Analysis and Visualisation of Access Attempts on a Honeypot Server

Sam Ruff


Supervised by Michael Daley; Moderated by Dave Marshall

Analyzing and visualizing intrusions from honeypots placed on the internet. The idea would involve 2-3 Raspberry Pi's connected to the Universities network running a custom version of the SSH server that I would adapt from the open-source version. This adapted version would include remote logging and data collection capabilities to collect information about the connection and what commands are used and what programs are run. I could then do a forensics analysis on the Raspberry Pi's after a successful intrusion to see what actions have been performed as well as visualizing data such as what passwords had been attempted on a web-GUI front-end on the remote server receiving logs. The reasoning behind having multiple pi's is as follows: * Multiple vulnerabilities could be tested such as running an older vulnerable SSH server with a publicly disclosed exploit to see if attackers are actively scanning for un-patched servers. * The other two Pi's could be for weak password analysis, one that is designed to allow attackers access for forensics analysis and the other to have a strong password only recording password attempts for later analysis such as the most commonly tried passwords for attackers.

Initial Plan (29/01/2017) [Zip Archive]

Final Report (03/05/2017) [Zip Archive]

Publication Form