Ns3 Projects for B.E/B.Tech M.E/M.Tech PhD Scholars.  Phone-Number:9790238391   E-mail: ns3simulation@gmail.com

How to Calculate Network Detection accuracy in ns3

To calculate the network detection accuracy in ns3, we need to follow the steps to implement the network intrusion detection system (NIDS) or any other detection mechanism by calculating these metrics like true positives, false positives, true negatives, and false negatives.

Here are the procedures on how to implement this in ns3:

Step-by-Step Guide to Calculate Network Detection Accuracy

  1. Set Up the Simulation Environment:
    • Download ns3 and configure it.
    • Include necessary modules for your simulation (e.g., Internet, Mobility).
  2. Create Network Topology:
    • Define nodes and configure the network topology.
    • Set up point-to-point links, WiFi devices, and mobility models for the nodes.
  3. Implement Detection Mechanism:
    • Implement a network detection mechanism (e.g., an intrusion detection system).
    • Define rules or signatures to detect malicious activities.
  4. Generate Traffic:
    • Install traffic-generating applications (e.g., UDP, TCP) on the nodes.
    • Introduce normal and malicious traffic in the network.
  5. Enable Tracing and Metrics Collection:
    • Enable tracing to capture relevant metrics such as detected attacks and actual attacks.
  6. Run the Simulation:
    • Execute the simulation and collect the trace data.
  7. Analyze the Results:
    • Post-process the trace data to calculate the detection accuracy.

Example Code Snippet for Detection Accuracy

Here’s an example of how to set up a network, implement a simple detection mechanism, and calculate detection accuracy in ns3:

#include “ns3/core-module.h”

#include “ns3/network-module.h”

#include “ns3/internet-module.h”

#include “ns3/point-to-point-module.h”

#include “ns3/applications-module.h”

#include “ns3/mobility-module.h”

#include “ns3/log.h”

using namespace ns3;

NS_LOG_COMPONENT_DEFINE (“DetectionAccuracyExample”);

int truePositives = 0;

int falsePositives = 0;

int trueNegatives = 0;

int falseNegatives = 0;

bool IsMaliciousTraffic (Ptr<const Packet> packet)

{

// Simple example: assume packets with size > 1000 bytes are malicious

return packet->GetSize () > 1000;

}

void PacketReceived (Ptr<const Packet> packet)

{

if (IsMaliciousTraffic (packet))

{

truePositives++;

NS_LOG_UNCOND (“Malicious packet detected”);

}

else

{

falseNegatives++;

NS_LOG_UNCOND (“Normal packet detected”);

}

}

void GenerateTraffic (Ptr<Socket> socket, uint32_t pktSize, uint32_t pktCount, Time pktInterval, bool isMalicious)

{

if (pktCount > 0)

{

Ptr<Packet> packet = Create<Packet> (pktSize);

socket->Send (packet);

if (isMalicious)

{

trueNegatives++;

}

else

{

falsePositives++;

}

Simulator::Schedule (pktInterval, &GenerateTraffic, socket, pktSize, pktCount – 1, pktInterval, isMalicious);

}

}

int main (int argc, char *argv[])

{

// Set up logging

LogComponentEnable (“UdpClient”, LOG_LEVEL_INFO);

LogComponentEnable (“UdpServer”, LOG_LEVEL_INFO);

// Create nodes

NodeContainer nodes;

nodes.Create (2);

// Install Mobility model

MobilityHelper mobility;

mobility.SetMobilityModel (“ns3::ConstantPositionMobilityModel”);

mobility.Install (nodes);

// Create point-to-point links

PointToPointHelper pointToPoint;

pointToPoint.SetDeviceAttribute (“DataRate”, StringValue (“5Mbps”));

pointToPoint.SetChannelAttribute (“Delay”, StringValue (“2ms”));

NetDeviceContainer devices;

devices.Add (pointToPoint.Install (nodes.Get (0), nodes.Get (1)));

// Install Internet stack

InternetStackHelper internet;

internet.Install (nodes);

// Assign IP addresses

Ipv4AddressHelper address;

address.SetBase (“10.1.1.0”, “255.255.255.0”);

Ipv4InterfaceContainer interfaces = address.Assign (devices);

// Create sockets

TypeId tid = TypeId::LookupByName (“ns3::UdpSocketFactory”);

Ptr<Socket> senderSocket = Socket::CreateSocket (nodes.Get (0), tid);

Ptr<Socket> receiverSocket = Socket::CreateSocket (nodes.Get (1), tid);

// Bind receiver socket

receiverSocket->Bind (InetSocketAddress (Ipv4Address::GetAny (), 9));

receiverSocket->SetRecvCallback (MakeCallback (&PacketReceived));

// Connect sender socket

senderSocket->Connect (InetSocketAddress (interfaces.GetAddress (1), 9));

// Generate normal traffic

Simulator::Schedule (Seconds (2.0), &GenerateTraffic, senderSocket, 512, 10, Seconds (1.0), false);

// Generate malicious traffic

Simulator::Schedule (Seconds (12.0), &GenerateTraffic, senderSocket, 2048, 10, Seconds (1.0), true);

// Run the simulation

Simulator::Stop (Seconds (25.0));

Simulator::Run ();

// Calculate detection accuracy

double accuracy = double (truePositives + trueNegatives) / (truePositives + trueNegatives + falsePositives + falseNegatives);

NS_LOG_UNCOND (“Detection Accuracy: ” << accuracy);

// Clean up

Simulator::Destroy ();

return 0;

}

Explanation:

  1. Setup Logging:
    • Enable logging for the UDP applications to track their activities.
  2. Create Nodes:
    • Create a set of nodes representing devices in the network.
  3. Install Mobility Model:
    • Install a mobility model on the nodes (e.g., ConstantPositionMobilityModel).
  4. Create Point-to-Point Links:
    • Install point-to-point links between the nodes.
  5. Install Internet Stack:
    • Install the Internet stack on the nodes.
  6. Assign IP Addresses:
    • Assign IP addresses to the network interfaces.
  7. Create Sockets:
    • Create UDP sockets for sending and receiving packets.
  8. Packet Detection:
    • Define a simple detection mechanism that classifies packets larger than 1000 bytes as malicious.
    • Use callbacks to detect and log packets as they are received.
  9. Generate Traffic:
    • Schedule functions to generate normal and malicious traffic in the network.
  10. Run Simulation:
    • Run the simulation for the specified duration.
  11. Calculate Detection Accuracy:
    • Calculate detection accuracy based on true positives, true negatives, false positives, and false negatives.

Analyzing the Results:

  • True Positives: The number of malicious packets correctly identified by the detection mechanism.
  • False Positives: The number of normal packets incorrectly identified as malicious.
  • True Negatives: The number of normal packets correctly identified as normal.
  • False Negatives: The number of malicious packets incorrectly identified as normal.
  • Detection Accuracy: Calculated as the ratio of correctly identified packets (both true positives and true negatives) to the total number of packets.

To calculate and evaluate the network intrusion detection system mechanism by using these metrics like True Positives, False Positives, True Negatives, False Negatives and then we can see the accuracy for detection in ns3 simulator.

We work on all project performance for Network Detection Accuracy in ns3tool. If you are facing any struggle then reach us.