Details

Visoko-interaktivna Redis limanica z ELK analitiko
ID Gazvoda de Reggi, Marin (Author), ID Mihalič, Sara (Author), ID Hribar, Samo (Author), ID Bračić, Ana (Author), ID Pesek, Matevž (Author)

.pdfPDF - Presentation file, Download (1,17 MB)
MD5: 012E51F640008B09BB5EAE0FC3DDB285
URLURL - Source URL, Visit https://uporabna-informatika.si/ui/article/view/251 This link opens in a new window

Abstract
Redis je zaradi svoje široke uporabe in pogosto nepravilne konfiguracije postal priljubljena tarča kibernetskih napadov, kar ustvarja potrebo po boljšem razumevanju in analizi varnostnih groženj. V tem delu predstavljamo implementacijo visoko-interaktivne Redis limanice (angl. honeypot), ki omogoča transparentno prestrezanje in beleženje vseh povezav ter ukazov na Redis strežnik. Sistem temelji na posredniškem strežniku v programskem jeziku Go, ki prestrežene povezave posreduje interni Redis instanci, pri tem pa vse interakcijev realnem času beleži in analizira preko integracije z naborom orodij ELK (Elasticsearch, Logstash, Kibana). Celotna rešitev je implementirana kot vsebniška aplikacija z uporabo tehnologije Docker. Eksperimentalna evalvacija je pokazala, da sistem učinkovito zaznava različne vrste napadov, od preprostih poskusov skeniranja do sofisticiranih večstopenjskih napadov. Razviti sistem predstavlja pomemben prispevek k boljšemu razumevanju varnostnih izzivov Redis strežnikov in demonstrira uporabnost limanic pri raziskovanju kibernetskih groženj.

Language:Slovenian
Keywords:ELK analitika, kibernetska varnost, limanica, Redis, varnostne grožnje
Work type:Article
Typology:1.01 - Original Scientific Article
Organization:FRI - Faculty of Computer and Information Science
Publication status:Published
Publication version:Version of Record
Year:2025
Number of pages:12 str.
Numbering:Letn. 33, št. 3
PID:20.500.12556/RUL-175557 This link opens in a new window
UDC:004
ISSN on article:1318-1882
DOI:10.31449/upinf.251 This link opens in a new window
COBISS.SI-ID:250593027 This link opens in a new window
Publication date in RUL:04.11.2025
Views:266
Downloads:71
Metadata:XML DC-XML DC-RDF
:
Copy citation
Share:Bookmark and Share

Record is a part of a journal

Title:Uporabna informatika
Shortened title:Uporab. inform.
Publisher:Slovensko društvo Informatika
ISSN:1318-1882
COBISS.SI-ID:36338688 This link opens in a new window

Licences

License:CC BY 4.0, Creative Commons Attribution 4.0 International
Link:http://creativecommons.org/licenses/by/4.0/
Description:This is the standard Creative Commons license that gives others maximum freedom to do what they want with the work as long as they credit the author.

Secondary language

Language:English
Title:High-interactive Redis honeypot with ELK analytics
Abstract:
Redis has become a popular target for cyber attacks due to its widespread use and frequent misconfigurations, creating a need for better understanding and analysis of security threats. This work presents the implementation of a high-interactive Redis honeypot that enables transparent interception and logging of all connections and commands to a Redis server. The system is based on a proxy server implementedin Go programming language, which forwards intercepted connections to an internal Redis instance while logging and analyzing all interactions in real-time through integration with the ELK stack (Elasticsearch, Logstash, Kibana). The entire solution is implemented as a containerized application using Docker technology. Experimental evaluation demonstrated that the system effectively detects various types of attacks, from simple scanning attempts to sophisticated multi-stage attacks. The developed system represents an important contribution to better understanding Redis server security challenges and demonstrates the utility of honeypots in cybersecurity threat research.

Keywords:ELK analytics, cybersecurity, honeypot, Redis, security threats

Similar documents

Similar works from RUL:
Similar works from other Slovenian collections:

Back