Threat Actor Classification and Behavioural Fingerprinting via Deception

I am a final-year BSc Cyber Security student at the University of Staffordshire London. My project investigates how deception technology can move beyond isolated alerts and support clearer attacker understanding. Using FortiDeceptor telemetry from a controlled lab, I built a pipeline that parses logs, reconstructs attacker sessions, scores behaviour, classifies activity, and links related events into attack stories. The system presents results through a Streamlit dashboard, helping analysts distinguish automated reconnaissance, credential attacks, authenticated compromise, and hands-on operator behaviour. This creates a more explainable way to interpret attacker activity from deception data.





Contact Alexander