@article{4734,
  author = {Duong Van Hieu},
  title = {Beyond the Mean: Quantile-Based Statistical Characterization of Network Response Time for Cyber Threat Severity Assessment and Intrusion Detection},
  journal = {Journal of Information Security Research},
  year = {2026},
  volume = {17},
  number = {2},
  doi = {https://doi.org/10.6025/jisr/2026/17/2/76-90},
  url = {https://www.dline.info/jisr/fulltext/v17n2/jisrv17n2_1.pdf},
  abstract = {Traditional cyber risk assessment and intrusion detection systems frequently rely on mean based statistical
summaries, which inadequately capture the extreme events and heavy tailed distributions inherent in
network traffic. This study introduces a quantile based analytical framework to characterize network
response time as a robust indicator of cyber threat severity. Utilizing a comprehensive real world dataset
comprising over 211,000 network flows, we evaluate response time distributions across threat severity
levels, detection statuses, attack categories, and temporal dynamics. The analysis reveals pronounced rightskewness,
zero inflation, and substantial variance in response times, rendering average-based metrics
insufficient. Quantile based comparisons demonstrate that high severity threats are distinguished not by
typical interaction durations but by significantly elevated upper quantiles, reflecting prolonged, complex
attack behaviors. Furthermore, detection systems exhibit higher efficacy against long duration sessions,
highlighting potential blind spots for transient or stealthy attacks. Temporal analysis further confirms the
bursty, clustered nature of malicious activity. By shifting focus from central tendency to distributional tail
behavior, this quantile driven approach provides a more nuanced and accurate foundation for severity
assessment and anomaly detection. The findings underscore the necessity of integrating robust statistical
modeling with machine learning frameworks to enhance cyber defense capabilities. Future research will
prioritize real time implementation, model interpretability, and validation across diverse operational
networks to ensure scalable and practical deployment in dynamic threat landscapes.},
}