An Event Detection Method for Cyber Attacks on IoT Using Time Synchronization Service

Tamotsu KAWAMURA  Masaru FUKUSHI  Yasushi HIRANO  Yusuke FUJITA  Yoshihiko HAMAMOTO  

D - Abstracts of IEICE TRANSACTIONS on Information and Systems (Japanese Edition)   Vol.J101-D   No.5   pp.742-753
Publication Date: 2018/05/01
Online ISSN: 1881-0225
Type of Manuscript: PAPER
IoT,  cyber attack,  event detection,  presage,  time synchronization service,  

Full Text(in Japanese): PDF(1.7MB)
>>Buy this Article

Developing countermeasures against cyber attacks is an urgent issue in IoT (Internet of Things), and event detection is becoming increasingly important to detect events as the presages of a security incident. Existing event detection methods and products target the traditional computers and the environment; therefore, they are not suitable for real-time event detection in the IoT environment where system resource is limited. This paper proposes an event detection method utilizing widely-used time synchronization service and develops a lightweight event detection module which can be embedded into IoT devices. The proposed method detects events focusing on the following system behaviour; when target systems are under attacks, fluctuation occurs in the system clock and communication delay due to the overloaded system and network processing incurred by a chain of interrupts. Experimental results show that the developed module achieves high positive/negative likelihood ratios and F-measure, indicating its usefulness in the event detection in the IoT environment.