[0149] 6.2 Impact of Honeypot Strategy on Capture Performance

[0150] The second set of experiments evaluated the capture performance under different honeypot strategies, reflected in two metrics: the number of probes and the average interaction time. The former reflects the honeypot strategy's ability to attract attackers, while the latter characterizes the attacker's persistence and engagement in the trapping environment. Both indirectly demonstrate the restraint and guidance of attack behavior under coordinated trapping, and are therefore used to measure capture performance. This experiment deployed four SSH honeypots in a public network environment, running them continuously for 24 hours, with ports 22 (SSH), 23 (Telnet), and SFTP service open.

[0151] This experiment collected 50 valid attack sessions, and the average session duration was calculated by counting the number of interaction rounds. Figure 8(a) shows the number of times honeypots with different strategy configurations were detected within 24 hours, thus measuring the trapping power of different strategies. All four honeypots were scanned within the first 16 hours. Baseline-1 returned "Command not found" when faced with attack commands outside the preset parameters. Due to a lack of effective behavior simulation capabilities, the cumulative number of captures was less than 80. Although Baseline-2 performed robustly on general tasks, its lack of knowledge specific to SSH scenarios made it easily detectable by attackers during sessions, leading to premature termination of the capture activity. Proposed-4 and Proposed-5 showed the same initial capture growth trend, surpassing the baseline around the 10th hour and exceeding 120 after 20 hours. Figure 8(b) further compares the average interaction duration of the honeypots. Both Proposed-5 and Proposed-2 successfully simulated logins in the initial SSH connection and weak password logins (four keys: "password123", "123456", "123", and "admin123"). For attacks such as sensitive file theft (sudo find, sudo cat), port forwarding (simulating connections to local databases), and sudo privilege escalation, Proposed-5, employing a linked decoy approach, can return pre-deployed high-value lures (such as database keys or forged file content) to attackers, thereby extending session duration. Compared to the non-linked Proposed-2, Proposed-5 increases the average session duration by 87.5% and the average number of interactive commands by 2.8%.

[0152] 6.3 The Impact of Incentive Strategies on Threat Capture

[0153] The third set of experiments evaluated the impact of different incentive mechanisms on capture performance. Three nodes, Proposed-5, Proposed-6, and Proposed-7, configured with different incentive parameters were extracted to simulate different incentive parameter configurations. The changes in reputation and reward after 100 rounds of experiments are shown below. Figures 9(a) to 9(b) As shown.

[0154] In Figure 9(a), the initial reputation values ​​of the three nodes are all 0.55. As the rounds progress, the reputation values ​​of Proposed-5 and Proposed-6 steadily increase, reaching 0.78 and 0.62 respectively by step 100. In contrast, the reputation value of Proposed-7 remains stable in the early stages, but the incentive parameters affect the node's reputation value level. In round 86, the reputation value of Proposed-7 drops to 0.2, and thereafter (rounds 86-100) it remains at the lowest reputation value level, unable to gain any further reputation growth. Figure 9(b) shows the rewards allocated to the nodes in each round, following the same reputation distribution trend. Proposed-7 receives almost no rewards after round 54.

[0155] Figure 9(c) compares the cumulative rewards during 100 rounds of threat trapping for nodes Proposed-5, Proposed-6, and Proposed-7. These results indicate that high... Compared to Proposed-6 and -7, Proposed-5 captured more threats and received more rewards within the same conversation duration. The proposed method can guide nodes to continuously contribute high-quality threat data.

[0156] Furthermore, the reputation values ​​of Proposed-5, Baseline-2, and Baseline-3 tend to stabilize in rounds 60-70, and therefore were used to observe the reward differences under different incentives. (See...) Figure 10 Proposed-5 outperforms both baselines in terms of reward levels. Because the knowledge base contains the most policy atoms corresponding to man-in-the-middle attacks and key / token leaks, Proposed-5 demonstrates higher policy matching and execution returns in these two types of tasks, resulting in higher rewards than other tasks. Baseline-2 and Baseline-3 do not consider the additional benefits for collaborators, failing to highlight their contributions (in providing policy atom threat warnings) and thus preventing them from receiving their due rewards. Baseline-2 does not consider the gains from node historical behavior in its reward distribution. Furthermore, node reputation values ​​have largely converged in the current experimental rounds, limiting the impact of the reputation mechanism on reward improvement; its overall reward is only slightly lower than Baseline-3. In contrast, Proposed-5 improves the average reward by 25% (23.01%) compared to Baseline-3 (Baseline-2).

