Using honeynet data and a time series to predict the number of cyber attacks

Matej Zuzčák1 and Petr Bujok1

  1. Department of Informatics and Computers, Faculty of Science, University of Ostrava
    30. dubna 22, 701 03 Ostrava, Czech Republic


A large number of cyber attacks are commonly conducted against home computers, mobile devices, as well as servers providing various services. One such prominently attacked service, or a protocol in this case, is the Secure Shell (SSH) used to gain remote access to manage systems. Besides human attackers, botnets are a major source of attacks on SSH servers. Tools such as honeypots allow an effective means of recording and analysing such attacks.However, is it also possible to use them to effectively predict these attacks? The prediction of SSH attacks, specifically the prediction of activity on certain subjects, such as autonomous systems, will be beneficial to system administrators, internet service providers, and CSIRT teams. This article presents multiple methods for using a time series, based on real-world data,to predict these attacks. It focuses on the overall prediction of attacks on the honeynet and the prediction of attacks from specific geographical regions. Multiple approaches are used, such as ARIMA, SARIMA, GARCH, and Bootstrapping. The article presents the viability, precision and usefulness of the individual approaches for various areas of IT security.

Key words

cyber attacks, honeynet, honeypot, SSH, time series, prediction

Digital Object Identifier (DOI)

Publication information

Volume 18, Issue 4 (September 2021)
Year of Publication: 2021
ISSN: 1820-0214 (Print) 2406-1018 (Online)
Publisher: ComSIS Consortium

Full text

DownloadAvailable in PDF
Portable Document Format

How to cite

Zuzčák, M., Bujok, P.: Using honeynet data and a time series to predict the number of cyber attacks. Computer Science and Information Systems, Vol. 18, No. 4, 1197–1217. (2021),