Cyber Attack Pattern Analysis Based on Geo-location and Time: A Case Study of Firewall and IDS/IPS Logs

Cyber attacks are a growing concern for organizations worldwide, requiring continuous monitoring and analysis to detect patterns and anticipate future threats. This study explores the temporal and geographical patterns of cyber attacks using log data from firewall and IDS/IPS systems, with a focus on understanding attack trends based on severity levels and monthly variations. The analysis revealed an almost even distribution of attacks, with 13,183 low severity, 13,435 medium severity, and 13,382 high severity incidents. This emphasizes the need for holistic defense strategies that address all levels of threats. Through time-series analysis, including the ARIMA model, we forecasted future attack trends, highlighting the consistency of cyber threats over time and identifying potential periods of increased activity. The monthly trend analysis showed fluctuations, with a notable peak of 906 attacks in March 2020 and a decrease to 825 attacks in April 2020, suggesting the influence of external factors such as global events. The ARIMA model provided accurate forecasts, indicating a steady rate of future attacks and underscoring the importance of continuous vigilance. While the ARIMA model captured linear trends effectively, future work should explore non-linear models, such as Long Short-Term Memory (LSTM) networks, to uncover deeper, more complex patterns in the data. This research provides critical insights into the nature of cyber attacks, offering organizations a data-driven approach to improving their cybersecurity measures. Future studies should focus on enhancing forecasting models and integrating real-time data to better anticipate emerging threats.