A very significant increase in the spread of malware has resulted in malware analysis. A recent approach to using the internet of things has been put forward by many researchers. Iot tool learning approaches as a more effective and efficient approach to dealing with malware compared to conventional approaches. At the same time, the researchers transformed the honeypot as a device capable of gathering malware information. The honeypot is designed as a malware trap and is stored on the provided system. Then log the managed events and gather information about the activity and identity of the attacker. This paper aims to use a honeypot in machine learning to deal with malware The Systematic Literature Review (SLR) method was used to identify 207 . Then 12 papers were selected to be investigated based on inclusion and exclusion criteria. The technique used by most researchers is to utilize the available honeypot dataset. Meanwhile, based on the type of malware being analyzed, honeypot in machine learning is mostly used to collect IoT-based malware.