Redirigiendo al acceso original de articulo en 17 segundos...
ARTÍCULO
TITULO

Cybersecurity and Network Forensics: Analysis of Malicious Traffic towards a Honeynet with Deep Packet Inspection

Gabriel Arquelau Pimenta Rodrigues    
Robson De Oliveira Albuquerque    
Flávio Elias Gomes de Deus    
Rafael Timóteo De Sousa Jr.    
Gildásio Antônio De Oliveira Júnior    
Luis Javier García Villalba and Tai-Hoon Kim    

Resumen

Any network connected to the Internet is subject to cyber attacks. Strong security measures, forensic tools, and investigators contribute together to detect and mitigate those attacks, reducing the damages and enabling reestablishing the network to its normal operation, thus increasing the cybersecurity of the networked environment. This paper addresses the use of a forensic approach with Deep Packet Inspection to detect anomalies in the network traffic. As cyber attacks may occur on any layer of the TCP/IP networking model, Deep Packet Inspection is an effective way to reveal suspicious content in the headers or the payloads in any packet processing layer, excepting of course situations where the payload is encrypted. Although being efficient, this technique still faces big challenges. The contributions of this paper rely on the association of Deep Packet Inspection with forensics analysis to evaluate different attacks towards a Honeynet operating in a network laboratory at the University of Brasilia. In this perspective, this work could identify and map the content and behavior of attacks such as the Mirai botnet and brute-force attacks targeting various different network services. Obtained results demonstrate the behavior of automated attacks (such as worms and bots) and non-automated attacks (brute-force conducted with different tools). The data collected and analyzed is then used to generate statistics of used usernames and passwords, IP and services distribution, among other elements. This paper also discusses the importance of network forensics and Chain of Custody procedures to conduct investigations and shows the effectiveness of the mentioned techniques in evaluating different attacks in networks.

 Artículos similares

       
 
Thomas Schiller, Bruce Caulkins, Annie S. Wu and Sean Mondesire    
Internet of Things (IoT) devices are common in today?s computer networks. These devices can be computationally powerful, yet prone to cybersecurity exploitation. To remedy these growing security weaknesses, this work proposes a new artificial intelligenc... ver más
Revista: Information

 
Antonio Maci, Alessandro Santorsola, Antonio Coscia and Andrea Iannacone    
Web phishing is a form of cybercrime aimed at tricking people into visiting malicious URLs to exfiltrate sensitive data. Since the structure of a malicious URL evolves over time, phishing detection mechanisms that can adapt to such variations are paramou... ver más
Revista: Computers

 
Sikha S. Bagui, Dustin Mink, Subhash C. Bagui and Sakthivel Subramaniam    
Machine Learning is widely used in cybersecurity for detecting network intrusions. Though network attacks are increasing steadily, the percentage of such attacks to actual network traffic is significantly less. And here lies the problem in training Machi... ver más
Revista: Computers

 
Hend Khalid Alkahtani, Khalid Mahmood, Majdi Khalid, Mahmoud Othman, Mesfer Al Duhayyim, Azza Elneil Osman, Amani A. Alneil and Abu Sarwar Zamani    
The fast development of the Internet of Things (IoT) and widespread utilization in a large number of areas, such as vehicle IoT, industrial control, healthcare, and smart homes, has made IoT security increasingly prominent. Ransomware is a type of malwar... ver más
Revista: Applied Sciences

 
Cristian Chindrus and Constantin-Florin Caruntu    
In today?s dynamic and evolving digital landscape, safeguarding network infrastructure against cyber threats has become a paramount concern for organizations worldwide. This paper presents a novel and practical approach to enhancing cybersecurity readine... ver más
Revista: Information