Here we implement an Intrusion detection system (IDS) in ns-3 it consists of setup a network topology then capturing the network traffic, and evaluating the traffic to identify the malevolent activities. The given below are the procedure on how to implement a general IDS in ns3 environment.

Step-by-Step Implementation

1. Install ns-3

To make sure ns3 installed on your system and we can download it from official website.

2. Define the Network Topology

Define the network topology containing:

• Normal nodes (legitimate users)
• Attacker nodes
• Server nodes
• IDS nodes (nodes used to capture and analyze traffic)

3. Create Network Nodes

Create network nodes using NodeContainer.

NodeContainer normalNodes, attackerNodes, serverNodes, idsNodes;

normalNodes.Create(3);

attackerNodes.Create(1);

serverNodes.Create(1);

idsNodes.Create(1);

4. Set Up Network Devices

Install network devices on the nodes using appropriate network interfaces, such as WiFi for wireless communication.

WifiHelper wifi;

wifi.SetStandard(WIFI_PHY_STANDARD_80211n_5GHZ);

WifiMacHelper mac;

mac.SetType(“ns3::AdhocWifiMac”);

YansWifiPhyHelper phy = YansWifiPhyHelper::Default();

YansWifiChannelHelper channel = YansWifiChannelHelper::Default();

phy.SetChannel(channel.Create());

NetDeviceContainer normalDevices = wifi.Install(phy, mac, normalNodes);

NetDeviceContainer attackerDevices = wifi.Install(phy, mac, attackerNodes);

NetDeviceContainer serverDevices = wifi.Install(phy, mac, serverNodes);

NetDeviceContainer idsDevices = wifi.Install(phy, mac, idsNodes);

5. Configure Mobility Model

Set up the mobility model for the nodes.

MobilityHelper mobility;

mobility.SetMobilityModel(“ns3::ConstantPositionMobilityModel”);

mobility.Install(normalNodes);

mobility.Install(attackerNodes);

mobility.Install(serverNodes);

mobility.Install(idsNodes);

6. Set Up Packet Capture

Configure packet capture on the IDS nodes. Use PcapHelper to capture packets.

PcapHelper pcapHelper;

Ptr<PcapFileWrapper> file = pcapHelper.CreateFile(“ids_capture.pcap”, std::ios::out, PcapHelper::DLT_PPP);

for (uint32_t i = 0; i < idsDevices.GetN(); ++i) {

    phy.EnablePcap(“ids_capture”, idsDevices.Get(i), true, true);

}

7. Implement IDS Application

Create an application that analyzes captured packets to detect intrusions. Below is an example of a simple IDS application that detects a high rate of packets as an indication of a DoS attack.

IDS Application (Example)

class IDSApplication : public Application {

public:

    void StartApplication() override {

        recvSocket = Socket::CreateSocket(GetNode(), UdpSocketFactory::GetTypeId());

        recvSocket->Bind(InetSocketAddress(Ipv4Address::GetAny(), listenPort));

        recvSocket->SetRecvCallback(MakeCallback(&IDSApplication::HandleRead, this));

    }

    void SetListenPort(uint16_t port) {

        listenPort = port;

    }

    void HandleRead(Ptr<Socket> socket) {

        Ptr<Packet> packet;

        Address from;

        while ((packet = socket->RecvFrom(from))) {

            packetsReceived++;

            double currentTime = Simulator::Now().GetSeconds();

            if (currentTime – lastTime > interval) {

                if (packetsReceived > threshold) {

                    std::cout << “Potential DoS attack detected. Packets received in last “

                              << interval << ” seconds: ” << packetsReceived << std::endl;

                }

                packetsReceived = 0;

                lastTime = currentTime;

            }

        }

    }

private:

    Ptr<Socket> recvSocket;

    uint16_t listenPort;

    uint32_t packetsReceived = 0;

    double lastTime = 0.0;

    double interval = 1.0; // Check every 1 second

    uint32_t threshold = 100; // Threshold for packet count

};

8. Set Up Applications

Install the applications on the nodes.

