Honeypots are unconventional tools to study methods, tools, and goals of attackers. In addition to IP addresses, these tools collect also timestamps. Therefore, time series analysis of data collected by honeypots can bring different view for prediction of attacks. In the paper, we focus on the model AR(1) and bootstrap based on AR(1) model to predict attacks against honeynet. For this purpose, we used data collected in CZ.NIC honeynet consists of Kippo honeypots in medium-interaction mode. The prediction of attacks is based on 75 weeks data and it has been verified by five weeks data. In the paper, we have shown that prediction model AR(1) and bootstrap based on AR(1) model are suitable for prediction of attacks.