The expansion of the Internet and shared networks aids to the growth of records generated by nodes connected to the Internet. With the development of network attack technology, all Internet hosts have become targets of attack. When dealing with new attacks (such as smart ongoing threats) in a complex network environment, existing security strategies are powerless. Compared to existing security detection techniques, honeypot systems (IoT research) can analyze network packets or log files being attacked, and automatically monitor potential attack. Researchers can use this data to accurately capture the tactics, strategies, and techniques of threat actors to create defense strategies. However, for general security researchers, the immediate topic is how to improve the honeypot mechanism that attackers do not recognize and quietly capture their actions. Honeypot technology can be used not only as a passive information system, but also to combat zero-day and future attacks. In response to the rapid development of honeypot recognition with machine-learning technology, this paper proposes a new model of machine learning based on a linear regression algorithm with application and network layer characteristics. As a result of the experiment, we found that the proposed model was 97% more accurate than other machine learning algorithms.