A Honeypot-assisted Industrial Control System to Detect Replication Attacks on Wireless Sensor Networks

Industrial Control Systems (ICSs), which work based on Wireless Sensor Networks (WSNs), are prone to hacking and attacks. In node simulation attacks against ICS networks, the enemy may capture a sensor node and then make multiple copies with the same identifier (ID), code, and encryption of the recorded node. Unfortunately, many Intrusion Detection Systems (IDSs)  are not efficient to detect clone attacks in ICSs. An alternative solution to improve the performance of early detection is a honeypot. This paper proposes a centralized architecture for detecting copy or clone nodes using a local multicast intrusion detection system. We divide the WSN into sections and give each one an inspector node. Each inspector node monitors its region and uses the node ID to identify clone nodes. We offer solutions for situations where the cluster-head is endangered. We also provide solutions for other cases where the natural node is compromised. Our evaluations show that the proposed system maximizes the detection probability and, at the same time, has a low connection overhead.