Ns3 Projects for B.E/B.Tech M.E/M.Tech PhD Scholars.  Phone-Number:9790238391   E-mail: ns3simulation@gmail.com

How to Implement Network Cybersecurity Auditing in ns3

Implementing network cybersecurity auditing in ns-3 involves creating a simulation where nodes and network infrastructure log security-related events for later analysis. The goal is to monitor, detect, and respond to security incidents, ensuring compliance with security policies and standards. Here’s how you can implement network cybersecurity auditing in ns-3:

Step-by-Step Implementation:

Step 1: Set Up ns3 Environment

  1. Install ns3: Make certain that you have installed ns3 on your computer.
  2. Familiarize Yourself with ns3: With the help of the ns3 tutorial, You can understand the basic concepts and structure of ns3 simulations.

Step 2: Define the Network Topology

  1. Create a Secure Network Topology: Define a network topology that has security devices like firewalls and IDS nodes. This involves creating multiple nodes, setting up channels, and configuring IP addresses. We’ll use a simple topology with a client, server, firewall, and IDS.

Step 3: Implement Cybersecurity Auditing Mechanisms

To implement cybersecurity auditing, we can use the following strategies:

  1. Access Control: Define rules to control which nodes can communicate.
  2. Traffic Filtering: Use firewalls to filter traffic based on predefined rules.
  3. Logging: Log all significant events for analysis and reporting.
  4. Periodic Audits: Implement periodic audits to review logs and ensure compliance with security policies.

We provide implement sample on network cybersecurity auditing:

C++ Code for ns3 Simulation (main.cc)

#include “ns3/core-module.h”

#include “ns3/network-module.h”

#include “ns3/internet-module.h”

#include “ns3/point-to-point-module.h”

#include “ns3/applications-module.h”

#include <iostream>

#include <fstream>

using namespace ns3;

void LogEvent(const std::string &event)

{

std::ofstream logFile;

logFile.open(“cybersecurity_audit_log.txt”, std::ios_base::app);

logFile << Simulator::Now().GetSeconds() << “: ” << event << std::endl;

logFile.close();

}

// Auditing application

class AuditApp : public Application

{

public:

AuditApp() {}

virtual ~AuditApp() {}

 

void Setup()

{

}

private:

virtual void StartApplication()

{

// Schedule the first audit

Simulator::Schedule(Seconds(10.0), &AuditApp::PerformAudit, this);

}

virtual void StopApplication()

{

}

void PerformAudit()

{

// Simulate an audit

std::cout << “Performing audit at ” << Simulator::Now().GetSeconds() << ” seconds.” << std::endl;

LogEvent(“Performing audit.”);

// Check if firewall and IDS are active (for demonstration purposes)

Ptr<Node> node = GetNode();

bool firewallActive = node->GetObject<FirewallApp>() != nullptr;

bool idsActive = node->GetObject<IDSApp>() != nullptr;

if (firewallActive)

{

std::cout << “Firewall is active.” << std::endl;

LogEvent(“Firewall is active.”);

}

else

{

std::cout << “Firewall is not active.” << std::endl;

LogEvent(“Firewall is not active.”);

}

if (idsActive)

{

std::cout << “IDS is active.” << std::endl;

LogEvent(“IDS is active.”);

}

else

{

std::cout << “IDS is not active.” << std::endl;

LogEvent(“IDS is not active.”);

}

// Schedule the next audit

Simulator::Schedule(Seconds(10.0), &AuditApp::PerformAudit, this);

}

};

// Firewall application

class FirewallApp : public Application

{

public:

FirewallApp() {}

virtual ~FirewallApp() {}

 

void Setup(Address address, uint16_t port)

{

m_peerAddress = address;

m_peerPort = port;

}

private:

virtual void StartApplication()

{

m_socket = Socket::CreateSocket(GetNode(), TypeId::LookupByName(“ns3::UdpSocketFactory”));

m_socket->Bind();

m_socket->Connect(InetSocketAddress(m_peerAddress, m_peerPort));

// Set up the receive callback

m_socket->SetRecvCallback(MakeCallback(&FirewallApp::ReceivePacket, this));

}

virtual void StopApplication()

{

if (m_socket)

{

m_socket->Close();

m_socket = 0;

}

}

void ReceivePacket(Ptr<Socket> socket)

{

Ptr<Packet> packet = socket->Recv();

// Simple firewall rule: drop packets containing “malicious”

uint8_t buffer[1024];

packet->CopyData(buffer, packet->GetSize());

std::string receivedMessage((char *)buffer, packet->GetSize());

if (receivedMessage.find(“malicious”) != std::string::npos)

{

std::cout << “Packet dropped by firewall: ” << receivedMessage << std::endl;

LogEvent(“Packet dropped by firewall: ” + receivedMessage);

