To implement network threat detection in ns-3, we have to create an application which analyzes network traffic for suspicious activities and flag potential threats. Have our developers conduct comparative analyses for all Network Threat Detection concepts in ns3.
Here is a complete guide on setting up a basic network with threat detection functionalities using ns-3.
Step-by-Step Implementation
- Install ns-3
Make sure that ns-3 is installed in the computer. If not, install it from the official ns-3 website.
- Define the Network Topology
Define the network topology that contains:
- Normal nodes (legitimate users)
- Attacker nodes
- Server nodes
- Detection nodes (nodes used to monitor and analyze traffic)
- Create Network Nodes
Using NodeContainer, create network nodes.
NodeContainer normalNodes, attackerNodes, serverNodes, forensicNodes;
normalNodes.Create(3);
attackerNodes.Create(1);
serverNodes.Create(1);
detectionNodes.Create(1);
- Set Up Network Devices
Use the appropriate network interfaces to install network devices like Wi-Fi for wireless communication.
WifiHelper wifi;
wifi.SetStandard(WIFI_PHY_STANDARD_80211n_5GHZ);
WifiMacHelper mac;
mac.SetType(“ns3::AdhocWifiMac”);
YansWifiPhyHelper phy = YansWifiPhyHelper::Default();
YansWifiChannelHelper channel = YansWifiChannelHelper::Default();
phy.SetChannel(channel.Create());
NetDeviceContainer normalDevices = wifi.Install(phy, mac, normalNodes);
NetDeviceContainer attackerDevices = wifi.Install(phy, mac, attackerNodes);
NetDeviceContainer serverDevices = wifi.Install(phy, mac, serverNodes);
NetDeviceContainer detectionDevices = wifi.Install(phy, mac, detectionNodes);
- Configure Mobility Model
Set up the mobility model for the nodes using using MobilityHelper.
MobilityHelper mobility;
mobility.SetMobilityModel(“ns3::ConstantPositionMobilityModel”);
mobility.Install(normalNodes);
mobility.Install(attackerNodes);
mobility.Install(serverNodes);
mobility.Install(detectionNodes);
- Set Up Packet Capture
Using PcapHelper, configure packet capture on the detection nodes.
PcapHelper pcapHelper;
Ptr<PcapFileWrapper> file = pcapHelper.CreateFile(“detection_capture.pcap”, std::ios::out, PcapHelper::DLT_PPP);
for (uint32_t i = 0; i < detectionDevices.GetN(); ++i) {
phy.EnablePcap(“detection_capture”, detectionDevices.Get(i), true, true);
}
- Implement Threat Detection Application
To monitor captured packets for suspicious activities, create an application. Here is a basic example of a packet sniffing application which detects a high rate of packets as a potential threat.
class ThreatDetectionApplication : public Application {
public:
void StartApplication() override {
recvSocket = Socket::CreateSocket(GetNode(), UdpSocketFactory::GetTypeId());
recvSocket->Bind(InetSocketAddress(Ipv4Address::GetAny(), listenPort));
recvSocket->SetRecvCallback(MakeCallback(&ThreatDetectionApplication::HandleRead, this));
}
void SetListenPort(uint16_t port) {
listenPort = port;
}
void HandleRead(Ptr<Socket> socket) {
Ptr<Packet> packet;
Address from;
while ((packet = socket->RecvFrom(from))) {
packetsReceived++;
double currentTime = Simulator::Now().GetSeconds();
if (currentTime – lastTime > interval) {
if (packetsReceived > threshold) {
std::cout << “Potential threat detected. Packets received in last “
<< interval << ” seconds: ” << packetsReceived << std::endl;
}
packetsReceived = 0;
lastTime = currentTime;
}
}
}
private:
Ptr<Socket> recvSocket;
uint16_t listenPort;
uint32_t packetsReceived = 0;
double lastTime = 0.0;
double interval = 1.0; // Check every 1 second
uint32_t threshold = 100; // Threshold for packet count
};
- Set Up Applications
Install the applications on the nodes.
