An Event Detection Method for Cyber Attacks on IoT Using Time Synchronization Service

Tamotsu KAWAMURA  Masaru FUKUSHI  Yasushi HIRANO  Yusuke FUJITA  Yoshihiko HAMAMOTO  

Publication
D - Abstracts of IEICE TRANSACTIONS on Information and Systems (Japanese Edition)   Vol.J101-D   No.5   pp.742-753
Publication Date: 2018/05/01
Online ISSN: 1881-0225
DOI: 
Type of Manuscript: PAPER
Category: 
Keyword: 
IoT,  cyber attack,  event detection,  presage,  time synchronization service,  

Full Text(in Japanese): PDF(1.7MB)
>>Buy this Article


Summary: 
Developing countermeasures against cyber attacks is an urgent issue in IoT (Internet of Things), and event detection is becoming increasingly important to detect events as the presages of a security incident. Existing event detection methods and products target the traditional computers and the environment; therefore, they are not suitable for real-time event detection in the IoT environment where system resource is limited. This paper proposes an event detection method utilizing widely-used time synchronization service and develops a lightweight event detection module which can be embedded into IoT devices. The proposed method detects events focusing on the following system behaviour; when target systems are under attacks, fluctuation occurs in the system clock and communication delay due to the overloaded system and network processing incurred by a chain of interrupts. Experimental results show that the developed module achieves high positive/negative likelihood ratios and F-measure, indicating its usefulness in the event detection in the IoT environment.