Вернуться на стартовую страницу

DIPLOMA PROJECT

Development and research of Honeypot system for cybersecurity

Aitchanova Kymbat, Akhan Nurlytang, Zholshy Naziya

The Entity-Relationship Diagram (ERD) presented above provides a structured visualization of how different components of the honeypot system interact with one another. This diagram is essential for understanding the flow of data within the system, ensuring that attacker interactions, security logs, alerts, and administrative actions are properly recorded and structured for cybersecurity analysis.

The Attacker entity is at the core of the honeypot system, representing any unauthorized user attempting to exploit the simulated vulnerabilities within the environment. Each attacker is uniquely identified by an Attacker_ID, which helps track individual threat actors across multiple attack sessions. Additional attributes such as IP_Address, Attack_Type, and Time_Stamp allow for detailed forensic investigation, enabling security professionals to correlate attacker behavior with known hacking methodologies. Every interaction performed by an attacker is recorded in the Attack Log entity, which serves as the primary storage unit for tracking malicious activity. This log includes details such as Action_Performed, Command_Executed, and File_Accessed, ensuring that all attack attempts are documented for further analysis.

The Honeypot System entity represents the simulated environment that attackers engage with. This entity contains critical information regarding System_Name, System_Status, Active_Monitoring, and Deception_Level, allowing administrators to configure and control how the honeypot responds to unauthorized access attempts. When an attacker interacts with the honeypot, their actions are logged within the Attack_Log entity, creating a direct relationship between these two components.

The System Alert entity plays a crucial role in real-time security monitoring. Whenever suspicious activity is detected, an alert is triggered and linked to a specific attacker ID, ensuring that cybersecurity teams can respond promptly to potential threats. Attributes such as Alert_Type, Alert_Level, and Triggered_Timestamp help categorize alerts based on severity, allowing administrators to prioritize high-risk incidents. These alerts are then reviewed by the Security Administrator entity, which represents the human cybersecurity professionals responsible for managing the honeypot system. Administrators have unique identifiers such as Admin_ID, Admin_Name, and Role, which define their level of access and responsibilities within the system. The Security Administrator is also responsible for reviewing logs, analyzing attack patterns, and fine-tuning the honeypot's deception techniques to improve its effectiveness in capturing and mitigating cyber threats.

The Entity-Relationship Diagram (ERD) is a fundamental tool for structuring and organizing cybersecurity intelligence collected through honeypot systems. By clearly defining how different entities interact, the ERD helps in database optimization, data retrieval efficiency, and forensic analysis of cyber threats. One of the most significant applications of this ERD is in threat intelligence platforms, where structured attacker data is used to train machine learning models for anomaly detection and automated response mechanisms. The Attack_Log entity serves as a crucial dataset for developing intrusion detection systems (IDS), helping security analysts identify recurring attack patterns, common attack vectors, and new hacking methodologies.

Additionally, the structured relationships defined in the ERD facilitate seamless integration with cybersecurity frameworks such as SIEM (Security Information and Event Management) systems, allowing organizations to automate threat detection, incident response, and log correlation. By maintaining an organized and structured database of attacker interactions, security teams can quickly extract valuable intelligence, improving their ability to defend against future attacks. Moreover, the System_Alert entity ensures that real-time threat detection mechanisms are in place, enabling immediate intervention when critical security events occur.