To Implement an Intrusion Prevention System (IPS) in ns-3 includes creating applications for monitoring the network traffic for suspicious activities and to take action to prevent potential threats. Here the steps given to guide on how to set up a basic network with IPS functionalities using ns-3.
Step-by-Step Implementation of Intrusion Prevention System (IPS) in ns-3
- Install ns-3
Install ns-3 on the system.
- Define the Network Topology
Define the network topology including:
- Normal nodes (legitimate users)
- Attacker nodes
- Server nodes
- IPS nodes (nodes used to monitor and prevent attacks)
- Create Network Nodes
Create network nodes using NodeContainer.
NodeContainer normalNodes, attackerNodes, serverNodes, ipsNodes;
normalNodes.Create(3);
attackerNodes.Create(1);
serverNodes.Create(1);
ipsNodes.Create(1);
4. Set Up Network Devices
Install network devices on the nodes using appropriate network interfaces, such as WiFi for wireless communication.
WifiHelper wifi;
wifi.SetStandard(WIFI_PHY_STANDARD_80211n_5GHZ);
WifiMacHelper mac;
mac.SetType(“ns3::AdhocWifiMac”);
YansWifiPhyHelper phy = YansWifiPhyHelper::Default();
YansWifiChannelHelper channel = YansWifiChannelHelper::Default();
phy.SetChannel(channel.Create());
NetDeviceContainer normalDevices = wifi.Install(phy, mac, normalNodes);
NetDeviceContainer attackerDevices = wifi.Install(phy, mac, attackerNodes);
NetDeviceContainer serverDevices = wifi.Install(phy, mac, serverNodes);
NetDeviceContainer ipsDevices = wifi.Install(phy, mac, ipsNodes);
5. Configure Mobility Model
Set up the mobility model for the nodes.
MobilityHelper mobility;
mobility.SetMobilityModel(“ns3::ConstantPositionMobilityModel”);
mobility.Install(normalNodes);
mobility.Install(attackerNodes);
mobility.Install(serverNodes);
mobility.Install(ipsNodes);
6. Set Up Packet Capture
Configure packet capture on the IPS nodes. Use PcapHelper to capture packets.
PcapHelper pcapHelper;
Ptr<PcapFileWrapper>file=pcapHelper.CreateFile(“ips_capture.pcap”,std::ios::out, PcapHelper::DLT_PPP);
for (uint32_t i = 0; i < ipsDevices.GetN(); ++i) {
phy.EnablePcap(“ips_capture”, ipsDevices.Get(i), true, true);
}
7. Implement IPS Application
Create an application that monitors and prevents attacks. Below is a simple example of an application that detects a high rate of packets as a potential threat and then blocks the attacker.
IPS Application (Example)
class IPSApplication : public Application {
public:
void StartApplication() override {
recvSocket = Socket::CreateSocket(GetNode(), UdpSocketFactory::GetTypeId());
recvSocket->Bind(InetSocketAddress(Ipv4Address::GetAny(), listenPort));
recvSocket->SetRecvCallback(MakeCallback(&IPSApplication::HandleRead, this));
}
void SetListenPort(uint16_t port) {
listenPort = port;
}
void HandleRead(Ptr<Socket> socket) {
Ptr<Packet> packet;
Address from;
while ((packet = socket->RecvFrom(from))) {
packetsReceived++;
Ipv4Address senderAddr = InetSocketAddress::ConvertFrom(from).GetIpv4();
double currentTime = Simulator::Now().GetSeconds();
if (currentTime – lastTime > interval) {
if (packetsReceived > threshold) {
std::cout << “Potential threat detected from ” << senderAddr << “. Packets received in last “
<< interval << ” seconds: ” << packetsReceived << std::endl;
BlockAddress(senderAddr);
}
packetsReceived = 0;
lastTime = currentTime;
}
}
}
void BlockAddress(Ipv4Address address) {
Ipv4StaticRoutingHelper ipv4RoutingHelper;
Ptr<Ipv4StaticRouting> staticRouting = ipv4RoutingHelper.GetStaticRouting(GetNode()->GetObject<Ipv4>());
staticRouting->AddHostRouteTo(address, Ipv4Address(“127.0.0.1”), 1);
std::cout << “Blocked address: ” << address << std::endl;
}
private:
Ptr<Socket> recvSocket;
uint16_t listenPort;
uint32_t packetsReceived = 0;
double lastTime = 0.0;
double interval = 1.0; // Check every 1 second
uint32_t threshold = 100; // Threshold for packet count
};
8. Set Up Applications
Install the applications on the nodes.
