A Network-Based Event Detection Module Using NTP for Cyber Attacks on IoT

Developing countermeasures against cyber attacks is an urgent issue in Internet of Things (IoT) environment, and event detection is becoming increasingly important to detect events as the presages of a security incident. This paper proposes an event detection module which can be embedded into IoT devices. The proposed module focuses on the system behavior under cyber attacks and detects events utilizing information from Network Time Protocol (NTP) commonly used in network time synchronization service. This module works under a wireless access point (AP) and detects events on IoT devices linked to the AP. Different from the existing modules, it does not require any additional appliances nor periodic maintenance involving technical knowledges. We conducted demonstration experiments with the developed module generating pseudo cyber attacks. The result shows that the proposed module achieves high recall and precision values, indicating its usefulness in the real time event detection on IoT.

[1]  D. Shapiro,et al.  The interpretation of diagnostic tests , 1999, Statistical methods in medical research.

[2]  David L. Mills,et al.  Network Time Protocol Version 4: Protocol and Algorithms Specification , 2010, RFC.

[3]  Santosh Kumar Singh,et al.  Anomaly based DDoS Attack Detection , 2015 .

[4]  P. Robinson The interpretation of diagnostic tests. , 1987, Nuclear medicine communications.

[5]  Jin Cao,et al.  An Automata Based Intrusion Detection Method for Internet of Things , 2017, Mob. Inf. Syst..

[6]  Emin Anarim,et al.  An intelligent intrusion detection system (IDS) for anomaly and misuse detection in computer networks , 2005, Expert Syst. Appl..

[7]  Charles R. Severance The Apache Software Foundation: Brian Behlendorf , 2012, Computer.

[8]  Sean Carlisto de Alvarenga,et al.  A survey of intrusion detection in Internet of Things , 2017, J. Netw. Comput. Appl..

[9]  Hokeun Kim,et al.  A Secure Network Architecture for the Internet of Things Based on Local Authorization Entities , 2016, 2016 IEEE 4th International Conference on Future Internet of Things and Cloud (FiCloud).

[10]  Marcus Jagemar Utilizing Hardware Monitoring to Improve the Performance of Industrial Systems , 2016 .

[11]  P. Bossuyt,et al.  The diagnostic odds ratio: a single indicator of test performance. , 2003, Journal of clinical epidemiology.

[12]  Yi Zhou,et al.  Understanding the Mirai Botnet , 2017, USENIX Security Symposium.

[13]  日本規格協会 情報技術-セキュリティ技術-情報セキュリティ管理策の実践のための規範 : ISO/IEC 27002 = Information technology-Security techniques-Code of practice for information security controls : ISO/IEC 27002 , 2013 .

[14]  Sylvain Kubler,et al.  A standardized approach to deal with firewall and mobility policies in the IoT , 2015, Pervasive Mob. Comput..

[15]  Alfredo De Santis,et al.  Infrastructure Security , 2002, Lecture Notes in Computer Science.