The Honeypot system project aims to achieve the following goals: - Collecting data on cyber attacks and hacking methods. The honeypot will act as a decoy, attracting intruders and recording all their actions for further analysis. - Training and raising awareness about cyber threats. Using Honeypotsystems - Recording and logging of all actions of attackers. The system will log each connection and action, saving them for later analysis. - Simulating various services and vulnerabilities. The honeypot will be a fake infrastructure that simulates vulnerable services (for example, SSH, FTP, HTTP) to attract various types of attackers. - Multi-level difficulty setting. The system will allow you to choose the level of imitation of the attacked services, from simple (bait) to complex (deep emulation), which can be useful for various studies. - Collecting data on the geography of attackers. Built-in geolocation tools will allow you to determine the IPaddresses and approximate location of attackers.

The Honeypot system project includes the main components: a central control module, an event monitoring interface, and data collection and storage modules. Virtualized containers will be used to create a flexible system architecture that allows you to easily change and configure configurations depending on the threat level. The system will be adapted for use in corporate and cloud networks to increase their security and provide the ability to analyse the behaviour of intruders. To prevent leaks from the Honeypot system to the real network, isolation methods are used, for example, by creating separate VLAN segments.

The honeypot will also support automatic incident recovery to reduce downtime. The project will allow study the methods and techniques used by attackers when interacting with Honeypot systems, which is important for analysing current and potential threats. Simulating real attacks, such as attempts to exploit SSH vulnerabilities, will collect information about possible attack options and identify ways to protect against them. Using Honeypot as a base for a multiprotocol trap allows evaluate the effectiveness of traps against various attack scenarios.

The test plan also includes the implementation of Honeypot solutions for corporate and cloud networks, which will create additional layers of security and provide valuable information about the methods of malicious attacks. The system is equipped with logging mechanisms that record every interaction of an attacker with the system, starting from attempts to scan ports and ending with the execution of commands. Centralized storage is used for data storage, which allows you to conduct a deep analysis of attacking techniques and identify hidden relationships between the actions of intruders. Additionally, it is planned to introduce machine learning for automatic classification and analysis of attack patterns, which will increase the efficiency of the system and help predict new potential threats.