Using analysis of temporal variances within a honeypot dataset to better predict attack type probability

Honeypots are deployed to capture cyber attack data for analysis of attacker behavior. This paper analyses a honeypot dataset to establish attack types and corresponding temporal patterns. It calculates the probability of each attack type occurring at a particular time of day and tests these probabilities with a random sample from the honeypot dataset. Attacks can take many forms and can come from different geographical sources. Temporal patterns in attacks are often observed due to the diurnal nature of computer usage and thus attack types captured on a honeypot will also reflect these patterns. We propose that it is possible to determine the probability of differing attack types occurring at certain times of the day. Understanding attack behavior informs the implementation of more robust security measures. The paper also proposes automating this process to create dynamic and adaptive honeypots. An adaptive honeypot that can modify its security levels, can increase the attack vector at different times of the day. This will improve data collection for analysis that ultimately will lead to better cyber defenses.