ApplicationContainer normalApps, attackerApps, serverApps, detectionApps;
// Normal node applications (e.g., sending normal traffic)
for (uint32_t i = 0; i < normalNodes.GetN(); ++i) {
OnOffHelper onoff(“ns3::UdpSocketFactory”, InetSocketAddress(serverNodes.Get(0)->GetObject<Ipv4>()->GetAddress(1, 0).GetLocal(), 9));
onoff.SetConstantRate(DataRate(“500kb/s”));
ApplicationContainer app = onoff.Install(normalNodes.Get(i));
app.Start(Seconds(1.0));
app.Stop(Seconds(20.0));
normalApps.Add(app);
}
// Attacker node applications (e.g., DoS attack)
for (uint32_t i = 0; i < attackerNodes.GetN(); ++i) {
OnOffHelper onoff(“ns3::UdpSocketFactory”, InetSocketAddress(serverNodes.Get(0)->GetObject<Ipv4>()->GetAddress(1, 0).GetLocal(), 9));
onoff.SetConstantRate(DataRate(“10Mb/s”));
ApplicationContainer app = onoff.Install(attackerNodes.Get(i));
app.Start(Seconds(5.0));
app.Stop(Seconds(20.0));
attackerApps.Add(app);
}
// Server node application (e.g., packet sink)
PacketSinkHelper sink(“ns3::UdpSocketFactory”, InetSocketAddress(Ipv4Address::GetAny(), 9));
serverApps.Add(sink.Install(serverNodes.Get(0)));
// Detection node application
Ptr<ThreatDetectionApplication> detectionApp = CreateObject<ThreatDetectionApplication>();
detectionApp->SetListenPort(9);
detectionNodes.Get(0)->AddApplication(detectionApp);
detectionApp->SetStartTime(Seconds(1.0));
detectionApp->SetStopTime(Seconds(20.0));
detectionApps.Add(detectionApp);
serverApps.Start(Seconds(1.0));
serverApps.Stop(Seconds(20.0));
- Set Up Routing Protocols
setup routing protocols for the network.
AodvHelper aodv;
InternetStackHelper internet;
internet.SetRoutingHelper(aodv);
internet.Install(normalNodes);
internet.Install(attackerNodes);
internet.Install(serverNodes);
internet.Install(detectionNodes);
- Assign IP Addresses
Using Ipv4AddressHelper address, assign IP addresses to the network devices.
Ipv4AddressHelper address;
address.SetBase(“10.1.1.0”, “255.255.255.0”);
Ipv4InterfaceContainer normalInterfaces = address.Assign(normalDevices);
Ipv4InterfaceContainer attackerInterfaces = address.Assign(attackerDevices);
Ipv4InterfaceContainer serverInterfaces = address.Assign(serverDevices);
Ipv4InterfaceContainer detectionInterfaces = address.Assign(detectionDevices);
- Run the Simulation
Define the simulation run time and execute it.
Simulator::Stop(Seconds(20.0));
Simulator::Run();
Simulator::Destroy();
Simple Network Threat Detection example Script
#include “ns3/core-module.h”
#include “ns3/network-module.h”
#include “ns3/internet-module.h”
#include “ns3/wifi-module.h”
#include “ns3/mobility-module.h”
#include “ns3/applications-module.h”
#include “ns3/aodv-module.h”
using namespace ns3;
class ThreatDetectionApplication : public Application {
public:
void StartApplication() override {
recvSocket = Socket::CreateSocket(GetNode(), UdpSocketFactory::GetTypeId());
recvSocket->Bind(InetSocketAddress(Ipv4Address::GetAny(), listenPort));
recvSocket->SetRecvCallback(MakeCallback(&ThreatDetectionApplication::HandleRead, this));
}
void SetListenPort(uint16_t port) {
listenPort = port;
}
void HandleRead(Ptr<Socket> socket) {
Ptr<Packet> packet;
Address from;
while ((packet = socket->RecvFrom(from))) {
packetsReceived++;
double currentTime = Simulator::Now().GetSeconds();
if (currentTime – lastTime > interval) {
if (packetsReceived > threshold) {
std::cout << “Potential threat detected. Packets received in last “
<< interval << ” seconds: ” << packetsReceived << std::endl;
}
packetsReceived = 0;
lastTime = currentTime;
}
}
}
private:
Ptr<Socket> recvSocket;
uint16_t listenPort;
uint32_t packetsReceived = 0;
double lastTime = 0.0;
double interval = 1.0; // Check every 1 second
uint32_t threshold = 100; // Threshold for packet count
};
int main(int argc, char *argv[]) {
