Cybersecurity and Network Forensics: Analysis of Malicious Traffic towards a Honeynet with Deep Packet Inspection



Downloads per month over past year

Pimenta Rodrigues, Gabriel and de Oliveira Albuquerque, Robson and Gomes de Deus, Flávio and de Sousa Jr., Rafael and de Oliveira Júnior, Gildásio and García Villalba, Luis Javier and Kim, Tai-Hoon (2017) Cybersecurity and Network Forensics: Analysis of Malicious Traffic towards a Honeynet with Deep Packet Inspection. Applied Sciences, 7 (10). p. 1082. ISSN 2076-3417

[thumbnail of applsci-07-01082-v2.pdf] PDF
Creative Commons Attribution.


Official URL:


Any network connected to the Internet is subject to cyber attacks. Strong security measures, forensic tools, and investigators contribute together to detect and mitigate those attacks, reducing the damages and enabling reestablishing the network to its normal operation, thus increasing the cybersecurity of the networked environment. This paper addresses the use of a forensic approach with Deep Packet Inspection to detect anomalies in the network traffic. As cyber attacks may occur on any layer of the TCP/IP networking model, Deep Packet Inspection is an effective way to reveal suspicious content in the headers or the payloads in any packet processing layer, excepting of course situations where the payload is encrypted. Although being efficient, this technique still faces big challenges. The contributions of this paper rely on the association of Deep Packet Inspection with forensics analysis to evaluate different attacks towards a Honeynet operating in a network laboratory at the University of Brasilia. In this perspective, this work could identify and map the content and behavior of attacks such as the Mirai botnet and brute-force attacks targeting various different network services. Obtained results demonstrate the behavior of automated attacks (such as worms and bots) and non-automated attacks (brute-force conducted with different tools). The data collected and analyzed is then used to generate statistics of used usernames and passwords, IP and services distribution, among other elements. This paper also discusses the importance of network forensics and Chain of Custody procedures to conduct investigations and shows the effectiveness of the mentioned techniques in evaluating different attacks in networks.

Item Type:Article
Uncontrolled Keywords:cybersecurity; network security; traffic analysis; deep packet inspection; intrusion detection; network forensics
Subjects:Sciences > Computer science > Internet
Sciences > Computer science > Computer networks
Sciences > Computer science > Computer security
ID Code:67591
Deposited On:01 Sep 2021 08:01
Last Modified:01 Sep 2021 08:27

Origin of downloads

Repository Staff Only: item control page