Publication:
Cybersecurity and Network Forensics: Analysis of Malicious Traffic towards a Honeynet with Deep Packet Inspection

Thumbnail Image
Files
applsci-07-01082-v2.pdf (2.42 MB)
Official URL
https://doi.org/10.3390/app7101082
Full text at PDC
Publication Date
2017-10-18
Authors
Pimenta Rodrigues, Gabriel
de Oliveira Albuquerque, Robson
Gomes de Deus, Flávio
de Sousa Jr., Rafael
de Oliveira Júnior, Gildásio
Kim, Tai-Hoon
Advisors (or tutors)
Editors
Journal Title
Journal ISSN
Volume Title
Publisher
MDPI
Citations
Google Scholar
Exportar
DC QDC MarcXML RDF MODS METS ORE-ATOM
Research Projects
Organizational Units
Journal Issue
Abstract
Any network connected to the Internet is subject to cyber attacks. Strong security measures, forensic tools, and investigators contribute together to detect and mitigate those attacks, reducing the damages and enabling reestablishing the network to its normal operation, thus increasing the cybersecurity of the networked environment. This paper addresses the use of a forensic approach with Deep Packet Inspection to detect anomalies in the network traffic. As cyber attacks may occur on any layer of the TCP/IP networking model, Deep Packet Inspection is an effective way to reveal suspicious content in the headers or the payloads in any packet processing layer, excepting of course situations where the payload is encrypted. Although being efficient, this technique still faces big challenges. The contributions of this paper rely on the association of Deep Packet Inspection with forensics analysis to evaluate different attacks towards a Honeynet operating in a network laboratory at the University of Brasilia. In this perspective, this work could identify and map the content and behavior of attacks such as the Mirai botnet and brute-force attacks targeting various different network services. Obtained results demonstrate the behavior of automated attacks (such as worms and bots) and non-automated attacks (brute-force conducted with different tools). The data collected and analyzed is then used to generate statistics of used usernames and passwords, IP and services distribution, among other elements. This paper also discusses the importance of network forensics and Chain of Custody procedures to conduct investigations and shows the effectiveness of the mentioned techniques in evaluating different attacks in networks.
Description
UCM subjects
Internet (Informática) , Redes , Seguridad informática
Unesco subjects
3325 Tecnología de las Telecomunicaciones
Keywords
Citation
URI
https://hdl.handle.net/20.500.14352/19215
Collections
Artículos