-
Notifications
You must be signed in to change notification settings - Fork 0
UseCaseDiagram
The Use Case Diagram illustrates how external actors interact with the WISETrap honeypot system.
It focuses on the main system functionalities related to detecting suspicious access attempts, logging attacker activity, and notifying the administrator.
WISETrap is a deception-based web honeypot designed to simulate a vulnerable environment by exposing fake credentials through a trap endpoint:
https://honeypot.wise.local/login.txt
When an attacker or automated bot interacts with the trap, the system records the activity and alerts the administrator in real time.
Represents:
- External attackers
- Automated scanners
- Bots attempting unauthorized access
The attacker interacts with the honeypot by:
- Accessing the trap file
- Attempting login requests
- Triggering monitoring and alert mechanisms
Represents the system administrator responsible for:
- Monitoring suspicious activity
- Viewing attack logs
- Receiving email alerts
- Managing honeypot settings
Represents the email delivery system used to send real-time security notifications to the administrator.
The attacker attempts to access the exposed trap endpoint:
/login.txt
This action is treated as a suspicious event.
The attacker submits login credentials using the fake login interface.
The system records:
- Username
- Password
- IP Address
- Timestamp
After detecting suspicious behavior, the system automatically triggers an alert process.
This includes:
- Logging the request
- Storing request data
- Sending an email notification
Allows the administrator to review recorded attacker activity and access history.
Allows continuous monitoring of attacker behavior and detected incidents.
The administrator receives real-time notifications whenever suspicious activity occurs.
Allows configuration and management of:
- Trap endpoints
- Alert settings
- Logging behavior
When an attacker accesses the trap endpoint or submits credentials:
- The system detects suspicious activity
- The request information is logged
- IP address and timestamp are stored
- An email alert is generated
- The administrator receives a notification

The purpose of the Use Case Diagram is to demonstrate how external actors interact with the WISETrap honeypot system and how the system responds to suspicious activities using deception-based security techniques.
- The attacker interacts only with exposed trap resources.
- The system automatically logs and analyzes suspicious requests.
- Email notifications are generated in real time.
- The administrator is responsible for monitoring and managing the honeypot environment.