ApplicationContainer normalApps, attackerApps, serverApps, ipsApps;
// Normal node applications (e.g., sending normal traffic)
for (uint32_t i = 0; i < normalNodes.GetN(); ++i) {
OnOffHelper onoff(“ns3::UdpSocketFactory”, InetSocketAddress(serverNodes.Get(0)->GetObject<Ipv4>()->GetAddress(1, 0).GetLocal(), 9));
onoff.SetConstantRate(DataRate(“500kb/s”));
ApplicationContainer app = onoff.Install(normalNodes.Get(i));
app.Start(Seconds(1.0));
app.Stop(Seconds(20.0));
normalApps.Add(app);
}
// Attacker node applications (e.g., DoS attack)
for (uint32_t i = 0; i < attackerNodes.GetN(); ++i) {
OnOffHelper onoff(“ns3::UdpSocketFactory”, InetSocketAddress(serverNodes.Get(0)->GetObject<Ipv4>()->GetAddress(1, 0).GetLocal(), 9));
onoff.SetConstantRate(DataRate(“10Mb/s”));
ApplicationContainer app = onoff.Install(attackerNodes.Get(i));
app.Start(Seconds(5.0));
app.Stop(Seconds(20.0));
attackerApps.Add(app);
}
// Server node application (e.g., packet sink)
PacketSinkHelpersink(“ns3::UdpSocketFactory”, InetSocketAddress(Ipv4Address::GetAny(), 9));
serverApps.Add(sink.Install(serverNodes.Get(0)));
// IPS node application
Ptr<IPSApplication> ipsApp = CreateObject<IPSApplication>();
ipsApp->SetListenPort(9);
ipsNodes.Get(0)->AddApplication(ipsApp);
ipsApp->SetStartTime(Seconds(1.0));
ipsApp->SetStopTime(Seconds(20.0));
ipsApps.Add(ipsApp);
serverApps.Start(Seconds(1.0));
serverApps.Stop(Seconds(20.0));
9. Set Up Routing Protocols
Configure routing protocols for the network.
AodvHelper aodv;
InternetStackHelper internet;
internet.SetRoutingHelper(aodv);
internet.Install(normalNodes);
internet.Install(attackerNodes);
internet.Install(serverNodes);
internet.Install(ipsNodes);
10. Assign IP Addresses
Assign IP addresses to the network devices.
Ipv4AddressHelper address;
address.SetBase(“10.1.1.0”, “255.255.255.0”);
Ipv4InterfaceContainer normalInterfaces = address.Assign(normalDevices);
Ipv4InterfaceContainer attackerInterfaces = address.Assign(attackerDevices);
Ipv4InterfaceContainer serverInterfaces = address.Assign(serverDevices);
Ipv4InterfaceContainer ipsInterfaces = address.Assign(ipsDevices);
11. Run the Simulation
Configure the simulation runtime and execute it.
Simulator::Stop(Seconds(20.0));
Simulator::Run();
Simulator::Destroy();
Example of a Simple IPS Network Script
#include “ns3/core-module.h”
#include “ns3/network-module.h”
#include “ns3/internet-module.h”
#include “ns3/wifi-module.h”
#include “ns3/mobility-module.h”
#include “ns3/applications-module.h”
#include “ns3/aodv-module.h”
using namespace ns3;
class IPSApplication : public Application {
public:
void StartApplication() override {
recvSocket = Socket::CreateSocket(GetNode(), UdpSocketFactory::GetTypeId());
recvSocket->Bind(InetSocketAddress(Ipv4Address::GetAny(), listenPort));
recvSocket->SetRecvCallback(MakeCallback(&IPSApplication::HandleRead, this));
}
void SetListenPort(uint16_t port) {
listenPort = port;
}
void HandleRead(Ptr<Socket> socket) {
Ptr<Packet> packet;
Address from;
while ((packet = socket->RecvFrom(from))) {
packetsReceived++;
Ipv4Address senderAddr = InetSocketAddress::ConvertFrom(from).GetIpv4();
double currentTime = Simulator::Now().GetSeconds();
if (currentTime – lastTime > interval) {
if (packetsReceived > threshold) {
std::cout << “Potential threat detected from ” << senderAddr << “. Packets received in last “
<< interval << ” seconds: ” << packetsReceived << std::endl;
BlockAddress(senderAddr);
}
packetsReceived = 0;
lastTime = currentTime;
}
}
}
void BlockAddress(Ipv4Address address) {
Ipv4StaticRoutingHelper ipv4RoutingHelper;
Ptr<Ipv4StaticRouting> staticRouting = ipv4RoutingHelper.GetStaticRouting(GetNode()->GetObject<Ipv4>());
staticRouting->AddHostRouteTo(address, Ipv4Address(“127.0.0.1”), 1);
std::cout << “Blocked address: ” << address << std::endl;
