Skip to content

ERDiagram

Mohammad AbuDayeh edited this page May 15, 2026 · 2 revisions

ER Diagram – WISETrap Honeypot System

The ER Diagram (Entity Relationship Diagram) represents the relational database structure of the WISETrap Honeypot System based on the actual MySQL database schema.

The diagram illustrates how users, attacker activity, trap endpoints, attack logs, and alert notifications are connected through relational database design.


System Overview

WISETrap is a deception-based web honeypot system designed to detect unauthorized access attempts through intentionally exposed trap resources such as:

/login.txt

The database architecture is divided into two major domains:

  1. User & Administration Management
  2. Honeypot Monitoring & Attack Logging

The ER Diagram defines all database entities, attributes, primary keys, foreign keys, and relationships used by the system.


User & Administration Management

1. Users_Groups

Stores system user roles and permission groups.

Attributes

  • GroupId (PK)
  • GroupName_En
  • GroupName_Ar
  • trap_endpoint_id (FK)

Purpose

Defines user roles such as:

  • Administrator
  • Login Trap

The Login Trap group may optionally reference a trap endpoint.


2. Users

Stores authentication and account information for system users.

Attributes

  • UserId (PK)
  • Username
  • Password
  • Email
  • PhoneNumber
  • SubscriptionDate
  • LastLogin
  • GroupId (FK)
  • Status
  • FailedLogin
  • created_at
  • updated_at

Purpose

Handles:

  • Authentication
  • User management
  • Login tracking
  • Group assignment

3. Users_Profiles

Stores extended profile information for each user.

Attributes

  • UserId (PK, FK)
  • FirstName_En
  • LastName_En
  • Address_En
  • FirstName_Ar
  • LastName_Ar
  • Address_Ar
  • DOB
  • Image

Purpose

Separates profile information from authentication data for better database normalization.


Honeypot Monitoring System

4. Attackers

Stores information about attackers or automated bots interacting with the honeypot system.

Attributes

  • attacker_id (PK)
  • ip_address
  • user_agent
  • first_seen
  • last_seen
  • country
  • is_bot

Purpose

Tracks attacker identity and suspicious activity sources.


5. TrapEndpoints

Stores honeypot trap resources monitored by the system.

Attributes

  • endpoint_id (PK)
  • endpoint_name
  • endpoint_url
  • description
  • is_active
  • created_at

Example Endpoint

/login.txt

Purpose

Defines exposed trap endpoints used for attacker detection.


6. AttackLogs

Stores detailed records of suspicious requests and attacker interactions.

Attributes

  • log_id (PK)
  • attacker_id (FK)
  • endpoint_id (FK)
  • requested_url
  • timestamp
  • http_method
  • status_code
  • request_data
  • response_data

Purpose

Captures:

  • Attack attempts
  • Request information
  • HTTP activity
  • Honeypot interaction logs

7. Alerts

Stores alert notifications generated after suspicious activity is detected.

Attributes

  • alert_id (PK)
  • log_id (FK)
  • alert_type
  • email_sent
  • sent_at
  • read_at
  • status

Status Values

  • pending
  • sent
  • failed
  • read

Purpose

Tracks security notifications sent to administrators.


Entity Relationships

Users_Groups → Users

Relationship Type: One-to-Many (1:N)

Description: One group can contain multiple users.


Users → Users_Profiles

Relationship Type: One-to-One (1:1)

Description: Each user has one profile record.


TrapEndpoints → Users_Groups

Relationship Type: One-to-Many (Optional)

Description: A trap endpoint may optionally be assigned to a user group.


Attackers → AttackLogs

Relationship Type: One-to-Many (1:N)

Description: One attacker may generate multiple attack logs.


TrapEndpoints → AttackLogs

Relationship Type: One-to-Many (1:N)

Description: One trap endpoint may appear in multiple attack logs.


AttackLogs → Alerts

Relationship Type: One-to-One (1:1)

Description: Each attack log may generate one alert notification.


Database Workflow

  1. An attacker accesses a trap endpoint
  2. The honeypot system records request information
  3. Attack data is stored in AttackLogs
  4. Alert records are generated
  5. Administrators receive security notifications

ER Diagram

ER Diagram


Purpose

The purpose of the ER Diagram is to define the relational database architecture used by the WISETrap Honeypot System and demonstrate how authentication, honeypot monitoring, attack logging, and alert management are connected through structured database relationships.


Notes

  • The database uses MySQL with the InnoDB engine.
  • Foreign keys enforce relational integrity.
  • CASCADE and RESTRICT rules are used to maintain data consistency.
  • The database design separates user management from honeypot monitoring logic.
  • The architecture supports scalability and future feature expansion.