How to Implement Network Security Analysis in NS2

To implement Network Security Analysis in Network Simulator 2 (NS2) has needs to emulate the numerous security scenarios like attacks, intrusion detection mechanisms, or the implementing the security protocols and the NS2 mainly concentrate on network performance simulation, nevertheless with customization via the TCL scripting and C++ coding, we can design and evaluate diverse security contexts. Below is a complete guide to help you to deploy the network security analysis in NS2.

Step-by-Step Implementation:

  1. Prerequisites
  • NS2 Installation: Make sure NS2 is installed on system.
  • Basic Knowledge: understand with TCL scripting and C++ programming is necessary as we will need to adjust the scripts and possibly NS2’s core code.
  • Development Tools: Install essential development tools such as gcc, g++, make, tcl, and tk.
  1. Define Your Security Analysis Objectives

Before diving into execution it obviously outlines what context of network security mean to analyse. Common objectives include:

  • Simulating Security Attacks: Such as Denial of Service (DoS), Distributed DoS (DDoS), worm propagation, or eavesdropping.
  • Implementing Security Protocols: Like encryption, authentication, secure routing protocols like Secure AODV, SEAD.
  • Evaluating Intrusion Detection Systems (IDS): Monitoring and classifying malevolent activities within the network.

For this guide, we will concentrate on simulating a basic Denial of Service (DoS) attack to evaluate it effects on network performance.

  1. Setup the Network Topology

Initiate by generating a network topology using TCL scripts. For simplicity, we will generate a simple wired network with multiple nodes.

Example: Simple Network Topology

# File: security_analysis.tcl

# Initialize simulator

set ns [new Simulator]

# Open trace and NAM (Network Animator) files

set tracefile [open out.tr w]

set namfile [open out.nam w]

$ns trace-all $tracefile

$ns namtrace-all $namfile

# Define finish procedure

proc finish {} {

global ns tracefile namfile

$ns flush-trace

close $tracefile

close $namfile

exec nam out.nam &

exit 0

}

# Create nodes

set n0 [$ns node] ;# Source

set n1 [$ns node] ;# Router

set n2 [$ns node] ;# Destination

set attacker [$ns node] ;# Attacker

# Define duplex links

$ns duplex-link $n0 $n1 10Mb 10ms DropTail

$ns duplex-link $n1 $n2 10Mb 10ms DropTail

$ns duplex-link $attacker $n1 10Mb 10ms DropTail

# Define agents for normal traffic (e.g., FTP)

set tcp [new Agent/TCP]

$ns attach-agent $n0 $tcp

set sink [new Agent/TCPSink]

$ns attach-agent $n2 $sink

$ns connect $tcp $sink

set ftp [new Application/FTP]

$ftp attach-agent $tcp

$ftp start

# Define attacker behavior (e.g., sending excessive UDP packets)

set udp [new Agent/UDP]

$ns attach-agent $attacker $udp

set null [new Agent/Null]

$ns attach-agent $n1 $null

$ns connect $udp $null

# Create CBR traffic for DoS attack

set cbr [new Application/Traffic/CBR]

$cbr attach-agent $udp

$cbr set packetSize_ 500

$cbr set rate_ 10Mb  ;# High rate to simulate DoS

$cbr start 1.0

$cbr stop 4.0

# Schedule simulation end

$ns at 5.0 “finish”

# Run the simulation

$ns run

Explanation:

  • Nodes:
    • n0: Source node sending legitimate FTP traffic.
    • n1: Router node managing the traffic among n0 and n2.
    • n2: Destination node receiving FTP traffic.
    • attacker: Node simulating a DoS attack by transferring the excessive UDP traffic to the router n1.
  • Links: All links are duplex with 10Mb bandwidth and 10ms delay using DropTail queues.
  • Legitimate Traffic:
    • An FTP application is configure among n0 and n2 using TCP.
  • Attack Traffic:
    • The attacker node delivers UDP packets at a high rate (10Mb) to n1 that mimic a DoS attack.
  • Simulation Duration: The simulation executes for 5 seconds.
  1. Run the Simulation
  1. Save the TCL Script: Save the above script as security_analysis.tcl.
  2. Execute the Script:

ns security_analysis.tcl

  1. Visualize with NAM: The script systematically introduces NAM to envision the network activity.

If it doesn’t open automatically, run:

nam out.nam

  1. Check the Trace File: The simulation creates a trace file out.tr covering thorough event logs.
  1. Analysing the Results

To assess the effect of the DoS attack on legitimate traffic, we can process the trace file to extract related parameters such as:

  • Throughput: Assess the FTP traffic throughput during normal operation and during the attack.
  • Packet Loss: Evaluate on how much legitimate traffic is being dropped because of the attack.
  • Latency: Observe any increase in latency for legitimate traffic packets.