}

else

{

std::cout << “Packet allowed by firewall: ” << receivedMessage << std::endl;

LogEvent(“Packet allowed by firewall: ” + receivedMessage);

ForwardPacket(packet);

}

}

void ForwardPacket(Ptr<Packet> packet)

{

m_socket->Send(packet);

}

Ptr<Socket> m_socket;

Address m_peerAddress;

uint16_t m_peerPort;

};

// IDS application

class IDSApp : public Application

{

public:

IDSApp() : m_packetsReceived(0) {}

virtual ~IDSApp() {}

 

void Setup(Address address, uint16_t port)

{

m_peerAddress = address;

m_peerPort = port;

}

private:

virtual void StartApplication()

{

m_socket = Socket::CreateSocket(GetNode(), TypeId::LookupByName(“ns3::UdpSocketFactory”));

m_socket->Bind();

m_socket->Connect(InetSocketAddress(m_peerAddress, m_peerPort));

 

// Set up the receive callback

m_socket->SetRecvCallback(MakeCallback(&IDSApp::ReceivePacket, this));

}

 

virtual void StopApplication()

{

if (m_socket)

{

m_socket->Close();

m_socket = 0;

}

}

void ReceivePacket(Ptr<Socket> socket)

{

Ptr<Packet> packet = socket->Recv();

m_packetsReceived++;

// Simple IDS rule: log packets containing “suspicious”

uint8_t buffer[1024];

packet->CopyData(buffer, packet->GetSize());

std::string receivedMessage((char *)buffer, packet->GetSize());

if (receivedMessage.find(“suspicious”) != std::string::npos)

{

std::cout << “Suspicious packet detected by IDS: ” << receivedMessage << std::endl;

LogEvent(“Suspicious packet detected by IDS: ” + receivedMessage);

}

else

{

std::cout << “Normal packet received by IDS: ” << receivedMessage << std::endl;

LogEvent(“Normal packet received by IDS: ” + receivedMessage);

}

}

Ptr<Socket> m_socket;

Address m_peerAddress;

uint16_t m_peerPort;

uint32_t m_packetsReceived;

};

// Secure application

class SecureApp : public Application

{

public:

SecureApp() {}

virtual ~SecureApp() {}

void Setup(Address address, uint16_t port)

{

m_peerAddress = address;

m_peerPort = port;

}

private:

virtual void StartApplication()

{

m_socket = Socket::CreateSocket(GetNode(), TypeId::LookupByName(“ns3::UdpSocketFactory”));

m_socket->Bind();

m_socket->Connect(InetSocketAddress(m_peerAddress, m_peerPort));

// Schedule the first packet transmission

Simulator::Schedule(Seconds(1.0), &SecureApp::SendPacket, this);

}

virtual void StopApplication()

{

if (m_socket)

{

m_socket->Close();

m_socket = 0;

}

}

void SendPacket()

{

std::string message = “Secure message”;

Ptr<Packet> packet = Create<Packet>((uint8_t *)message.c_str(), message.size());

m_socket->Send(packet);

// Schedule the next packet transmission

Simulator::Schedule(Seconds(5.0), &SecureApp::SendPacket, this);

}

void ReceivePacket(Ptr<Socket> socket)

{

Ptr<Packet> packet = socket->Recv();

// Print received message (for demonstration purposes)

uint8_t buffer[1024];

packet->CopyData(buffer, packet->GetSize());

std::string receivedMessage((char *)buffer, packet->GetSize());

std::cout << “Received message: ” << receivedMessage << std::endl;

}

Ptr<Socket> m_socket;

Address m_peerAddress;

uint16_t m_peerPort;

};

int main(int argc, char *argv[])

{

NodeContainer nodes;

nodes.Create(5); // Example: 5 nodes (1 client, 1 server, 1 firewall, 1 IDS, 1 router)

PointToPointHelper pointToPoint;

pointToPoint.SetDeviceAttribute(“DataRate”, StringValue(“1Gbps”));

pointToPoint.SetChannelAttribute(“Delay”, StringValue(“2ms”));

NetDeviceContainer devices1 = pointToPoint.Install(nodes.Get(0), nodes.Get(4)); // Client to Router

NetDeviceContainer devices2 = pointToPoint.Install(nodes.Get(4), nodes.Get(3)); // Router to Firewall

NetDeviceContainer devices3 = pointToPoint.Install(nodes.Get(3), nodes.Get(2)); // Firewall to Server

NetDeviceContainer devices4 = pointToPoint.Install(nodes.Get(4), nodes.Get(1)); // Router to IDS

InternetStackHelper stack;

stack.Install(nodes);

Ipv4AddressHelper address;

address.SetBase(“10.1.1.0”, “255.255.255.0”);