NodeContainer normalNodes, attackerNodes, serverNodes, detectionNodes;
normalNodes.Create(3);
attackerNodes.Create(1);
serverNodes.Create(1);
detectionNodes.Create(1);
// WiFi setup
WifiHelper wifi;
wifi.SetStandard(WIFI_PHY_STANDARD_80211n_5GHZ);
WifiMacHelper mac;
mac.SetType(“ns3::AdhocWifiMac”);
YansWifiPhyHelper phy = YansWifiPhyHelper::Default();
YansWifiChannelHelper channel = YansWifiChannelHelper::Default();
phy.SetChannel(channel.Create());
NetDeviceContainer normalDevices = wifi.Install(phy, mac, normalNodes);
NetDeviceContainer attackerDevices = wifi.Install(phy, mac, attackerNodes);
NetDeviceContainer serverDevices = wifi.Install(phy, mac, serverNodes);
NetDeviceContainer detectionDevices = wifi.Install(phy, mac, detectionNodes);
// Mobility setup
MobilityHelper mobility;
mobility.SetMobilityModel(“ns3::ConstantPositionMobilityModel”);
mobility.Install(normalNodes);
mobility.Install(attackerNodes);
mobility.Install(serverNodes);
mobility.Install(detectionNodes);
// Internet stack and routing
AodvHelper aodv;
InternetStackHelper internet;
internet.SetRoutingHelper(aodv);
internet.Install(normalNodes);
internet.Install(attackerNodes);
internet.Install(serverNodes);
internet.Install(detectionNodes);
Ipv4AddressHelper address;
address.SetBase(“10.1.1.0”, “255.255.255.0”);
Ipv4InterfaceContainer normalInterfaces = address.Assign(normalDevices);
Ipv4InterfaceContainer attackerInterfaces = address.Assign(attackerDevices);
Ipv4InterfaceContainer serverInterfaces = address.Assign(serverDevices);
Ipv4InterfaceContainer detectionInterfaces = address.Assign(detectionDevices);
// Set up packet capture
PcapHelper pcapHelper;
Ptr<PcapFileWrapper> file = pcapHelper.CreateFile(“detection_capture.pcap”, std::ios::out, PcapHelper::DLT_PPP);
for (uint32_t i = 0; i < detectionDevices.GetN(); ++i) {
phy.EnablePcap(“detection_capture”, detectionDevices.Get(i), true, true);
}
// Install applications
ApplicationContainer normalApps, attackerApps, serverApps, detectionApps;
// Normal node applications (e.g., sending normal traffic)
for (uint32_t i = 0; i < normalNodes.GetN(); ++i) {
OnOffHelper onoff(“ns3::UdpSocketFactory”, InetSocketAddress(serverNodes.Get(0)->GetObject<Ipv4>()->GetAddress(1, 0).GetLocal(), 9));
onoff.SetConstantRate(DataRate(“500kb/s”));
ApplicationContainer app = onoff.Install(normalNodes.Get(i));
app.Start(Seconds(1.0));
app.Stop(Seconds(20.0));
normalApps.Add(app);
}
// Attacker node applications (e.g., DoS attack)
for (uint32_t i = 0; i < attackerNodes.GetN(); ++i) {
OnOffHelper onoff(“ns3::UdpSocketFactory”, InetSocketAddress(serverNodes.Get(0)->GetObject<Ipv4>()->GetAddress(1, 0).GetLocal(), 9));
onoff.SetConstantRate(DataRate(“10Mb/s”));
ApplicationContainer app = onoff.Install(attackerNodes.Get(i));
app.Start(Seconds(5.0));
app.Stop(Seconds(20.0));
attackerApps.Add(app);
}
// Server node application (e.g., packet sink)
PacketSinkHelper sink(“ns3::UdpSocketFactory”, InetSocketAddress(Ipv4Address::GetAny(), 9));
serverApps.Add(sink.Install(serverNodes.Get(0)));
// Detection node application
Ptr<ThreatDetectionApplication> detectionApp = CreateObject<ThreatDetectionApplication>();
detectionApp->SetListenPort(9);
detectionNodes.Get(0)->AddApplication(detectionApp);
detectionApp->SetStartTime(Seconds(1.0));
detectionApp->SetStopTime(Seconds(20.0));
detectionApps.Add(detectionApp);
serverApps.Start(Seconds(1.0));
serverApps.Stop(Seconds(20.0));
Simulator::Stop(Seconds(20.0));
Simulator::Run();
Simulator::Destroy();
return 0;
}
Overall, we had successfully implemented the basic network with threat detection in ns-3 by creating applications that monitor network traffic for suspicious activities and flag potential threats. Also, we provide more programming help on network threat detection ideas.