A statistical framework for analyzing cyber attacks




Zhan, Zhenxin

Journal Title

Journal ISSN

Volume Title



Data-driven cyber security analytics is one important approach to understanding cyber attacks. Despite its importance, there are essentially no systematic studies on characterizing the statistical properties of cyber attacks. The present dissertation introduces a systematic statistical framework for analyzing cyber attack data. It also presents three specific results that are obtained by applying the framework to analyze some honeypot- and blackhole-captured cyber attack data, while noting that the framework is equally applicable to other data that may contain richer attack information. The first result is that honeypot-captured cyber attacks often exhibit Long-Range Dependence (LRD). The second result is that honeypot-captured cyber attacks can exhibit Extreme Values (EV). The third result describes spatial and temporal characterizations that are exhibited by blackhole-captured cyber attacks. The dissertation shows that by exploiting the statistical properties exhibited by cyber attack data, it is possible to achieve certain "gray-box" predictions with high accuracy. Such prediction capability can be exploited to guide the proactive allocation of resources for effective defense.


This item is available only to currently enrolled UTSA students, faculty or staff. To download, navigate to Log In in the top right-hand corner of this screen, then select Log in with my UTSA ID.


cyber attack prediction, Cyber security, Honeypot, long-range dependence, Network Telescope, stochastic cyber attack processes



Computer Science