To implement the network security analysis in ns3 has setup the network topology that make known to security attacks, applied the security mechanism and evaluating the efficiency. Here we showed the procedure on how to perform the network security analysis in ns3:
Step-by-Step Implementation:
Step 1: Set Up the Simulation Environment
- Make sure ns3 is installed in the computer.
Step 2: Create the Network Topology
- Generate the simple network topology using ns3. Here, we provide the sample script to configure the basic network with three nodes connected by point-to-point links.
Step 3: Write the Script
- The given below is the complete sample on how to generate and setup a network topology in ns3 with security analysis:
#include “ns3/core-module.h”
#include “ns3/network-module.h”
#include “ns3/internet-module.h”
#include “ns3/point-to-point-module.h”
#include “ns3/applications-module.h”
#include “ns3/flow-monitor-helper.h”
#include “ns3/traffic-control-module.h”
using namespace ns3;
NS_LOG_COMPONENT_DEFINE (“NetworkSecurityExample”);
int main (int argc, char *argv[])
{
CommandLine cmd;
cmd.Parse (argc, argv);
// Create nodes
NodeContainer nodes;
nodes.Create (3);
// Create point-to-point links and set attributes
PointToPointHelper pointToPoint;
pointToPoint.SetDeviceAttribute (“DataRate”, StringValue (“5Mbps”));
pointToPoint.SetChannelAttribute (“Delay”, StringValue (“2ms”));
// Install devices and links
NetDeviceContainer devices01;
devices01 = pointToPoint.Install (nodes.Get(0), nodes.Get(1));
NetDeviceContainer devices12;
devices12 = pointToPoint.Install (nodes.Get(1), nodes.Get(2));
// Install the Internet stack on the nodes
InternetStackHelper stack;
stack.Install (nodes);
// Assign IP addresses to the devices
Ipv4AddressHelper address;
address.SetBase (“10.1.1.0”, “255.255.255.0”);
Ipv4InterfaceContainer interfaces01 = address.Assign (devices01);
address.SetBase (“10.1.2.0”, “255.255.255.0”);
Ipv4InterfaceContainer interfaces12 = address.Assign (devices12);
// Set up traffic control for QoS
TrafficControlHelper tch;
tch.SetRootQueueDisc (“ns3::FqCoDelQueueDisc”);
QueueDiscContainer qdiscs;
qdiscs = tch.Install (devices01);
qdiscs = tch.Install (devices12);
// Create a UDP server application on node 2
UdpEchoServerHelper echoServer (9);
ApplicationContainer serverApps = echoServer.Install (nodes.Get (2));
serverApps.Start (Seconds (1.0));
serverApps.Stop (Seconds (10.0));
// Create a UDP client application on node 0
UdpEchoClientHelper echoClient (interfaces12.GetAddress (1), 9);
echoClient.SetAttribute (“MaxPackets”, UintegerValue (100));
echoClient.SetAttribute (“Interval”, TimeValue (Seconds (1.0)));
echoClient.SetAttribute (“PacketSize”, UintegerValue (1024));
ApplicationContainer clientApps = echoClient.Install (nodes.Get (0));
clientApps.Start (Seconds (2.0));
clientApps.Stop (Seconds (10.0));
// Introduce a malicious node (e.g., performing a DoS attack)
Ptr<Node> attackerNode = CreateObject<Node> ();
nodes.Add (attackerNode);
NetDeviceContainer attackerDevice = pointToPoint.Install (attackerNode, nodes.Get (1));
InternetStackHelper attackerStack;
attackerStack.Install (attackerNode);
Ipv4AddressHelper attackerAddress;
attackerAddress.SetBase (“10.1.3.0”, “255.255.255.0”);
Ipv4InterfaceContainer attackerInterface = attackerAddress.Assign (attackerDevice);
OnOffHelper onOffHelper (“ns3::UdpSocketFactory”, InetSocketAddress (interfaces12.GetAddress (1), 9));
onOffHelper.SetAttribute (“DataRate”, StringValue (“1Mbps”));
onOffHelper.SetAttribute (“PacketSize”, UintegerValue (1024));
onOffHelper.SetAttribute (“OnTime”, StringValue (“ns3::ConstantRandomVariable[Constant=1]”));
