Skip to content

UseCaseDiagram

Mohammad AbuDayeh edited this page May 13, 2026 · 1 revision

Use Case Diagram – WISETrap Honeypot System

The Use Case Diagram illustrates how external actors interact with the WISETrap honeypot system.

It focuses on the main system functionalities related to detecting suspicious access attempts, logging attacker activity, and notifying the administrator.


System Overview

WISETrap is a deception-based web honeypot designed to simulate a vulnerable environment by exposing fake credentials through a trap endpoint:

https://honeypot.wise.local/login.txt

When an attacker or automated bot interacts with the trap, the system records the activity and alerts the administrator in real time.


Actors

1. Attacker / Bot

Represents:

  • External attackers
  • Automated scanners
  • Bots attempting unauthorized access

The attacker interacts with the honeypot by:

  • Accessing the trap file
  • Attempting login requests
  • Triggering monitoring and alert mechanisms

2. Administrator

Represents the system administrator responsible for:

  • Monitoring suspicious activity
  • Viewing attack logs
  • Receiving email alerts
  • Managing honeypot settings

3. Email Service (External System)

Represents the email delivery system used to send real-time security notifications to the administrator.


Main Use Cases

Attacker / Bot Use Cases

Access Trap File

The attacker attempts to access the exposed trap endpoint:

/login.txt

This action is treated as a suspicious event.


Submit Login Credentials

The attacker submits login credentials using the fake login interface.

The system records:

  • Username
  • Password
  • IP Address
  • Timestamp

Trigger Security Alert

After detecting suspicious behavior, the system automatically triggers an alert process.

This includes:

  • Logging the request
  • Storing request data
  • Sending an email notification

Administrator Use Cases

View Attack Logs

Allows the administrator to review recorded attacker activity and access history.


Monitor Suspicious Activity

Allows continuous monitoring of attacker behavior and detected incidents.


Receive Email Alerts

The administrator receives real-time notifications whenever suspicious activity occurs.


Manage Honeypot Settings

Allows configuration and management of:

  • Trap endpoints
  • Alert settings
  • Logging behavior

System Behavior

When an attacker accesses the trap endpoint or submits credentials:

  1. The system detects suspicious activity
  2. The request information is logged
  3. IP address and timestamp are stored
  4. An email alert is generated
  5. The administrator receives a notification

Use Case Diagram

Use Case Diagram


Purpose

The purpose of the Use Case Diagram is to demonstrate how external actors interact with the WISETrap honeypot system and how the system responds to suspicious activities using deception-based security techniques.


Notes

  • The attacker interacts only with exposed trap resources.
  • The system automatically logs and analyzes suspicious requests.
  • Email notifications are generated in real time.
  • The administrator is responsible for monitoring and managing the honeypot environment.

Clone this wiki locally