Abnormal network packets identification using header information collected from Honeywall architecture

IF 2.7 Q2 COMPUTER SCIENCE, INFORMATION SYSTEMS Journal of Information and Telecommunication Pub Date : 2023-05-23 DOI:10.1080/24751839.2023.2215135

Kha Van Nguyen, H. Nguyen, Thang Quyet Le, Quang Nhat Minh Truong

{"title":"Abnormal network packets identification using header information collected from Honeywall architecture","authors":"Kha Van Nguyen, H. Nguyen, Thang Quyet Le, Quang Nhat Minh Truong","doi":"10.1080/24751839.2023.2215135","DOIUrl":null,"url":null,"abstract":"ABSTRACT Most devices are now connected through the Internet, so cybersecurity issues have raised concerns. This study proposes network services in a virtual environment to collect, analyze and identify network attacks with various techniques. Our contributions include multi-fold. First, we deployed Honeynet architecture to collect network packets, including actual cyber-attacks performed by real hackers and crackers. In the second contribution, we have leveraged some techniques to normalize data and extract header information with 29 features from 200,000 samples of many types of network attacks for abnormal packet identification with machine learning algorithms. Furthermore, we introduce an Adaptive Cybersecurity (AC) system to detect attacks and provide warnings. The system can automatically collect more data for further analysis to improve performance. Our proposed method performs better than Snort in detecting dangerous malicious attacks. Finally, we have experimented with different cyber-attack approaches to exploit the ten website security risks recommended by the Open Web Application Security Project (OWASP). From the research results, the system is expected to be able to detect cybercriminal attacks and provide early warnings to prevent a potential cyber-attack.","PeriodicalId":32180,"journal":{"name":"Journal of Information and Telecommunication","volume":" ","pages":""},"PeriodicalIF":2.7000,"publicationDate":"2023-05-23","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"0","resultStr":null,"platform":"Semanticscholar","paperid":null,"PeriodicalName":"Journal of Information and Telecommunication","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.1080/24751839.2023.2215135","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"Q2","JCRName":"COMPUTER SCIENCE, INFORMATION SYSTEMS","Score":null,"Total":0}

引用次数: 0

Abstract

ABSTRACT Most devices are now connected through the Internet, so cybersecurity issues have raised concerns. This study proposes network services in a virtual environment to collect, analyze and identify network attacks with various techniques. Our contributions include multi-fold. First, we deployed Honeynet architecture to collect network packets, including actual cyber-attacks performed by real hackers and crackers. In the second contribution, we have leveraged some techniques to normalize data and extract header information with 29 features from 200,000 samples of many types of network attacks for abnormal packet identification with machine learning algorithms. Furthermore, we introduce an Adaptive Cybersecurity (AC) system to detect attacks and provide warnings. The system can automatically collect more data for further analysis to improve performance. Our proposed method performs better than Snort in detecting dangerous malicious attacks. Finally, we have experimented with different cyber-attack approaches to exploit the ten website security risks recommended by the Open Web Application Security Project (OWASP). From the research results, the system is expected to be able to detect cybercriminal attacks and provide early warnings to prevent a potential cyber-attack.

查看原文