Authors: Brent Kirkpatrick
Journal: The Intrepid Publication Series (TIPS)
Abstract: Network time is the phenomenon of setting the time on various computers in a connected network. Applications of network time range from collecting time-series data from disparate sensors to use as an indicator of compromise for cybersecurity. Due to the network being a graph, the network time might vary on a single computer. We propose a solution to the divergence of network time which guarantees that the network time will converge to stability on each computer.
Network time is potentially useful as an indicator of compromise for cybersecurity. However, if the network time oscillates due to network features, then it will not be useful as an indicator of compromise or for time-series data collection. Our current recommendation is to not use network time as an indicator of compromise. We also recommend that all time-series data, such as log files, be adjusted for both network time and time drift.