Ipv4InterfaceContainer interfaces1 = address.Assign(devices1);

address.SetBase(“10.1.2.0”, “255.255.255.0”);

Ipv4InterfaceContainer interfaces2 = address.Assign(devices2);

address.SetBase(“10.1.3.0”, “255.255.255.0”);

Ipv4InterfaceContainer interfaces3 = address.Assign(devices3);

address.SetBase(“10.1.4.0”, “255.255.255.0”);

Ipv4InterfaceContainer interfaces4 = address.Assign(devices4);

Ipv4GlobalRoutingHelper::PopulateRoutingTables();

uint16_t port = 9;

Ptr<SecureApp> clientApp = CreateObject<SecureApp>();

clientApp->Setup(InetSocketAddress(interfaces2.GetAddress(1), port), port);

nodes.Get(0)->AddApplication(clientApp);

clientApp->SetStartTime(Seconds(2.0));

clientApp->SetStopTime(Seconds(60.0));

Ptr<FirewallApp> firewallApp = CreateObject<FirewallApp>();

firewallApp->Setup(InetSocketAddress(interfaces3.GetAddress(1), port), port);

nodes.Get(3)->AddApplication(firewallApp);

firewallApp->SetStartTime(Seconds(1.0));

firewallApp->SetStopTime(Seconds(60.0));

Ptr<IDSApp> idsApp = CreateObject<IDSApp>();

idsApp->Setup(InetSocketAddress(interfaces4.GetAddress(1), port), port);

nodes.Get(1)->AddApplication(idsApp);

idsApp->SetStartTime(Seconds(1.0));

idsApp->SetStopTime(Seconds(60.0));

Ptr<SecureApp> serverApp = CreateObject<SecureApp>();

serverApp->Setup(InetSocketAddress(Ipv4Address::GetAny(), port), port);

nodes.Get(2)->AddApplication(serverApp);

serverApp->SetStartTime(Seconds(1.0));

serverApp->SetStopTime(Seconds(60.0));

// Auditing application

Ptr<AuditApp> auditApp = CreateObject<AuditApp>();

auditApp->Setup();

nodes.Get(3)->AddApplication(auditApp); // Add audit app to firewall node

auditApp->SetStartTime(Seconds(2.0));

auditApp->SetStopTime(Seconds(60.0));

Simulator::Run();

Simulator::Destroy();

return 0;

}

Explanation

  1. Network Topology:
    • The network consists of 5 nodes: a client, a server, a firewall, an IDS, and a router.
    • Router is linked to the client that sends the packets via firewall and IDS to the server.
  2. Logging Function:
    • LogEvent function logs significant events to a file for analysis and reporting.
  3. FirewallApp Class:
    • This application filters packets based on predefined rules.
    • Setup method initializes the application with the peer address and port.
    • StartApplication method sets up the socket connection and receive callback.
    • ReceivePacket method is used to filters packets and allowed packets are forwarded.
  4. IDSApp Class:
    • This application monitors traffic for suspicious activity.
    • Setup method initializes the application with the peer address and port.
    • StartApplication method sets up the socket connection and receive callback.
    • For suspicious packets, ReceivePacket method keeps log.
  5. SecureApp Class:
    • Secured messages are send and received through this application.
    • Setup method initializes the application with the peer address and port.
    • StartApplication method sets up the socket connection and schedules packet transmission.
    • SendPacket method sends a message to the peer node.
    • ReceivePacket method receives and prints messages.
  6. AuditApp Class:
    • This application performs audits in an interval.
    • This application is initialized by the Setup method.
    • First audit is scheduled by StartApplication method.
    • PerformAudit method simulates an audit by checking if the firewall and IDS are active and logging the result only then, it schedules the next audit.
  7. Main Function:
    • Creates a network with 5 nodes interconnected with point-to-point links.
    • Sets up IP addresses for the nodes.
    • Initializes the SecureApp, FirewallApp, IDSApp, and AuditApp applications on the respective nodes.
    • The client sends secure messages, the firewall filters packets, the IDS monitors traffic, the server receives messages, and the audit app accomplishes intermittent audits.

Compile and Run

  1. Compile the Code: Compile the ns3 simulation code using the following command:

g++ -std=c++11 -o ns3-network-cybersecurity-auditing main.cc `pkg-config –cflags –libs ns3-dev`

  1. Run the Simulation: Execute the compiled program:

./ns3-network-cybersecurity-auditing

This setup demonstrates a simple implementation of network cybersecurity auditing in ns3. You can expand it further to include more sophisticated audit checks, additional nodes, and more complex network topologies as needed.

At the end of this script, we can completely aware of how the network cybersecurity auditing is installed and implemented. If needed, we can provide you the additional information related to this topic. Let us know all your information, and we’ll give you the best project implementation for Network Cybersecurity Auditing using the ns3 tool.