Cybersecurity Research
& Thought Leadership

Early-stage research into SSH honeypot deception, attacker-behaviour modelling, and tamper-evident evidence for European deployments.

Methodology in development
Seeking research partners
Bayesian/Markov methods

Core Research Areas

Research combining SSH honeypot deception, statistical attacker-behaviour modelling, and EU regulatory-aware design.

behaviour modelling
0 publications

Attacker-Behaviour Modelling

Developing Bayesian and Markov models to characterise attacker behaviour from SSH honeypot sessions.

Key Collaborations:

Open methodologyEU research community
evidence integrity
0 publications

Tamper-Evident Evidence

Methods for producing tamper-evident session evidence using SHA-256 and keccak256 hashing.

Key Collaborations:

Open methodology
deception design
0 publications

SSH Deception Techniques

Design of convincing decoy SSH environments for attacker engagement and session capture.

Key Collaborations:

Open methodology
data residency
0 publications

EU-Region Data Handling

Approaches to handling captured telemetry under EU-region hosting and GDPR-aware design.

Key Collaborations:

Open methodology

Planned Research Directions

Methodology write-ups we intend to publish. None are published yet.

Bayesian Scoring of SSH Honeypot Sessions

PHANTAQSM Team
Planned write-upIn development
behaviour modelling
In development
Methodology

Intended work documenting how Bayesian scoring is applied to attacker session behaviour captured in SSH honeypots. Not yet published.

BayesianSSH HoneypotsMethodology
Coming Soon

Markov Models of Attack Progression

PHANTAQSM Team
Planned write-upIn development
state modelling
In development
Methodology

Intended work on modelling attack progression as state transitions over honeypot session events. Not yet published.

MarkovAttack ProgressionMethodology
Coming Soon

Tamper-Evident Evidence with SHA-256 and keccak256

PHANTAQSM Team
Planned write-upIn development
evidence integrity
In development
Methodology

Intended work on producing tamper-evident (not court-admissible) session evidence through hash chaining. Not yet published.

Tamper-EvidentHashingMethodology
Coming Soon

Designing Convincing SSH Decoys

PHANTAQSM Team
Planned write-upIn development
deception design
In development
Methodology

Intended work on building decoy SSH environments that engage attackers without exposing production systems. Not yet published.

DeceptionDecoysMethodology
Coming Soon

Industry Insights

Analysis and commentary on emerging cybersecurity trends and policy developments

Threat Analysis
methodology

SSH Honeypot Deception: A Practical Primer

How decoy SSH environments capture attacker behaviour

A planned explainer on how managed SSH honeypots engage attackers and capture session telemetry for analysis...

In development
Planned
Threat Intelligence
methodology

Reading Attacker Intent from Session Data

Inferring intent from captured command sequences

A planned piece on inferring attacker intent from command sequences captured in SSH honeypots...

In development
Planned
Regulatory Analysis
methodology

NIS2 and Deception: Where Honeypots Fit

Supporting NIS2-aware detection with deception

A planned overview of how SSH honeypot deception can support NIS2-aware detection and monitoring...

In development
Planned

Research Partnerships

We are seeking collaboration with European universities and research groups. None are established yet.

European universities

Cybersecurity research groups
Seeking
Research Focus:Attacker-behaviour modelling for SSH honeypots
Duration:Open
Funding:To be determined

Applied security labs

Deception and honeypot research
Seeking
Research Focus:SSH decoy design and evaluation
Duration:Open
Funding:To be determined

Statistics & ML groups

Bayesian and Markov methods
Seeking
Research Focus:Session scoring and attack-progression models
Duration:Open
Funding:To be determined

EU policy & compliance groups

Data protection and security regulation
Seeking
Research Focus:GDPR-aware and NIS2-aware telemetry handling
Duration:Open
Funding:To be determined

Collaborate on Our Research

Partner with us to advance SSH honeypot deception and statistical attacker-behaviour modelling for European deployments.