[0157] 6.4 Transaction latency test on the fisco-bcos platform

[0158] The fourth group of experiments evaluated the rationality of transaction latency under the fisco-bcos platform. The consortium blockchain environment was built on the Unbuntu20.04 platform. Practical Byzantine Fault Tolerance (PBFT)

[46] was used to establish consensus. As shown in Figure 11, the average transaction times of the air, sky, and ground chains in the task release, task acceptance, node notarization, and reward settlement stages were 287.4ms, 7.8ms, 81.6ms, and 184.4ms, respectively, that is, each transaction was confirmed in about 3 or 4 block times. For the task acceptance stage that does not require writing to the smart contract, the latency difference is small (about 8.2ms). The transaction latency in the node notarization stage is affected by the fluctuation of the size of the submission threat hash. The latency of task release is positively correlated with the number of tasks, and its average transaction latency is the highest, but it is still controlled within 250-360ms. Task release and reward settlement are latency-tolerant tasks, which can tolerate confirmation latency of hundreds of milliseconds. This latency level is acceptable for offline analysis and collaborative defense scenarios; at the same time, the on-chain overhead for the online task acceptance phase (including the distribution of policy atoms) will not become a bottleneck.

[0159] 6.5 Case Analysis of Collaborative vs. Non-Collaborative Threat Capture

[0160] This section selects a scenario of collaborative deployment of vehicle-mounted and drone honeypots to present the impact of linkage on capture performance in a complete case study. This environment comprehensively addresses several high-frequency vulnerabilities, including weak SSH key management, password-based authentication, and incorrect sudo permission configurations, covering typical paths from initial intrusion attempts to multi-stage attack chains. Results show that in basic attack chains such as login and weak password attempts, both types of honeypots can maintain stable interaction and efficiently capture attackers. However, for privilege escalation and lateral movement, linked honeypots can trigger advanced responses and return deceptive forged information (such as constructing a fake private key file with the path " / home / deploy / .ssh / id_rsa"), thereby prolonging the attack session duration and increasing the probability of attack capture. In contrast, honeypots lacking linkage cannot generate sufficient contextual feedback for the aforementioned advanced commands, causing the session to terminate prematurely and failing to reveal the attacker's subsequent intentions.

[0161] Table 6 Case Analysis

[0162]

[0163] References

[0164] [1]Hang Shen, Yibo Tian, ​​Tianjing Wang, and Guangwei Bai. Slicing-Based Task Offloading in Space-Air-Ground Integrated Vehicular Networks, IEEETransactions on Mobile Computing (TMC), 2024, 23(5): 4009–4024.

[0165] [2] Xi Lailu, Lin Shenghao, Wang Zhen, et al. Safety of autonomous driving in intelligent connected vehicles: threats, attacks and protection [J]. Journal of Software, 2024, 36(4): 1859-1880.

[0166] [3]Tedeschi P, Sciancalepore S, Di Pietro R. Satellite-basedcommunications security: A survey of threats, solutions, and researchchallenges[J]. Computer Networks, 2022, 216: 109246.

[0167] [4]Checkoway S, McCoy D, Kantor B, et al. Comprehensive experimental analyzes of automotive attack surfaces[C] / / 20th USENIX security symposium(USENIX Security 11). 2011.

[0168] [5]Gong H, Hong S, Yang S, et al. Harness: Transparent and Lightweight Protection of Vehicle Control on Untrusted Android AutomotiveOperating System[C] / / 34th USENIX Security Symposium (USENIX Security 25).2025: 4265-4284.

[0169] [6]Tlili F, Fourati L C, Ayed S, et al. Investigation onvulnerabilities, threats and attacks prohibiting UAVs charging and depletingUAVs batteries: Assessments & countermeasures[J]. Ad hoc networks, 2022, 129:102805.

[0170] [7]Yang Z, Xiang Y, Liao K, et al. Research on security defense ofcoupled transportation and cyber-physical power system based on the staticBayesian game[J]. IEEE Transactions on Intelligent Transportation Systems,2022, 24(3): 3571-3583.

