A Network-based Event Detection Module Using NTP for Cyber Attacks on IoT

Developing countermeasures against cyber attacks is an urgent issue in Internet of Things (IoT) environment, and event detection is becoming increasingly important to detect events as the presages of a security incident. This paper proposes an event detection module which can be embedded into IoT devices. The proposed module focuses on the system behavior under cyber attacks and detects events utilizing information from Network Time Protocol (NTP) commonly used in network time synchronization service. This module works under a wireless access point (AP) and detects events on IoT devices linked to the AP. Different from the existing modules, it does not require any additional appliances nor periodic maintenance involving technical knowledges. We conducted demonstration experiments with the developed module generating pseudo cyber attacks. The result shows that the proposed module achieves high recall and precision values, indicating its usefulness in the real time event detection on IoT.