}
private:
Ptr<Socket> recvSocket;
uint16_t listenPort;
uint32_t packetsReceived = 0;
double lastTime = 0.0;
double interval = 1.0; // Check every 1 second
uint32_t threshold = 100; // Threshold for packet count
};
int main(int argc, char *argv[]) {
NodeContainer normalNodes, attackerNodes, serverNodes, ipsNodes;
normalNodes.Create(3);
attackerNodes.Create(1);
serverNodes.Create(1);
ipsNodes.Create(1);
// WiFi setup
WifiHelper wifi;
wifi.SetStandard(WIFI_PHY_STANDARD_80211n_5GHZ);
WifiMacHelper mac;
mac.SetType(“ns3::AdhocWifiMac”);
YansWifiPhyHelper phy = YansWifiPhyHelper::Default();
YansWifiChannelHelper channel = YansWifiChannelHelper::Default();
phy.SetChannel(channel.Create());
NetDeviceContainer normalDevices = wifi.Install(phy, mac, normalNodes);
NetDeviceContainer attackerDevices = wifi.Install(phy, mac, attackerNodes);
NetDeviceContainer serverDevices = wifi.Install(phy, mac, serverNodes);
NetDeviceContainer ipsDevices = wifi.Install(phy, mac, ipsNodes);
// Mobility setup
MobilityHelper mobility;
mobility.SetMobilityModel(“ns3::ConstantPositionMobilityModel”);
mobility.Install(normalNodes);
mobility.Install(attackerNodes);
mobility.Install(serverNodes);
mobility.Install(ipsNodes);
// Internet stack and routing
AodvHelper aodv;
InternetStackHelper internet;
internet.SetRoutingHelper(aodv);
internet.Install(normalNodes);
internet.Install(attackerNodes);
internet.Install(serverNodes);
internet.Install(ipsNodes);
Ipv4AddressHelper address;
address.SetBase(“10.1.1.0”, “255.255.255.0”);
Ipv4InterfaceContainer normalInterfaces = address.Assign(normalDevices);
Ipv4InterfaceContainer attackerInterfaces = address.Assign(attackerDevices);
Ipv4InterfaceContainer serverInterfaces = address.Assign(serverDevices);
Ipv4InterfaceContainer ipsInterfaces = address.Assign(ipsDevices);
// Set up packet capture
PcapHelper pcapHelper;
Ptr<PcapFileWrapper> file = pcapHelper.CreateFile(“ips_capture.pcap”, std::ios::out, PcapHelper::DLT_PPP);
for (uint32_t i = 0; i < ipsDevices.GetN(); ++i) {
phy.EnablePcap(“ips_capture”, ipsDevices.Get(i), true, true);
}
// Install applications
ApplicationContainer normalApps, attackerApps, serverApps, ipsApps;
// Normal node applications (e.g., sending normal traffic)
for (uint32_t i = 0; i < normalNodes.GetN(); ++i) {
OnOffHelper onoff(“ns3::UdpSocketFactory”, InetSocketAddress(serverNodes.Get(0)->GetObject<Ipv4>()->GetAddress(1, 0).GetLocal(), 9));
onoff.SetConstantRate(DataRate(“500kb/s”));
ApplicationContainer app = onoff.Install(normalNodes.Get(i));
app.Start(Seconds(1.0));
app.Stop(Seconds(20.0));
normalApps.Add(app);
}
// Attacker node applications (e.g., DoS attack)
for (uint32_t i = 0; i < attackerNodes.GetN(); ++i) {
OnOffHelper onoff(“ns3::UdpSocketFactory”, InetSocketAddress(serverNodes.Get(0)->GetObject<Ipv4>()->GetAddress(1, 0).GetLocal(), 9));
onoff.SetConstantRate(DataRate(“10Mb/s”));
ApplicationContainer app = onoff.Install(attackerNodes.Get(i));
app.Start(Seconds(5.0));
app.Stop(Seconds(20.0));
attackerApps.Add(app);
}
// Server node application (e.g., packet sink)
PacketSinkHelper sink(“ns3::UdpSocketFactory”, InetSocketAddress(Ipv4Address::GetAny(), 9));
serverApps.Add(sink.Install(serverNodes.Get(0)));
// IPS node application
Ptr<IPSApplication> ipsApp = CreateObject<IPSApplication>();
ipsApp->SetListenPort(9);
ipsNodes.Get(0)->AddApplication(ipsApp);
ipsApp->SetStartTime(Seconds(1.0));
ipsApp->SetStopTime(Seconds(20.0));
ipsApps.Add(ipsApp);
serverApps.Start(Seconds(1.0));
serverApps.Stop(Seconds(20.0));
Simulator::Stop(Seconds(20.0));
Simulator::Run();
Simulator::Destroy();
return 0;
}
Finally, we have learn to implement Intrusion prevention system (IPS) in ns-3 and we support all kind of advancement in IPS to prevent potential threats.