[0171] [8]Qin C, Chen Y, Chen K, et al. Feature fusion based adversarialexample detection against second-round adversarial attacks[J]. IEEETransactions on Artificial Intelligence, 2022, 4(5): 1029-1040.

[0172] [9]Abdelmaguid M A, Hassanein H S, Zulkernine M. Securing theUnforeseen: Enhancing VANET Security with Dynamic Honeypots and Attack RateAnalysis[J]. Vehicular Communications, 2025: 100946.

[0173]

[10] Javadpour A, Ja'fari F, Taleb T, et al. A comprehensive survey oncyber deception techniques to improve honeypot performance[J]. Computers &Security, 2024, 140: 103792.

[0174]

[11] Sedar R, Kalalas C, Vázquez-Gallego F, et al. A comprehensivesurvey of V2X cybersecurity mechanisms and future research paths[J]. IEEEOpen Journal of the Communications Society, 2023, 4: 325-391.

[0175]

[12] Wang Y, Pan Y, Su Z, et al. Large model based agents: State-of-the-art, cooperation paradigms, security and privacy, and future trends[J].IEEE Communications Surveys & Tutorials, 2025.

[0176]

[13] Fan W, Ding Y, Ning L, et al. A survey on rag meeting llms:Towards retrieval-augmented large language models[C] / / Proceedings of the 30thACM SIGKDD conference on knowledge discovery and data mining. 2024: 6491-6501.

[0177]

[14] Lee S, Sim W, Shin D, et al. Reasoning abilities of large language models: In-depth analysis on the abstraction and reasoning corpus[J]. ACM Transactions on Intelligent Systems and Technology, 2024.

[0178]

[15] He Y, Fang J, Yu FR, et al. Large language models (LLMs)inference offloading and resource allocation in cloud-edge computing: Anactive inference approach[J]. IEEE Transactions on Mobile Computing, 2024.

[0179]

[16] Wang Rui, Yang Changjiang, Deng Xiangdong, et al. Development of deception defense technology and its application in large language model [J]. Computer Research and Development, 2024, 61(05):1230-1249.

[0180]

[17] Liu S, Zheng Z, Huang X, et al. DRAGON: Enhancing On-Device ModelPerformance with Distributed Retrieval-Augmented Generation[C] / / Proceedings of the Twenty-sixth International Symposium on Theory, AlgorithmicFoundations, and Protocol Design for Mobile Networks and Mobile Computing.2025: 221-230.

[0181]

[18] Simoni M, Saracino A, P V, et al. MoRSE: Bridging the gap incybersecurity expertise with retrieval augmented generation[C] / / Proceedingsof the 40th ACM / SIGAPP Symposium on Applied Computing. 2025: 1213-1222.

[0182]

[19] Pauna A, Iacob A C, Bica I. Qrassh-a self-adaptive SSH honeypotdriven by q-learning[C] / / International Conference on Communications (COMM).IEEE, 2018: 441-446.

[0183]

[20] Siniosoglou I, Efstathopoulos G, Pliatsios D, et al. NeuralPot:An industrial honeypot implementation based on deep neural networks[C] / / IEEESymposium on Computers and Communications (ISCC). IEEE, 2020: 1-7.

[0184]

[21] Otal H T, Canbaz M A. Llm honeypot: Leveraging large languagemodels as advanced interactive honeypot systems[C] / / 2024 IEEE Conference onCommunications and Network Security . IEEE, 2024: 1-6.

[0185]

[22] He C, Wang Y, Hu J, et al. Collaborative vehicular threatsharing: A long-term contract-based incentive mechanism with privacypreservation[J]. IEEE Transactions on Intelligent Transportation Systems,2024, 25(12): 21528-21544.

[0186]

[23] Wang Y, Su Z, Benslimane A, et al. Collaborative honeypot defensein UAV networks: A learning-based game approach[J]. IEEE Transactions onInformation Forensics and Security, 2023, 19: 1963-1978.

[0187]

[24] Li C, Qu X, Guo Y. TFCrowd: A blockchain-based crowdsourcingframework with enhanced trustworthiness and fairness[J]. EURASIP Journal onWireless Communications and Networking, 2021, 2021(1): 168.

[0188]

[25] Wu H, Düdder B, Wang L, et al. Blockchain-based reliable andprivacy-aware crowdsourcing with truth and fairness assurance[J]. IEEEinternet of things journal, 2021, 9(5): 3586-3598.

