Metric

Graphical

Method

Ref.

Distribution of Attacker Source IP Connections per Time Unit

Number of Attacker Session by Time Unit

Number of Attacker Shellcode Sessions by Time Unit

Number of Attacker Source IP (Connections) per Ports Sequence (per Sensor) per Time Unit

Number of Attacker Source IP Connections per Distinct Attacker Source IP

Number of Attacker Source IP Connections per Distinct Protocol

Number of Attacker Source IP Connections per Time Unit

Number of Attacker Source IP over Time Unit

Number of Attacker SSH Sessions by Time Unit

Number of Malware Attack Connections per Exposed Destination Port

Number of Packets per Time Unit

Number of Packets per Time Unit per IDS Type

Number of Unique Attacker Source IP per Time Unit

Number of Unique Exposed Honeypot Ports per Time Unit

Proportion of Attacker Source IP across Targeted Honeypot Sensors

Line

[21]

[75]

[78]

[80]

[82]

[84]

[85]

[86]

[88]

[89]

[91]

[92]

[94]

[95]

[101]

[102]

Distribution of Antivirus Alerts by Antivirus type

Distribution of Attacker Open Session by Country

Distribution of Attacker Source IP Connections by Country

Distribution of Attacker Source IP Connections by Distinct Attacker Source IP

Distribution of Attacker Source IP Connections by Distinct Protocol

Distribution of Attacker Source IP Connections by Exposed Destination Ports

Distribution of Attacker Source IP Connections per Attack Type

Distribution of Attacker Source IP Connections per Distinct Protocol

Distribution of Attacker Source IP Connections per Distinct Username/Password/Combination

Distribution of Attacker Source Packets by Distinct Attacker Source IP

Distribution of Attacker Source Packets by Distinct Protocol

Distribution of Distinct Attacker Source IP by Country

Distribution of Distinct Attacker Source IP Connections by Country

Distribution of Distinct Malware by Country

Distribution of Malware Samples by Architecture

Distribution of Shellcode Alerts by Shellcode type

Pie

[8]

[21]

[74]

[77]

[78]

[79]

[84]

[87]

[88]

[91]

[92]

[96]

[99]

Number of Attacker Source IP Connections by Exposed Destination Ports

Distribution of Attacker Source IP Connections per Subnetwork Class

Number of Attacker Source IP Connections per Connection Status (Failure, Success)

Number of Attacker Source IP Connections per Time Unit

Number of Distinct Connection Commands per Time Unit

Number of Attack Sessions by Exposed Destination Ports

Number of Attacker Source IP Connections per Country

Number of Attacker Source IP Connections per Distinct Operating System Name

Number of Attacker Source IP per Country

Number of Attacker Source IP Connections per Connection Type (Attack, Intrusion, Total Traffic)

Number of Attacker Source IP Connections per Distinct Attacker Source IP + Country Code

Number of Attacker Source IP Connections per Distinct Protocol

Number of Malware Samples per Distinct Malware Name

Number of Malware Attack Connections per Exposed Destination Ports

Number of Attacker Source IP Connections per Distinct Attacker Source IP

Number of Attacker Source IP Connections per Distinct Username/Password/Combination

Number of Attacker Source IP Connections per Attack Type

Number of Attacker Source IP Connections by Distinct Destination IP

Bar

[8]

[21]

[73]

[74]

[76]

[77]

[82]

[84]

[85]

[86]

[88]

[90]

[91]

[92]

[93]

[96]

[97]

[100]

Time Unit by Time Unit

Exposed Destination Ports by Time Unit

Heatmap

[4]

Subnetworks of Scanning Sources

Hilbert-curve

[76]

Number of Passwords by Password Length

Number of Attacker Unique Source IP by Inefficiency Ratio

Histogram

[88]

Attacker Source IP by Exposed Destination Port

Parallel

[5]

Number of Attacker Source Packets per Distinct Attacker Source IP + Location

(e.g. Country Code)

Number of Attacker Source IP Connections per Distinct Attacker Source IP + Location

(e.g. Country Code)

Number of Attacker Source IP Connections per Distinct Attacker Protocol + Source IP Location

(e.g. Country Code)

Number of Attacker Source IP Connections per Distinct Attacker Source IP + Location

(e.g. Country Name)

Destination IP + Location (e.g. Country Code)

World Map

[21]

[22]

[82]

[91]

[94]

[95]

[97]

[99]

Variance Components

Attacker Source Packet Size by Time Unit

English Dictionary Words by French Dictionary Words

Scatter,

Dendrogram

[3]

[5]

[81]

[83]

[98]

[101]

[103]