Metric | Graphical Method | Ref. |
Distribution of Attacker Source IP Connections per Time Unit Number of Attacker Session by Time Unit Number of Attacker Shellcode Sessions by Time Unit Number of Attacker Source IP (Connections) per Ports Sequence (per Sensor) per Time Unit Number of Attacker Source IP Connections per Distinct Attacker Source IP Number of Attacker Source IP Connections per Distinct Protocol Number of Attacker Source IP Connections per Time Unit Number of Attacker Source IP over Time Unit Number of Attacker SSH Sessions by Time Unit Number of Malware Attack Connections per Exposed Destination Port Number of Packets per Time Unit Number of Packets per Time Unit per IDS Type Number of Unique Attacker Source IP per Time Unit Number of Unique Exposed Honeypot Ports per Time Unit Proportion of Attacker Source IP across Targeted Honeypot Sensors | Line | [21] [75] [78] [80] [82] [84] [85] [86] [88] [89] [91] [92] [94] [95] [101] [102] |
Distribution of Antivirus Alerts by Antivirus type Distribution of Attacker Open Session by Country Distribution of Attacker Source IP Connections by Country Distribution of Attacker Source IP Connections by Distinct Attacker Source IP Distribution of Attacker Source IP Connections by Distinct Protocol Distribution of Attacker Source IP Connections by Exposed Destination Ports Distribution of Attacker Source IP Connections per Attack Type Distribution of Attacker Source IP Connections per Distinct Protocol Distribution of Attacker Source IP Connections per Distinct Username/Password/Combination Distribution of Attacker Source Packets by Distinct Attacker Source IP Distribution of Attacker Source Packets by Distinct Protocol Distribution of Distinct Attacker Source IP by Country Distribution of Distinct Attacker Source IP Connections by Country Distribution of Distinct Malware by Country Distribution of Malware Samples by Architecture Distribution of Shellcode Alerts by Shellcode type | Pie | [8] [21] [74] [77] [78] [79] [84] [87] [88] [91] [92] [96] [99] |
Number of Attacker Source IP Connections by Exposed Destination Ports Distribution of Attacker Source IP Connections per Subnetwork Class Number of Attacker Source IP Connections per Connection Status (Failure, Success) Number of Attacker Source IP Connections per Time Unit Number of Distinct Connection Commands per Time Unit Number of Attack Sessions by Exposed Destination Ports Number of Attacker Source IP Connections per Country Number of Attacker Source IP Connections per Distinct Operating System Name Number of Attacker Source IP per Country Number of Attacker Source IP Connections per Connection Type (Attack, Intrusion, Total Traffic) Number of Attacker Source IP Connections per Distinct Attacker Source IP + Country Code Number of Attacker Source IP Connections per Distinct Protocol Number of Malware Samples per Distinct Malware Name Number of Malware Attack Connections per Exposed Destination Ports Number of Attacker Source IP Connections per Distinct Attacker Source IP Number of Attacker Source IP Connections per Distinct Username/Password/Combination Number of Attacker Source IP Connections per Attack Type Number of Attacker Source IP Connections by Distinct Destination IP | Bar | [8] [21] [73] [74] [76] [77] [82] [84] [85] [86] [88] [90] [91] [92] [93] [96] [97] [100] |
Time Unit by Time Unit Exposed Destination Ports by Time Unit | Heatmap | [4] |
Subnetworks of Scanning Sources | Hilbert-curve | [76] |
Number of Passwords by Password Length Number of Attacker Unique Source IP by Inefficiency Ratio | Histogram | [88] |
Attacker Source IP by Exposed Destination Port | Parallel | [5] |
Number of Attacker Source Packets per Distinct Attacker Source IP + Location (e.g. Country Code) Number of Attacker Source IP Connections per Distinct Attacker Source IP + Location (e.g. Country Code) Number of Attacker Source IP Connections per Distinct Attacker Protocol + Source IP Location (e.g. Country Code) Number of Attacker Source IP Connections per Distinct Attacker Source IP + Location (e.g. Country Name) Destination IP + Location (e.g. Country Code) | World Map | [21] [22] [82] [91] [94] [95] [97] [99] |
Variance Components Attacker Source Packet Size by Time Unit English Dictionary Words by French Dictionary Words | Scatter, Dendrogram | [3] [5] [81] [83] [98] [101] [103] |