[0189]

[26] Hu E J, Shen Y, Wallis P, et al. LoRA: Low-rank adaptation oflarge language models[C]. International Conference on LearningRepresentations (ICLR), 1(2):3, 2022.

[0190]

[27] Yang A, Weng J, Yang K, et al. Delegating authentication to edge:A decentralized authentication architecture for vehicular networks[J]. IEEETransactions on Intelligent Transportation Systems, 2020, 23(2): 1284-1298.

[0191]

[28] Reimers N, Gurevych I. Sentence-bert: Sentence embeddings usingsiamese bert-networks[J]. arXiv preprint arXiv:1908.10084, 2019.

[0192]

[29] Wang J, Yi X, Guo R, et al. Milvus: A purpose-built vector datamanagement system[C] / / Proceedings of the 2021 international conference onmanagement of data. 2021: 2614-2627.

[0193]

[30] Zheng Y, Zhang R, Zhang J, et al. LlamaFactory: Unified EfficientFine-Tuning of 100+ Language Models[C] / / Proceedings of the 62nd AnnualMeeting of the Association for Computational Linguistics (Volume 3: SystemDemonstrations). 2024: 400-410.

[0194]

[31] Reiter E. A structured review of the validity of BLEU[J].Computational Linguistics, 2018, 44(3): 393-401.

[0195]

[32] Lin C Y, Och F J. Looking for a few good metrics: ROUGE and itsevaluation[C] / / Ntcir workshop. 2004: 1-8.

[0196]

[33] Yang G, Sun Z, Wang Y. ShellBox: Adversarially Enhanced LLM-Interactive Honeypot Framework[J]. IEEE Access, 2025.

[0197]

[34] Qwen: A family of open-source large language models[EB / OL].https: / / huggingface.co / Qwen, 2023.

[0198]

[35] Touvron H, Martin L, Stone K, et al. Llama 2: Open foundation andfine-tuned chat models[J]. arXiv preprint arXiv:2307.09288, 2023.

[0199]

[36] Grattafiori A, Dubey A, Jauhri A, et al. The llama 3 herd ofmodels[J]. arXiv preprint arXiv:2407.21783, 2024.

[0200]

[37] Guan C, Zhang J, Cao G, et al. Learning-Based Internet of ThingsHoneypots for Cyber Deception[J]. IEEE Security & Privacy, 2025.

[0201]

[38] Chamotra S, Barbhuiya F. SAGE: An Adaptive IoT Honeypot with FSM-Driven Protocol Emulation and GraphRAG-Powered Response Generation[J]. ACMTransactions on Internet of Things, 2025.

[0202]

[39] Wu H, Xu M, Xiong Z, et al. A QoE-Driven Personalized IncentiveMechanism Design for AIGC Services in Resource-Constrained Edge Networks[J].IEEE Transactions on Mobile Computing, 2025.

[0203]

[40] Edge D, Trinh H, Cheng N, et al. From local to global: A graphrag approach to query-focused summarization[J]. arXiv preprint arXiv:2404.16130, 2024.

[0204]

[41] Breidenbach L, Cachin C, Chan B, et al. Chainlink 2.0: Next stepsin the evolution of decentralized oracle networks[J]. Chainlink Labs, 2021,1: 1-136.

[0205]

[42] Peng D, Wu F, Chen G. Data quality guided incentive mechanismdesign for crowdsensing[J]. IEEE transactions on mobile computing, 2017, 17(2): 307-319.

[0206]

[43] Xiong G, Sun Y, Liu J, et al. LoRO: Real-Time on-Device SecureInference for LLMs via TEE-Based Low Rank Obfuscation[C] / / The Thirty-ninthAnnual Conference on Neural Information Processing Systems.

[0207]

[44] Wang F, Zhang Z, Zhang X, et al. A comprehensive survey of smalllanguage models in the era of large language models: Techniques,enhancements, applications, collaboration with llms, and trustworthiness[J].ACM Transactions on Intelligent Systems and Technology, 2025, 16(6): 1-87.

[0208]

[45] Li F, Shen H, Mai J, et al. Pre-trained language model-enhancedconditional generative adversarial networks for intrusion detection[J]. Peer-to-Peer Networking and Applications, 2024, 17(1): 227-245.

