To implement intrusion attacks using NS3, we can replicate diverse malicious activities which concede the confidentiality, integrity, or availability of a network. Intrusion attacks can be aimed wired or wireless networks and it can range from basic packet manipulation to furthered Distributed Denial of Service (DDoS) scenarios.
Below is a complete guide to get started:
Steps to Implement Intrusion Attacks in NS3
- Understand Intrusion Attacks
Here’s a general kinds of intrusion attacks:
- Passive Attacks: Used for eavesdropping or traffic analysis.
- Active Attacks: It contains packet injection, data modification, or replay attacks.
- DoS/DDoS Attacks: Excess numbers a network or node including malicious traffic.
- Man-in-the-Middle (MITM): Capturing and modifying the interactions.
- Plan Your Intrusion Scenario
- Attacker Node(s): Replicate malicious activities.
- Victim Node(s): Target nodes, which go through the attack.
- Legitimate Traffic: Optionally contain legitimate nodes for creating the realistic situation.
- Setup the NS3 Environment
- We can install and set up NS3 using NS3 Installation instruction.
- Get more knowledge about the components such as InternetStackHelper, WifiHelper, and PointToPointHelper used for wired and wireless networks.
- Create the Network Topology
- Make a network topology including attackers, victims, and optional legitimate nodes.
- If required, we can leverage wired (point-to-point) or wireless (Wi-Fi, WSN) links.
- Implement the Attack Logic
- Packet Injection: Create and insert the malicious packets with NS3 sockets.
- Traffic Flooding: Transmit high-rate traffic for interrupting the network.
- Eavesdropping: Function within promiscuous mode to seizure packets.
- Replay Attack: After a delay, seizure and retransmit the packets.
- Monitor and Analyze
- Observe the network activities using PCAP or ASCII tracing.
- Record performance parameters such as throughput, latency, and packet delivery ratio for estimating the effect of attack.
Example: Implementing a Traffic Flooding Attack
Here’s a sample script of NS3 for replicating a basic traffic flooding attack:
#include “ns3/core-module.h”
#include “ns3/network-module.h”
#include “ns3/internet-module.h”
#include “ns3/point-to-point-module.h”
#include “ns3/applications-module.h”
using namespace ns3;
NS_LOG_COMPONENT_DEFINE(“IntrusionAttackSimulation”);
// Function to simulate a flooding attack
void FloodTraffic(Ptr<Socket> socket)
Ptr<Packet> packet = Create<Packet>(1024); // Create a 1 KB packet
socket->Send(packet);
NS_LOG_INFO(“Attacker sent a packet”);
Simulator::Schedule(MilliSeconds(10), &FloodTraffic, socket); // Send every 10ms
}
int main(int argc, char *argv[])
{
uint32_t nVictims = 2; // Number of victim nodes
double simTime = 10.0; // Simulation time in seconds
CommandLine cmd;
cmd.AddValue(“nVictims”, “Number of victim nodes”, nVictims);
cmd.AddValue(“simTime”, “Simulation time”, simTime);
cmd.Parse(argc, argv);
// Create nodes
NodeContainer attackerNode, victimNodes;
attackerNode.Create(1);
victimNodes.Create(nVictims);
// Create point-to-point links
PointToPointHelper p2p;
p2p.SetDeviceAttribute(“DataRate”, StringValue(“10Mbps”));
p2p.SetChannelAttribute(“Delay”, StringValue(“2ms”));
NetDeviceContainer devices;
for (uint32_t i = 0; i < nVictims; ++i)
{
devices.Add(p2p.Install(attackerNode.Get(0), victimNodes.Get(i)));
}
// Install Internet stack
InternetStackHelper stack;
stack.Install(attackerNode);
stack.Install(victimNodes);
// Assign IP addresses
Ipv4AddressHelper address;
address.SetBase(“10.1.1.0”, “255.255.255.0”);
address.Assign(devices);
// Configure a UDP server on each victim
UdpServerHelper server(9); // Port 9
ApplicationContainer serverApps;
for (uint32_t i = 0; i < nVictims; ++i)
{
serverApps.Add(server.Install(victimNodes.Get(i)));
}
serverApps.Start(Seconds(1.0));
serverApps.Stop(Seconds(simTime));
// Configure the attacker
Ptr<Socket> attackerSocket = Socket::CreateSocket(attackerNode.Get(0), UdpSocketFactory::GetTypeId());
attackerSocket->Connect(InetSocketAddress(Ipv4Address(“10.1.1.1”), 9)); // Connect to victim
// Start flooding attack
Simulator::Schedule(Seconds(1.5), &FloodTraffic, attackerSocket);
// Enable tracing
AsciiTraceHelper ascii;
p2p.EnableAsciiAll(ascii.CreateFileStream(“intrusion-attack.tr”));
p2p.EnablePcapAll(“intrusion-attack”);
// Run simulation
Simulator::Stop(Seconds(simTime));
Simulator::Run();
Simulator::Destroy();
return 0;
}
Explanation of the Script
- Network Topology:
- It has one attacker node and several victim nodes that are associated through point-to-point links.
- Traffic Flooding Logic:
- The attacker transmits the packets on high frequency for each 10ms.
- Logging and Tracing:
- ASCII and PCAP tracing seizure the attack’s influence over the behaviour of network.
- Simulation Parameters:
- We need to modify the amount of target nodes and simulation time to utilise command-line arguments.
Steps to Run and Analyze
- Compile and Run the Script:
./waf –run “intrusion-attack-simulation”
- Analyze Logs:
- Verify the records from the attacker for high-rate traffic.
- Measure how the targets reply to the attack.
- Capture Packets:
- Examine the PCAP files utilizing Wireshark or similar tools.
- Metrics Analysis:
- Estimate the performance indicators such as throughput, latency, and packet delivery ratio for computing the effect.
Enhancement
- Eavesdropping:
- Set up the attacker node for functioning in promiscuous mode and recording captured packets.
- Replay Attack:
- Seizure packets and resend them for replicating a replay attack.
- Detection Mechanisms:
- Execute an Intrusion Detection System (IDS) at target nodes using mechanisms for detection.
- Wireless Intrusions:
- Use WifiHelper or LrWpanHelper to adjust the script into wireless networks.
- Advanced Intrusions:
- Replicate more advanced attacks such as Man-in-the-Middle or ARP spoofing.
By using a simple implementation method in NS3, Intrusion Attack was executed and analyzed. We also offered enhancements for your advanced knowledge. We are ready to provide more details regarding this topic.