ApplicationContainer normalApps, attackerApps, serverApps, idsApps;

// Normal node applications (e.g., sending normal traffic)

for (uint32_t i = 0; i < normalNodes.GetN(); ++i) {

    OnOffHelper onoff(“ns3::UdpSocketFactory”, InetSocketAddress(serverNodes.Get(0)->GetObject<Ipv4>()->GetAddress(1, 0).GetLocal(), 9));

    onoff.SetConstantRate(DataRate(“500kb/s”));

    ApplicationContainer app = onoff.Install(normalNodes.Get(i));

    app.Start(Seconds(1.0));

    app.Stop(Seconds(20.0));

    normalApps.Add(app);

}

// Attacker node applications (e.g., DoS attack)

for (uint32_t i = 0; i < attackerNodes.GetN(); ++i) {

    OnOffHelper onoff(“ns3::UdpSocketFactory”, InetSocketAddress(serverNodes.Get(0)->GetObject<Ipv4>()->GetAddress(1, 0).GetLocal(), 9));

    onoff.SetConstantRate(DataRate(“10Mb/s”));

    ApplicationContainer app = onoff.Install(attackerNodes.Get(i));

    app.Start(Seconds(5.0));

    app.Stop(Seconds(20.0));

    attackerApps.Add(app);

}

// Server node application (e.g., packet sink)

PacketSinkHelper sink(“ns3::UdpSocketFactory”, InetSocketAddress(Ipv4Address::GetAny(), 9));

serverApps.Add(sink.Install(serverNodes.Get(0)));

// IDS node application

Ptr<IDSApplication> idsApp = CreateObject<IDSApplication>();

idsApp->SetListenPort(9);

idsNodes.Get(0)->AddApplication(idsApp);

idsApp->SetStartTime(Seconds(1.0));

idsApp->SetStopTime(Seconds(20.0));

idsApps.Add(idsApp);

serverApps.Start(Seconds(1.0));

serverApps.Stop(Seconds(20.0));

9. Set Up Routing Protocols

Configure routing protocols for the network.

AodvHelper aodv;

InternetStackHelper internet;

internet.SetRoutingHelper(aodv);

internet.Install(normalNodes);

internet.Install(attackerNodes);

internet.Install(serverNodes);

internet.Install(idsNodes);

10. Assign IP Addresses

Assign IP addresses to the network devices.

Ipv4AddressHelper address;

address.SetBase(“10.1.1.0”, “255.255.255.0”);

Ipv4InterfaceContainer normalInterfaces = address.Assign(normalDevices);

Ipv4InterfaceContainer attackerInterfaces = address.Assign(attackerDevices);

Ipv4InterfaceContainer serverInterfaces = address.Assign(serverDevices);

Ipv4InterfaceContainer idsInterfaces = address.Assign(idsDevices);

11. Run the Simulation

Configure the simulation runtime and execute it.

Simulator::Stop(Seconds(20.0));

Simulator::Run();

Simulator::Destroy();

Example of a Simple IDS Network Script

Here we provide the sample script to complete the intrusion detection simulation process in ns-3 environment:

#include “ns3/core-module.h”

#include “ns3/network-module.h”

#include “ns3/internet-module.h”

#include “ns3/wifi-module.h”

#include “ns3/mobility-module.h”

#include “ns3/applications-module.h”

#include “ns3/aodv-module.h”

using namespace ns3;

class IDSApplication : public Application {

public:

    void StartApplication() override {

        recvSocket = Socket::CreateSocket(GetNode(), UdpSocketFactory::GetTypeId());

        recvSocket->Bind(InetSocketAddress(Ipv4Address::GetAny(), listenPort));

        recvSocket->SetRecvCallback(MakeCallback(&IDSApplication::HandleRead, this));

    }

    void SetListenPort(uint16_t port) {

        listenPort = port;

    }

    void HandleRead(Ptr<Socket> socket) {

        Ptr<Packet> packet;

        Address from;

        while ((packet = socket->RecvFrom(from))) {

            packetsReceived++;

            double currentTime = Simulator::Now().GetSeconds();

            if (currentTime – lastTime > interval) {

                if (packetsReceived > threshold) {

                    std::cout << “Potential DoS attack detected. Packets received in last “

                              << interval << ” seconds: ” << packetsReceived << std::endl;

                }

                packetsReceived = 0;

                lastTime = currentTime;

            }

        }

    }

private:

    Ptr<Socket> recvSocket;

    uint16_t listenPort;

    uint32_t packetsReceived = 0;

    double lastTime = 0.0;

    double interval = 1.0; // Check every 1 second

    uint32_t threshold = 100; // Threshold for packet count

};

int main(int argc, char *argv[]) {

    NodeContainer normalNodes, attackerNodes, serverNodes, idsNodes;

    normalNodes.Create(3);

    attackerNodes.Create(1);

    serverNodes.Create(1);

    idsNodes.Create(1);