[0209]

[46] Okegbile S D, Cai J, Alfa A S. Practical Byzantine faulttolerance-enhanced blockchain-enabled data sharing system: Latency and age ofdata package analysis[J]. IEEE Transactions on Mobile Computing, 2022, 23(1):737-753.

Claims

1. A consortium blockchain-assisted large-scale model collaborative SAGVN threat trapping method, in which each node registers on the blockchain to obtain a unique blockchain address and associates it with reputation and incentive accounts; Its characteristics are Construct a trapping system comprising an air chain, a sky chain, and a ground chain with a parallel chain architecture; each chain independently manages the node addresses, reputation data, and trapping task completion status of its corresponding network layer, and achieves cross-layer collaboration between trapping tasks and threat information through cross-chain smart contracts; in SAGVN, a large language model LLM is deployed on the edge side, and a small language model SLM is deployed on the air, sky, and ground sides. The functional layers of the trapping system include: Perception Layer: LLM uses the Model Context Protocol (MCP) to access the off-chain knowledge base, analyze the global security situation, and issue trapping tasks to the empty chain, the sky chain, and the ground chain; Honeypot layer: The trapping mission is carried out by LEO satellites, drones, and vehicles equipped with SLM; during the trapping process, SLM refers to the prompts from LLM to drive the vehicle, drone, and satellite honeypots to generate trapping schemes; at the same time, the hash value of the threat data is submitted to the contract layer, and the threat data is stored in the knowledge base; Contract layer: Smart contracts are pre-deployed in the consortium blockchain ledger to uniformly constrain the process of matching trapping tasks, assessing threat data, and allocating rewards; after the trapping task is completed, the execution result is packaged into a block and submitted to the consensus layer for confirmation, and synchronized to other sub-chains; Consensus Layer: Base stations with high security assessment values ​​are selected as central consensus layer nodes; with the assistance of smart contracts, it operates as a distributed blockchain, evaluates the execution results of the contract layer, and records the threat data hash, node reputation, and task summary in the results on the corresponding empty chain, sky chain, or ground chain; The trapping process includes: (i) First, the edge-side LLM uses multi-source knowledge encapsulated based on the Model Context Protocol (MCP) to associate the semantics of network threats in the air, space, and ground layers, model the overall network security situation, and dynamically generate and release cross-layer trapping tasks. (ii) Subsequently, guided by the LLM high-level perception results, the air, space, and ground-side SLMs generate honeypot strategies locally; the captured threats are standardized and stored in the knowledge base; the threat scores and threat summaries are verified by the oracle and written into the consortium blockchain to drive reputation updates and task state evolution. (iii) Finally, a closed-loop incentive is adopted, and the auditable records on the chain are used to trace the threat capturer and its collaborators as the basis for reward distribution.

2. The consortium blockchain-assisted large-scale model collaborative SAGVN threat trapping method according to claim 1, characterized in that: The knowledge organization forms related to trapping in the knowledge base include: Policy Atom: The smallest unit in the knowledge base, used to describe a single vulnerability characteristic, attack inducement, or trap trigger condition; Honeypot strategy: Based on threat category c, multiple semantically related The policy atoms are combined to form a honeypot policy; it is used as a Prompt input to the end-side SLM to generate a trapping scheme for a specific threat. Trapping Scheme: The trapping scheme is given in a structured or semi-structured form, which clarifies the trapping process, interaction steps and key parameters, and is further parsed into configuration instructions and interaction templates that the honeypot can recognize; The honeypot system comprises four modules, namely: Parameter configuration module: used to preset static decoys and connect to LLM; Network interface module: simulates the communication stack, and exposes simulated service ports to recreate the real attack surface; Protocol simulation: The logging module generates protocol simulation logic based on the configuration, responds to attack interactions, and records key attack behaviors; Blockchain module: Enables secure interaction between the vehicle-mounted honeypot system and the blockchain infrastructure through vehicle, machine, and spaceborne blockchain communication gateway; and relies on hardware security modules or trusted execution environments to ensure key security and node authentication.