onOffHelper.SetAttribute (“OffTime”, StringValue (“ns3::ConstantRandomVariable[Constant=0]”));
ApplicationContainer attackApps = onOffHelper.Install (attackerNode);
attackApps.Start (Seconds (1.5));
attackApps.Stop (Seconds (9.5));
// Enable routing
Ipv4GlobalRoutingHelper::PopulateRoutingTables ();
// Enable Flow Monitor to collect performance metrics
FlowMonitorHelper flowmonHelper;
Ptr<FlowMonitor> monitor = flowmonHelper.InstallAll ();
// Run the simulation
Simulator::Run ();
// Output Flow Monitor statistics
monitor->CheckForLostPackets ();
Ptr<Ipv4FlowClassifier> classifier = DynamicCast<Ipv4FlowClassifier> (flowmonHelper.GetClassifier ());
std::map<FlowId, FlowMonitor::FlowStats> stats = monitor->GetFlowStats ();
for (std::map<FlowId, FlowMonitor::FlowStats>::const_iterator i = stats.begin (); i != stats.end (); ++i)
{
Ipv4FlowClassifier::FiveTuple t = classifier->FindFlow (i->first);
std::cout << “Flow ID: ” << i->first << ” Source Address: ” << t.sourceAddress << ” Destination Address: ” << t.destinationAddress << std::endl;
std::cout << “Tx Packets = ” << i->second.txPackets << std::endl;
std::cout << “Rx Packets = ” << i->second.rxPackets << std::endl;
std::cout << “Throughput: ” << i->second.rxBytes * 8.0 / (i->second.timeLastRxPacket.GetSeconds () – i->second.timeFirstTxPacket.GetSeconds ()) / 1024 / 1024 << ” Mbps” << std::endl;
std::cout << “Delay: ” << i->second.delaySum.GetSeconds() / i->second.rxPackets << ” s” << std::endl;
std::cout << “Packet Loss Ratio: ” << (i->second.txPackets – i->second.rxPackets) / (double)i->second.txPackets << std::endl;
}
// Clean up the simulation
Simulator::Destroy ();
return 0;
}
Explanation:
- Create Nodes and Links:
-
- Create three nodes and connect them using point-to-point links.
- Install the Internet Stack:
-
- Install the Internet stack on the nodes.
- Assign IP Addresses:
-
- Assign IP addresses to the devices.
- Set Up Traffic Control for QoS:
-
- Use TrafficControlHelper to set up a queue discipline (e.g., FQ-CoDel) to manage traffic and ensure QoS.
- Create Applications:
-
- Create a UDP server application on node 2 and a UDP client application on node 0 to generate traffic.
- Introduce a Malicious Node:
-
- Add a malicious node to perform a DoS attack by sending continuous UDP traffic to the server.
- Enable Routing:
-
- Populate routing tables to enable communication between nodes.
- Enable Flow Monitor:
-
- Use Flow Monitor to collect performance metrics such as throughput, packet loss, and delay.
- Run the Simulation:
-
- Run the simulation and output Flow Monitor statistics.
Step 4: Compile and Run the Script
- Save the script as network-security-example.cc in the scratch directory of your ns-3 installation.
- Compile the script using the following commands:
./waf configure
./waf build
./waf –run network-security-example
Step 5: Analyse the Results
After running the simulation, the script will output performance metrics like the number of transmitted and received packets, throughput, delay, and packet loss ratio. We can further analyse this information to know the impact of the security attacks and the efficiency of the security mechanisms.
At the last, we had clearly learned and understand about how to implement Network Security Analysis by creating the network topology by use of network security analysis features in ns3. Also we offer the additional details how to implement the network security analysis in other simulation tool.
Are you facing problems in implementing Network Security Analysis in ns3 for your project, even after considering the suggestions above, feel free to contact ns3simulation.com. We’re here to assist you with comparative analysis to achieve the best results.