    // WiFi setup

    WifiHelper wifi;

    wifi.SetStandard(WIFI_PHY_STANDARD_80211n_5GHZ);

    WifiMacHelper mac;

    mac.SetType(“ns3::AdhocWifiMac”);

    YansWifiPhyHelper phy = YansWifiPhyHelper::Default();

    YansWifiChannelHelper channel = YansWifiChannelHelper::Default();

    phy.SetChannel(channel.Create());

    NetDeviceContainer normalDevices = wifi.Install(phy, mac, normalNodes);

    NetDeviceContainer attackerDevices = wifi.Install(phy, mac, attackerNodes);

    NetDeviceContainer serverDevices = wifi.Install(phy, mac, serverNodes);

    NetDeviceContainer idsDevices = wifi.Install(phy, mac, idsNodes);

    // Mobility setup

    MobilityHelper mobility;

    mobility.SetMobilityModel(“ns3::ConstantPositionMobilityModel”);

    mobility.Install(normalNodes);

    mobility.Install(attackerNodes);

    mobility.Install(serverNodes);

    mobility.Install(idsNodes);

    // Internet stack and routing

    AodvHelper aodv;

    InternetStackHelper internet;

    internet.SetRoutingHelper(aodv);

    internet.Install(normalNodes);

    internet.Install(attackerNodes);

    internet.Install(serverNodes);

    internet.Install(idsNodes);

    Ipv4AddressHelper address;

    address.SetBase(“10.1.1.0”, “255.255.255.0”);

    Ipv4InterfaceContainer normalInterfaces = address.Assign(normalDevices);

    Ipv4InterfaceContainer attackerInterfaces = address.Assign(attackerDevices);

    Ipv4InterfaceContainer serverInterfaces = address.Assign(serverDevices);

    Ipv4InterfaceContainer idsInterfaces = address.Assign(idsDevices);

    // Set up packet capture

    PcapHelper pcapHelper;

    Ptr<PcapFileWrapper> file = pcapHelper.CreateFile(“ids_capture.pcap”, std::ios::out, PcapHelper::DLT_PPP);

    for (uint32_t i = 0; i < idsDevices.GetN(); ++i) {

        phy.EnablePcap(“ids_capture”, idsDevices.Get(i), true, true);

    }

    // Install applications

    ApplicationContainer normalApps, attackerApps, serverApps, idsApps;

    // Normal node applications (e.g., sending normal traffic)

    for (uint32_t i = 0; i < normalNodes.GetN(); ++i) {

        OnOffHelper onoff(“ns3::UdpSocketFactory”, InetSocketAddress(serverNodes.Get(0)->GetObject<Ipv4>()->GetAddress(1, 0).GetLocal(), 9));

        onoff.SetConstantRate(DataRate(“500kb/s”));

        ApplicationContainer app = onoff.Install(normalNodes.Get(i));

        app.Start(Seconds(1.0));

        app.Stop(Seconds(20.0));

        normalApps.Add(app);

    }

    // Attacker node applications (e.g., DoS attack)

    for (uint32_t i = 0; i < attackerNodes.GetN(); ++i) {

        OnOffHelper onoff(“ns3::UdpSocketFactory”, InetSocketAddress(serverNodes.Get(0)->GetObject<Ipv4>()->GetAddress(1, 0).GetLocal(), 9));

        onoff.SetConstantRate(DataRate(“10Mb/s”));

        ApplicationContainer app = onoff.Install(attackerNodes.Get(i));

        app.Start(Seconds(5.0));

        app.Stop(Seconds(20.0));

        attackerApps.Add(app);

    }

    // Server node application (e.g., packet sink)

    PacketSinkHelper sink(“ns3::UdpSocketFactory”, InetSocketAddress(Ipv4Address::GetAny(), 9));

    serverApps.Add(sink.Install(serverNodes.Get(0)));

    // IDS node application

    Ptr<IDSApplication> idsApp = CreateObject<IDSApplication>();

    idsApp->SetListenPort(9);

    idsNodes.Get(0)->AddApplication(idsApp);

    idsApp->SetStartTime(Seconds(1.0));

    idsApp->SetStopTime(Seconds(20.0));

    idsApps.Add(idsApp);

    serverApps.Start(Seconds(1.0));

    serverApps.Stop(Seconds(20.0));

    Simulator::Stop(Seconds(20.0));

    Simulator::Run();

    Simulator::Destroy();

    return 0;

}

By the conclusion, we all learned how to implement the Intrusion detection system in ns3 environment and also provide the full coding and implementation support for all  Intrusion Detection System environment.