3. The consortium blockchain-assisted large-scale model collaborative SAGVN threat trapping method according to claim 2, characterized in that: Step (one) includes: 1.1) Security Situation Analysis Driven by LLM LLM's knowledge base aggregates threat summaries certified by smart contracts from three layers of networks: air, space, and ground. LLM uses MCP to access the knowledge base to achieve global threat situation awareness and adaptive orchestration of trapping tasks across air, space, and ground networks. The generation, matching, and execution status of trapping tasks are recorded on the corresponding blockchain. set up This represents a normalized description of threat instances retrieved via MCP using LLM; based on LLM will Threat events and threat categories Associate and retrieve the corresponding set of strategy atoms. ;Depend on Each policy atom in the index and its semantic description Correlation; LLM's correlation function registered via MCP To evaluate and each strategy atomic description Semantic alignment between them; the resulting relevance scores characterize policy atoms. capture The degree of matching of the required honeypot strategy will serve as the basis for subsequent strategy selection and optimization. Given a correlation score, a binary activation variable is used. To instantiate threat categories The honeypot strategy, the formula is as follows: (1) let The optimal solution of equation (1) is obtained, and the resulting honeypot strategy is: ; It is further structured into a trapping task description form and distributed to each sub-chain to guide the SLM on the air, space, and ground networks to generate a coordinated trapping scheme. 1.2) SLM Security Fine-tuning The SLM is fine-tuned as needed to adapt to threat evolution; the process of SLM fine-tuning, updating, and storage is as follows: and Let the input and desired output of the model constitute a pair; Represents a set of threat categories; The fine-tuning corpus for SLM was constructed using a multi-turn question-and-answer format; Low-rank adaptive LoRA was used to implement PEFT for efficient parameter fine-tuning; the initial parameters of SLM... Fine-tuned and updated to (2) Fingerprint of the SLM model after fine-tuning The update time and version number are recorded on the corresponding empty chain, sky chain, or ground chain; The Merkle hashing mechanism is used to verify the integrity of the SLM's source; end nodes verify the source credibility of the fine-tuned SLM by calculating the critical path hash in the blockchain.

4. The consortium blockchain-assisted large-scale model collaborative SAGVN threat trapping method according to claim 2, characterized in that: In step (ii), the task distribution and strategy generation for collaborative trapping using large and small models established on the consortium blockchain include: 2.1) LLM-based trapping task orchestration Edge-side LLM analyzes the overall network security situation and issues trapping missions to ground, air, and space chains; make For a set of capture tasks of type c, the tasks Storage address in the knowledge base ,expiration date Reputation threshold and incentive budget Registered on the corresponding chain; node After successful on-chain registration, the key pair and account address Returned; make To accept the mission The set of nodes, whose on-chain addresses are represented as And it is stored in a file about the task. In the queue; the corresponding honeypot strategy Will be assigned to node Regarding the task The on-chain metadata is ,in Indicates the task status. Indicates a matchable state. Indicates a locked state; The on-chain task matching process includes: Task Release: Task Private Key Decomposed into subkeys by the secret sharing mechanism and was assigned Includes all nodes; after publication, it is related to the task. Associated on-chain contract address The catcher threat score set and activation function are initialized on the chain; Task accepted: Task status queried All tasks can be selected; the corresponding acceptance proof is submitted to the contract. Contract verification: Node Registration information and reputation score Being inspected; when , Updated to And account deposit Locked; and It is encrypted and returned via a secure channel; 2.2) Generation of SLM-based trapping schemes The placeholder fields in the preset Prompt template are dynamically replaced by the honeypot strategy used by the node, thereby driving SLM to output a trapping scheme that conforms to the current environment. Prompt, based on honeypot type and clearly defining boundary identities, follows these principles: Structure alignment: Honeypot policies composed of policy atoms should be explicitly embedded in structured Prompt reserved fields to guide SLM outputs in response that conforms to the current environment; Attack chain alignment: Honeypot strategies must align with honeypot strategies derived from LLM situational analysis. Consistent constraints should be maintained to avoid generic or context-insensitive behavior; Prompt features: The Prompt contains attractive "hook features" that entice attackers to trigger more malicious behavior or expose attack patterns; Controlling Boundaries: Controlling the output of SLM to only present responses that conform to the expected response of the honeypot and avoiding the generation of additional interpretive or inferential language; SLM returns HTTP responses that conform to the protocol. These responses simulate successful execution by conveying an accepted status, but do not contain diagnostics or execution details.

