Next Article in Journal
Fast Method of Recovering Reference-Wave Intensity in Two-Step-Only Quadrature Phase-Shifting Holography
Previous Article in Journal
A Prototype Design and Development of the Smart Photovoltaic System Blind Considering the Photovoltaic Panel, Tracking System, and Monitoring System
Article Menu
Issue 10 (October) cover image

Export Article

Open AccessArticle
Appl. Sci. 2017, 7(10), 1082; https://doi.org/10.3390/app7101082

Cybersecurity and Network Forensics: Analysis of Malicious Traffic towards a Honeynet with Deep Packet Inspection

1
Cybersecurity INCT Unit 6, Decision Technologies Laboratory-LATITUDE, Electrical Engineering Department (ENE), Technology College, University of Brasilia (UnB), Brasília-DF 70910-900, Brazil
2
Group of Analysis, Security and Systems (GASS), Department of Software Engineering and Artificial Intelligence (DISIA), Faculty of Computer Science and Engineering, Office 431, Universidad Complutense de Madrid (UCM), Calle Profesor José García Santesmases, 9, Ciudad Universitaria, 28040 Madrid, Spain
3
Department of Convergence Security, Sungshin Women’s University, 249-1 Dongseon-Dong 3-ga,Seoul 136-742, Korea
These authors contributed equally to this work.
*
Author to whom correspondence should be addressed.
Received: 20 September 2017 / Revised: 11 October 2017 / Accepted: 13 October 2017 / Published: 18 October 2017
(This article belongs to the Section Computer Science and Electrical Engineering)
Full-Text   |   PDF [2481 KB, uploaded 19 October 2017]   |  

Abstract

Any network connected to the Internet is subject to cyber attacks. Strong security measures, forensic tools, and investigators contribute together to detect and mitigate those attacks, reducing the damages and enabling reestablishing the network to its normal operation, thus increasing the cybersecurity of the networked environment. This paper addresses the use of a forensic approach with Deep Packet Inspection to detect anomalies in the network traffic. As cyber attacks may occur on any layer of the TCP/IP networking model, Deep Packet Inspection is an effective way to reveal suspicious content in the headers or the payloads in any packet processing layer, excepting of course situations where the payload is encrypted. Although being efficient, this technique still faces big challenges. The contributions of this paper rely on the association of Deep Packet Inspection with forensics analysis to evaluate different attacks towards a Honeynet operating in a network laboratory at the University of Brasilia. In this perspective, this work could identify and map the content and behavior of attacks such as the Mirai botnet and brute-force attacks targeting various different network services. Obtained results demonstrate the behavior of automated attacks (such as worms and bots) and non-automated attacks (brute-force conducted with different tools). The data collected and analyzed is then used to generate statistics of used usernames and passwords, IP and services distribution, among other elements. This paper also discusses the importance of network forensics and Chain of Custody procedures to conduct investigations and shows the effectiveness of the mentioned techniques in evaluating different attacks in networks. View Full-Text
Keywords: cybersecurity; network security; traffic analysis; deep packet inspection; intrusion detection; network forensics cybersecurity; network security; traffic analysis; deep packet inspection; intrusion detection; network forensics
Figures

Figure 1

This is an open access article distributed under the Creative Commons Attribution License which permits unrestricted use, distribution, and reproduction in any medium, provided the original work is properly cited (CC BY 4.0).
SciFeed

Share & Cite This Article

MDPI and ACS Style

Pimenta Rodrigues, G.A.; de Oliveira Albuquerque, R.; Gomes de Deus, F.E.; de Sousa Jr., R.T.; de Oliveira Júnior, G.A.; García Villalba, L.J.; Kim, T.-H. Cybersecurity and Network Forensics: Analysis of Malicious Traffic towards a Honeynet with Deep Packet Inspection. Appl. Sci. 2017, 7, 1082.

Show more citation formats Show less citations formats

Note that from the first issue of 2016, MDPI journals use article numbers instead of page numbers. See further details here.

Related Articles

Article Metrics

Article Access Statistics

1

Comments

[Return to top]
Appl. Sci. EISSN 2076-3417 Published by MDPI AG, Basel, Switzerland RSS E-Mail Table of Contents Alert
Back to Top