RT Journal Article
T1 Cybersecurity and Network Forensics: Analysis of Malicious Traffic towards a Honeynet with Deep Packet Inspection
A1 Pimenta Rodrigues, Gabriel
A1 de Oliveira Albuquerque, Robson
A1 Gomes de Deus, Flávio
A1 de Sousa Jr., Rafael
A1 de Oliveira Júnior, Gildásio
A1 García Villalba, Luis Javier
A1 Kim, Tai-Hoon
AB Any network connected to the Internet is subject to cyber attacks. Strong security measures, forensic tools, and investigators contribute together to detect and mitigate those attacks, reducing the damages and enabling reestablishing the network to its normal operation, thus increasing the cybersecurity of the networked environment. This paper addresses the use of a forensic approach with Deep Packet Inspection to detect anomalies in the network traffic. As cyber attacks may occur on any layer of the TCP/IP networking model, Deep Packet Inspection is an effective way to reveal suspicious content in the headers or the payloads in any packet processing layer, excepting of course situations where the payload is encrypted. Although being efficient, this technique still faces big challenges. The contributions of this paper rely on the association of Deep Packet Inspection with forensics analysis to evaluate different attacks towards a Honeynet operating in a network laboratory at the University of Brasilia. In this perspective, this work could identify and map the content and behavior of attacks such as the Mirai botnet and brute-force attacks targeting various different network services. Obtained results demonstrate the behavior of automated attacks (such as worms and bots) and non-automated attacks (brute-force conducted with different tools). The data collected and analyzed is then used to generate statistics of used usernames and passwords, IP and services distribution, among other elements. This paper also discusses the importance of network forensics and Chain of Custody procedures to conduct investigations and shows the effectiveness of the mentioned techniques in evaluating different attacks in networks.
PB MDPI
SN 2076-3417
YR 2017
FD 2017-10-18
LK https://hdl.handle.net/20.500.14352/19215
UL https://hdl.handle.net/20.500.14352/19215
LA eng
NO Brazilian research and innovation Agencies CAPES
NO FINEP–Funding Authority for Studies and Projects
NO FAPDF–Research Support Foundation of the Federal District
NO Ministry of Planning, Development and Management
NO DPGU–Brazilian Union Public Defender
NO Sungshin W. University
DS Docta Complutense
RD 15 dic 2025