5. The consortium blockchain-assisted large-scale model collaborative SAGVN threat trapping method according to claim 2, characterized in that: Step (III) of the above-mentioned evidence collection and incentive for coordinated trapping includes three stages: Threat Submission and Evidence Storage: The threat summary submitted by the trapper is preprocessed and vectorized before being injected into the knowledge base, and the corresponding trapping proof is submitted to the smart contract to prove the completion of the task; Threat scoring: Oracles connect to the consortium blockchain via smart contracts; threat scores from LLM arbitration are verified and recorded on the blockchain, driving reputation updates and reward distribution; threat data is used to enhance policy atoms in the knowledge base. Reward distribution: Based on the atomic index of the strategy used by the capturer, the smart contract traces back to the collaborator through the on-chain identity registry and distributes the reward.

6. The consortium blockchain-assisted large-scale model collaborative SAGVN threat trapping method according to claim 5, characterized in that: Step (3): Threat capture and evidence preservation stage: When node When suspicious or malicious behavior is successfully captured, the corresponding threat digest is sent to the subkey. The encryption is stored in a knowledge base, and the corresponding capture proof is recorded on the blockchain, specifically: node Calculate the captured threat data The hash, using the task's subkey. Encrypt it and use a private key The hash of the obtained ciphertext is signed, and the timestamp of the signature is recorded as follows. The capture proof, consisting of the signature result, signature time, and node public key, is formalized as follows: ; During the verification phase, if And the function , then it represents a node Submitted Valid; the corresponding task has been completed. After successful verification, Recorded as a task Effective contributions; make This represents the minimum number of participating nodes required for the completion of the security task; if , It was reconstructed through secret restoration and sent to the oracle for threat scoring; address The corresponding threat summary is input into the LLM; by parsing and normalizing the semantic features of the threat, the LLM integrates the execution effect and feedback log of historical policy atoms to generate new policy atoms that match them, or enhance existing policy atoms. Step (3) Threat Scoring Phase: A threat scoring method that focuses on the knowledge gain and policy coverage of overall defense based on threat summaries is adopted, specifically as follows: make Regarding the mission The set of threat hunters; for the hunters The submitted threats are parsed and mapped by the LLM. One or more policy atoms in; let the capturer Contribution strategy atoms The description is The feature mapping between the strategy and the samples is denoted as... ;for Retrieve it based on cosine similarity The nearest neighbors ;Depend on The knowledge benefits brought are defined as (3) in, Represents cosine similarity; Indicates high similarity, the capturer The resulting increase in knowledge is low; Indicates low similarity, the capturer It brings a high increase in knowledge; at last, The pre-trained language model BERT is embedded into a 768-dimensional normalized vector and injected into the Milvus knowledge base; Regarding the capturer Contribution strategy atoms The threat score is (4) Its range is [0,1]; weighting coefficient Used to quantify origin from the ground In the air With satellite Threat levels If the knowledge base does not cover If the threat is considered a new situation, then the maximum score will be assigned to it. ; Step (3): Reward allocation phase for role perception: LLM's threat score is used for the fair distribution of rewards. Nodes participating in the joint trapping are divided into trappers and collaborators; trappers, as direct contributors, identify and trap threats; collaborators, as indirect contributors, provide the policy atoms required to execute the trapping. To unleash collaborative potential, a closed-loop incentive model is adopted, which includes the following three steps: First, reward weight calculation about The minimum acceptable threat fraction of a medium atom is expressed as lower than It will be discarded, and the corresponding node account will have its deposit deducted. ; Capture of effective threats Strategies used Called by smart contract Locate the collaborator set on the corresponding chain. ; Capturer Regarding the task The reward weights are set as follows: (5) in, To contribute marginal knowledge to the capture of threats, For the capturer Historical reputation, Used to adjust the weight of historical reputation in this task; Then, the capturer reward distribution. Capturer The rewards were allocated as follows: (6) Capturer corresponding Updated to: (8) in, For the growth rate of reputation, As a penalty item, The coefficient of the penalty term; if , Will be promoted; when When the threshold is reached, a penalty is triggered. Finally, the collaborator reward distribution. Collaborators The extra reward was allocated as (7) in, The percentage of rewards for collaborators; After the reward settlement is completed on the blockchain, the summary of the task execution results of the vehicle-mounted, airborne, or spaceborne honeypot is confirmed and written into the corresponding hierarchical ledger.