Industrial Control Systems (ICSs), which work based on Wireless Sensor Networks (WSNs), are prone to hacking and attacks. In node simulation attacks against ICS networks, the enemy may capture a sensor node and then make multiple copies with the same identifier (ID), code, and encryption of the recorded node. Unfortunately, many Intrusion Detection Systems (IDSs) are not efficient to detect clone attacks in ICSs. An alternative solution to improve the performance of early detection is a honeypot. This paper proposes a centralized architecture for detecting copy or clone nodes using a local multicast intrusion detection system. We divide the WSN into sections and give each one an inspector node. Each inspector node monitors its region and uses the node ID to identify clone nodes. We offer solutions for situations where the cluster-head is endangered. We also provide solutions for other cases where the natural node is compromised. Our evaluations show that the proposed system maximizes the detection probability and, at the same time, has a low connection overhead. تفاصيل المقالة

Distributed Denial of Service (DDoS) attacks are a significant threat, especially for the Internet of Things (IoT). One approach that is practically used to protect the network against DDoS attacks is the honeypot. This study proposes a new adversarial Deep Reinforcement Learning (DRL) model that can deliver better performance using experiences gained from the environment. Further regulation of the agent's behavior is made with an adversarial goal. In such an environment, an attempt is made to increase the difficulty level of predictions deliberately. In this technique, the simulated environment acts as a second agent against the primary environment. To evaluate the performance of the proposed method, we compare it with two well-known types of DDoS attacks, including NetBIOS and LDAP. Our modeling overcomes the previous models in terms of weight accuracy criteria (> 0.98) and F-score (> 0.97). The proposed adversarial RL model can be especially suitable for highly unbalanced datasets. Another advantage of our modeling is that there is no need to segregate the reward function. تفاصيل المقالة

:Thedevelopment of ICS 4.0 industry-specific cybersecurity mechanisms can reduce the vulnerability of systems to fire, explosion, human accidents, environmentaldamage, and financial loss. Honeypots are computer systems that are deployed expressly to trick attackers into thinking they are real computers. Given that vulnerabilities are the points of penetration into industrial systems, and using these weaknesses, threats are organized, and intrusion into industrial systems occurs. As a result, to learn about an attacker's behavior, tactics, strategies, and signatures, the EIDS is used to collect information on cyber-attacks, proving it to be a more helpful tool than earlier traditional ways. Attacks collected by honeypot software expose the attackers' source IP addresses as well as the target host that became a victim of the assaults. This paper proposes a novel Honeypot enhanced industrial Early Intrusion Detection System (EIDS) using Machine Learning (ML). The performance of EIDS is evaluated with ML, and the experimental results show that the proposed EIDS detects anomalous behavior of the data with a high detection rate, low false positives, and better classification accuracy. تفاصيل المقالة

The emergence of industrial Cyberinfrastructures, the development of information communication technology in industrial fields, and the remote accessibility of automated Industrial Control Systems (ICS) lead to various cyberattacks on industrial networks and Supervisory Control and Data Acquisition (SCADA) networks. Thus, it is essential to continuously improve the security of the networks of industrial control facilities. The purpose of honeypots is to deceive the attackers so that we may learn about their tactics and behavior. Security professionals gather all pertinent data on attack methods and behavior and take decisive action to tighten security controls. The simulation results demonstrate the ML-based mechanism's efficiency in monitoring the ICS panel for detection approaches. Therefore, the designed system for early intrusion detection can protect industrial systems against vulnerabilities by alerting the shortest possible time using online data mining in the EIDS database. تفاصيل المقالة