Ns3 Projects for B.E/B.Tech M.E/M.Tech PhD Scholars.  Phone-Number:9790238391   E-mail: ns3simulation@gmail.com

How To Implement Intrusion Prevention Systems in NS3

To Implement an Intrusion Prevention System (IPS) in ns-3 includes creating applications for monitoring the network traffic for suspicious activities and to take action to prevent potential threats. Here the steps given to guide on how to set up a basic network with IPS functionalities using ns-3.

Step-by-Step Implementation of Intrusion Prevention System (IPS) in ns-3

  1. Install ns-3

 Install ns-3 on the system.

  1. Define the Network Topology

Define the network topology including:

  • Normal nodes (legitimate users)
  • Attacker nodes
  • Server nodes
  • IPS nodes (nodes used to monitor and prevent attacks)
  1. Create Network Nodes

Create network nodes using NodeContainer.

NodeContainer normalNodes, attackerNodes, serverNodes, ipsNodes;

normalNodes.Create(3);

attackerNodes.Create(1);

serverNodes.Create(1);

ipsNodes.Create(1);

4. Set Up Network Devices

Install network devices on the nodes using appropriate network interfaces, such as WiFi for wireless communication.

WifiHelper wifi;

wifi.SetStandard(WIFI_PHY_STANDARD_80211n_5GHZ);

WifiMacHelper mac;

mac.SetType(“ns3::AdhocWifiMac”);

YansWifiPhyHelper phy = YansWifiPhyHelper::Default();

YansWifiChannelHelper channel = YansWifiChannelHelper::Default();

phy.SetChannel(channel.Create());

NetDeviceContainer normalDevices = wifi.Install(phy, mac, normalNodes);

NetDeviceContainer attackerDevices = wifi.Install(phy, mac, attackerNodes);

NetDeviceContainer serverDevices = wifi.Install(phy, mac, serverNodes);

NetDeviceContainer ipsDevices = wifi.Install(phy, mac, ipsNodes);

5. Configure Mobility Model

Set up the mobility model for the nodes.

MobilityHelper mobility;

mobility.SetMobilityModel(“ns3::ConstantPositionMobilityModel”);

mobility.Install(normalNodes);

mobility.Install(attackerNodes);

mobility.Install(serverNodes);

mobility.Install(ipsNodes);

6. Set Up Packet Capture

Configure packet capture on the IPS nodes. Use PcapHelper to capture packets.

PcapHelper pcapHelper;

Ptr<PcapFileWrapper>file=pcapHelper.CreateFile(“ips_capture.pcap”,std::ios::out, PcapHelper::DLT_PPP);

for (uint32_t i = 0; i < ipsDevices.GetN(); ++i) {

    phy.EnablePcap(“ips_capture”, ipsDevices.Get(i), true, true);

}

7. Implement IPS Application

Create an application that monitors and prevents attacks. Below is a simple example of an application that detects a high rate of packets as a potential threat and then blocks the attacker.

IPS Application (Example)

class IPSApplication : public Application {

public:

    void StartApplication() override {

        recvSocket = Socket::CreateSocket(GetNode(), UdpSocketFactory::GetTypeId());

        recvSocket->Bind(InetSocketAddress(Ipv4Address::GetAny(), listenPort));

        recvSocket->SetRecvCallback(MakeCallback(&IPSApplication::HandleRead, this));

    }

    void SetListenPort(uint16_t port) {

        listenPort = port;

    }

    void HandleRead(Ptr<Socket> socket) {

        Ptr<Packet> packet;

        Address from;

        while ((packet = socket->RecvFrom(from))) {

            packetsReceived++;

            Ipv4Address senderAddr = InetSocketAddress::ConvertFrom(from).GetIpv4();

            double currentTime = Simulator::Now().GetSeconds();

            if (currentTime – lastTime > interval) {

                if (packetsReceived > threshold) {

                    std::cout << “Potential threat detected from ” << senderAddr << “. Packets received in last “

                              << interval << ” seconds: ” << packetsReceived << std::endl;

                    BlockAddress(senderAddr);

                }

                packetsReceived = 0;

                lastTime = currentTime;

            }

        }

    }

    void BlockAddress(Ipv4Address address) {

        Ipv4StaticRoutingHelper ipv4RoutingHelper;

        Ptr<Ipv4StaticRouting> staticRouting = ipv4RoutingHelper.GetStaticRouting(GetNode()->GetObject<Ipv4>());

        staticRouting->AddHostRouteTo(address, Ipv4Address(“127.0.0.1”), 1);

        std::cout << “Blocked address: ” << address << std::endl;

    }

private:

    Ptr<Socket> recvSocket;

    uint16_t listenPort;

    uint32_t packetsReceived = 0;

    double lastTime = 0.0;

    double interval = 1.0; // Check every 1 second

    uint32_t threshold = 100; // Threshold for packet count

};

8. Set Up Applications

Install the applications on the nodes.

