High-Interactive Redis Honeypot with ELK Analytics

Authors

  • Marin Gazvoda de Reggi Univerza v Ljubljani, Fakulteta za računalništvo in informatiko
  • Sara Mihalič University of Ljubljana, Faculty of Computer and Information Science
  • Samo Hribar University of Ljubljana, Faculty of Computer and Information Science
  • Ana Bračić University of Ljubljana, Faculty of Computer and Information Science
  • Matevž Pesek University of Ljubljana, Faculty of Computer and Information Science https://orcid.org/0000-0001-9101-0471

DOI:

https://doi.org/10.31449/upinf.251

Keywords:

cybersecurity, ELK analytics, honeypot, Redis, security threats

Abstract

Redis has become a popular target for cyberattacks due to its widespread use and frequent misconfigurations, creating a need for better understanding and analysis of security threats. This work presents the implementation of a high-interactive Redis honeypot that enables transparent interception and logging of all connections and commands to a Redis server. The system is based on a proxy server implemented in Go programming language, which forwards intercepted connections to an internal Redis instance while logging and analyzing all interactions in real-time through integration with the ELK stack (Elasticsearch, Logstash, Kibana). The entire solution is implemented as a containerized application using Docker technology. Experimental evaluation demonstrated that the system effectively detects various types of attacks, from simple scanning attempts to sophisticated multi-stage attacks. The developed system represents an important contribution to better understanding Redis server security challenges and demonstrates the utility of honeypots in cybersecurity threat research.

Author Biographies

Marin Gazvoda de Reggi, Univerza v Ljubljani, Fakulteta za računalništvo in informatiko

Marin Gazvoda de Reggi je študent na Fakulteti za računalništvo in informatiko Univerze v Ljubljani. Zanimajo ga področja razvoja programske opreme, kibernetske varnosti in umetne inteligence. Njegovi raziskovalni interesi zajemajo teorijo programskih jezikov in njihovo varnost.

Sara Mihalič, University of Ljubljana, Faculty of Computer and Information Science

Sara Mihalič je študentka na Fakulteti za računalništvo in informatiko Univerze v Ljubljani. Navdušujejo jo področja povezana z digitalno forenziko, algoritmi in umetno inteligenco, najbolj pa jo zanima delo na interdisciplinarnih področjih, ki povezujejo tehnologijo z reševanjem konkretnih družbenih izzivov.

Samo Hribar, University of Ljubljana, Faculty of Computer and Information Science

Samo Hribar je študent na Fakulteti za računalništvo in informatiko Univerze v Ljubljano. Deluje na področju razvoja mobilnih aplikacij, zanima pa ga tudi hitro rastoče področje umetne inteligence. Na raziskovalnem področju ga zanima varnost aplikacij, od nizkonivojskih do spletnih.

Ana Bračić, University of Ljubljana, Faculty of Computer and Information Science

Ana Bračić je študentka na Fakulteti za računalništvo in informatiko Univerze v Ljubljani. Zanimajo jo področja kibernetske varnosti, kriptografije in umetne inteligence. Njeni raziskovalni interesi se osredotočajo na varnostne izzive v digitalnem okolju in uporabo naprednih tehnologij za zagotavljanje varnosti informacijskih sistemov.

Matevž Pesek, University of Ljubljana, Faculty of Computer and Information Science

Matevž Pesek je izredni profesor in raziskovalec na Fakulteti za računalništvo in informatiko Univerze v Ljubljani, kjer je diplomiral (2012) in doktoriral (2018). Od leta 2009 je član Laboratorija za računalniško grafiko in multimedije. Od leta 2024 izvaja predmet Varnost programov.

Downloads

Published

2025-09-25

How to Cite

[1]
Gazvoda de Reggi, M., Mihalič, S., Hribar, S., Bračić, A. and Pesek, M. 2025. High-Interactive Redis Honeypot with ELK Analytics. Applied Informatics. (Sep. 2025). DOI:https://doi.org/10.31449/upinf.251.

Issue

Online-first

Section

Scientific articles

Most read articles by the same author(s)