ApplicationContainer normalApps, attackerApps, serverApps, ipsApps;

// Normal node applications (e.g., sending normal traffic)

for (uint32_t i = 0; i < normalNodes.GetN(); ++i) {

    OnOffHelper onoff(“ns3::UdpSocketFactory”, InetSocketAddress(serverNodes.Get(0)->GetObject<Ipv4>()->GetAddress(1, 0).GetLocal(), 9));

    onoff.SetConstantRate(DataRate(“500kb/s”));

    ApplicationContainer app = onoff.Install(normalNodes.Get(i));

    app.Start(Seconds(1.0));

    app.Stop(Seconds(20.0));

    normalApps.Add(app);

}

// Attacker node applications (e.g., DoS attack)

for (uint32_t i = 0; i < attackerNodes.GetN(); ++i) {

    OnOffHelper onoff(“ns3::UdpSocketFactory”, InetSocketAddress(serverNodes.Get(0)->GetObject<Ipv4>()->GetAddress(1, 0).GetLocal(), 9));

    onoff.SetConstantRate(DataRate(“10Mb/s”));

    ApplicationContainer app = onoff.Install(attackerNodes.Get(i));

    app.Start(Seconds(5.0));

    app.Stop(Seconds(20.0));

    attackerApps.Add(app);

}

// Server node application (e.g., packet sink)

PacketSinkHelpersink(“ns3::UdpSocketFactory”, InetSocketAddress(Ipv4Address::GetAny(), 9));

serverApps.Add(sink.Install(serverNodes.Get(0)));

// IPS node application

Ptr<IPSApplication> ipsApp = CreateObject<IPSApplication>();

ipsApp->SetListenPort(9);

ipsNodes.Get(0)->AddApplication(ipsApp);

ipsApp->SetStartTime(Seconds(1.0));

ipsApp->SetStopTime(Seconds(20.0));

ipsApps.Add(ipsApp);

serverApps.Start(Seconds(1.0));

serverApps.Stop(Seconds(20.0));

9. Set Up Routing Protocols

Configure routing protocols for the network.

AodvHelper aodv;

InternetStackHelper internet;

internet.SetRoutingHelper(aodv);

internet.Install(normalNodes);

internet.Install(attackerNodes);

internet.Install(serverNodes);

internet.Install(ipsNodes);

10. Assign IP Addresses

Assign IP addresses to the network devices.

Ipv4AddressHelper address;

address.SetBase(“10.1.1.0”, “255.255.255.0”);

Ipv4InterfaceContainer normalInterfaces = address.Assign(normalDevices);

Ipv4InterfaceContainer attackerInterfaces = address.Assign(attackerDevices);

Ipv4InterfaceContainer serverInterfaces = address.Assign(serverDevices);

Ipv4InterfaceContainer ipsInterfaces = address.Assign(ipsDevices);

11. Run the Simulation

Configure the simulation runtime and execute it.

Simulator::Stop(Seconds(20.0));

Simulator::Run();

Simulator::Destroy();

Example of a Simple IPS Network Script

#include “ns3/core-module.h”

#include “ns3/network-module.h”

#include “ns3/internet-module.h”

#include “ns3/wifi-module.h”

#include “ns3/mobility-module.h”

#include “ns3/applications-module.h”

#include “ns3/aodv-module.h”

using namespace ns3;

class IPSApplication : public Application {

public:

    void StartApplication() override {

        recvSocket = Socket::CreateSocket(GetNode(), UdpSocketFactory::GetTypeId());

        recvSocket->Bind(InetSocketAddress(Ipv4Address::GetAny(), listenPort));

        recvSocket->SetRecvCallback(MakeCallback(&IPSApplication::HandleRead, this));

    }

    void SetListenPort(uint16_t port) {

        listenPort = port;

    }

    void HandleRead(Ptr<Socket> socket) {

        Ptr<Packet> packet;

        Address from;

        while ((packet = socket->RecvFrom(from))) {

            packetsReceived++;

            Ipv4Address senderAddr = InetSocketAddress::ConvertFrom(from).GetIpv4();

            double currentTime = Simulator::Now().GetSeconds();

            if (currentTime – lastTime > interval) {

                if (packetsReceived > threshold) {

                    std::cout << “Potential threat detected from ” << senderAddr << “. Packets received in last “

                              << interval << ” seconds: ” << packetsReceived << std::endl;

                    BlockAddress(senderAddr);

                }

                packetsReceived = 0;

                lastTime = currentTime;

            }

        }

    }

    void BlockAddress(Ipv4Address address) {

        Ipv4StaticRoutingHelper ipv4RoutingHelper;

        Ptr<Ipv4StaticRouting> staticRouting = ipv4RoutingHelper.GetStaticRouting(GetNode()->GetObject<Ipv4>());

        staticRouting->AddHostRouteTo(address, Ipv4Address(“127.0.0.1”), 1);

        std::cout << “Blocked address: ” << address << std::endl;

    }

private:

    Ptr<Socket> recvSocket;

    uint16_t listenPort;

    uint32_t packetsReceived = 0;

    double lastTime = 0.0;

    double interval = 1.0; // Check every 1 second

    uint32_t threshold = 100; // Threshold for packet count

};

int main(int argc, char *argv[]) {

    NodeContainer normalNodes, attackerNodes, serverNodes, ipsNodes;

    normalNodes.Create(3);

    attackerNodes.Create(1);

    serverNodes.Create(1);

    ipsNodes.Create(1);

    // WiFi setup

    WifiHelper wifi;

    wifi.SetStandard(WIFI_PHY_STANDARD_80211n_5GHZ);

    WifiMacHelper mac;

    mac.SetType(“ns3::AdhocWifiMac”);

    YansWifiPhyHelper phy = YansWifiPhyHelper::Default();

    YansWifiChannelHelper channel = YansWifiChannelHelper::Default();

    phy.SetChannel(channel.Create());

    NetDeviceContainer normalDevices = wifi.Install(phy, mac, normalNodes);

    NetDeviceContainer attackerDevices = wifi.Install(phy, mac, attackerNodes);

    NetDeviceContainer serverDevices = wifi.Install(phy, mac, serverNodes);

    NetDeviceContainer ipsDevices = wifi.Install(phy, mac, ipsNodes);

    // Mobility setup

    MobilityHelper mobility;

    mobility.SetMobilityModel(“ns3::ConstantPositionMobilityModel”);

    mobility.Install(normalNodes);

    mobility.Install(attackerNodes);

    mobility.Install(serverNodes);

    mobility.Install(ipsNodes);

    // Internet stack and routing

    AodvHelper aodv;

    InternetStackHelper internet;

    internet.SetRoutingHelper(aodv);

    internet.Install(normalNodes);

    internet.Install(attackerNodes);

    internet.Install(serverNodes);

    internet.Install(ipsNodes);

    Ipv4AddressHelper address;

    address.SetBase(“10.1.1.0”, “255.255.255.0”);

    Ipv4InterfaceContainer normalInterfaces = address.Assign(normalDevices);

    Ipv4InterfaceContainer attackerInterfaces = address.Assign(attackerDevices);

    Ipv4InterfaceContainer serverInterfaces = address.Assign(serverDevices);

    Ipv4InterfaceContainer ipsInterfaces = address.Assign(ipsDevices);

    // Set up packet capture

    PcapHelper pcapHelper;

    Ptr<PcapFileWrapper> file = pcapHelper.CreateFile(“ips_capture.pcap”, std::ios::out, PcapHelper::DLT_PPP);

    for (uint32_t i = 0; i < ipsDevices.GetN(); ++i) {

        phy.EnablePcap(“ips_capture”, ipsDevices.Get(i), true, true);

    }

    // Install applications

    ApplicationContainer normalApps, attackerApps, serverApps, ipsApps;

    // Normal node applications (e.g., sending normal traffic)

    for (uint32_t i = 0; i < normalNodes.GetN(); ++i) {

        OnOffHelper onoff(“ns3::UdpSocketFactory”, InetSocketAddress(serverNodes.Get(0)->GetObject<Ipv4>()->GetAddress(1, 0).GetLocal(), 9));

        onoff.SetConstantRate(DataRate(“500kb/s”));

        ApplicationContainer app = onoff.Install(normalNodes.Get(i));

        app.Start(Seconds(1.0));

        app.Stop(Seconds(20.0));

        normalApps.Add(app);

    }

    // Attacker node applications (e.g., DoS attack)

    for (uint32_t i = 0; i < attackerNodes.GetN(); ++i) {

        OnOffHelper onoff(“ns3::UdpSocketFactory”, InetSocketAddress(serverNodes.Get(0)->GetObject<Ipv4>()->GetAddress(1, 0).GetLocal(), 9));

        onoff.SetConstantRate(DataRate(“10Mb/s”));

        ApplicationContainer app = onoff.Install(attackerNodes.Get(i));

        app.Start(Seconds(5.0));

        app.Stop(Seconds(20.0));

        attackerApps.Add(app);

    }

    // Server node application (e.g., packet sink)

    PacketSinkHelper sink(“ns3::UdpSocketFactory”, InetSocketAddress(Ipv4Address::GetAny(), 9));

    serverApps.Add(sink.Install(serverNodes.Get(0)));

    // IPS node application

    Ptr<IPSApplication> ipsApp = CreateObject<IPSApplication>();

    ipsApp->SetListenPort(9);

    ipsNodes.Get(0)->AddApplication(ipsApp);

    ipsApp->SetStartTime(Seconds(1.0));

    ipsApp->SetStopTime(Seconds(20.0));

    ipsApps.Add(ipsApp);

    serverApps.Start(Seconds(1.0));

    serverApps.Stop(Seconds(20.0));

    Simulator::Stop(Seconds(20.0));

    Simulator::Run();

    Simulator::Destroy();

    return 0;

}

Finally, we have learn to implement Intrusion prevention system (IPS) in ns-3 and we support all kind of advancement in IPS to prevent potential threats.