Example: Calculating Throughput

Below is a simple AWK script to estimate the FTP throughput from the trace file.

awk ‘

/^r/ && $5 == “AGT” && $6 == “TCP” && $8 == “recv” {

bytes += $7

}

END {

print “Total Bytes Received:”, bytes, “bytes”;

print “Throughput:”, bytes*8/5, “bps”

}’ out.tr

Explanation:

  • The script filters received packets (r event) connected to TCP agents (FTP traffic).
  • It sums the bytes received and estimates throughput over the 5-second simulation.

Example: Calculating Packet Loss

To estimate packet loss, we can compare the number of packets sent vs. received for the FTP flow.

awk ‘

/^s/ && $5 == “AGT” && $6 == “TCP” && $8 == “send” {

sent++

}

/^r/ && $5 == “AGT” && $6 == “TCP” && $8 == “recv” {

received++

}

END {

loss = sent – received

loss_percent = (loss / sent) * 100

print “Packets Sent:”, sent

print “Packets Received:”, received

print “Packet Loss:”, loss, “(“, loss_percent, “% )”

}’ out.tr

Advanced Analysis Tools

For more comprehensive analysis, deliberate using tools such as Awk scripts, Python scripts, or particular NS2 analysis tools to extract and visualize parameters.

  1. Extending the Security Analysis

The above sample will show a simple DoS attack simulation. We can expand the analysis to contain more sophisticated security scenarios:

6.1 Simulating Different Types of Attacks

  • DDoS Attacks: Use multiple attacker nodes to create dispersed DoS traffic.

Example: Adding Multiple Attackers

# Create multiple attacker nodes

set attacker1 [$ns node]

set attacker2 [$ns node]

# Connect attackers to router

$ns duplex-link $attacker1 $n1 10Mb 10ms DropTail

$ns duplex-link $attacker2 $n1 10Mb 10ms DropTail

# Configure attacker1

set udp1 [new Agent/UDP]

$ns attach-agent $attacker1 $udp1

set null1 [new Agent/Null]

$ns attach-agent $n1 $null1

$ns connect $udp1 $null1

set cbr1 [new Application/Traffic/CBR]

$cbr1 attach-agent $udp1

$cbr1 set packetSize_ 500

$cbr1 set rate_ 10Mb

$cbr1 start 1.0

$cbr1 stop 4.0

# Configure attacker2 similarly

set udp2 [new Agent/UDP]

$ns attach-agent $attacker2 $udp2

set null2 [new Agent/Null]

$ns attach-agent $n1 $null2

$ns connect $udp2 $null2

set cbr2 [new Application/Traffic/CBR]

$cbr2 attach-agent $udp2

$cbr2 set packetSize_ 500

$cbr2 set rate_ 10Mb

$cbr2 start 1.0

$cbr2 stop 4.0

6.2 Implementing Intrusion Detection Systems (IDS)

  • Define an IDS Node: Execute an IDS agent that monitors traffic for anomalies.
  • Custom C++ Modules: We need to compose custom C++ modules to describe IDS behaviour and incorporate them with NS2.

6.3 Implementing Secure Routing Protocols

  • Secure AODV or DSR: Adjust or use existing secure routing protocols that deliver authentication and protection beside routing attacks.
  • Install Extensions: Aspect for NS2 extensions or covers that execute secure routing protocols.

6.4 Simulating Encryption and Authentication

  • Modify Application Layers: Establish encryption/decryption latency or authentication processes in the traffic generation scripts.
  • Custom Agents: Generate custom agent classes in C++ that regulate encrypted traffic or manage the authentication.
  1. Implementing a Basic DoS Attack with Multiple Attackers

To deliver a more concrete example, let’s expand the initial script to contain multiple attackers that mimic a Distributed Denial of Service (DDoS) attack.

Extended TCL Script: DDoS Attack Simulation

# File: ddos_attack.tcl

# Initialize simulator

set ns [new Simulator]

# Open trace and NAM (Network Animator) files

set tracefile [open out.tr w]

set namfile [open out.nam w]

$ns trace-all $tracefile

$ns namtrace-all $namfile

# Define finish procedure

proc finish {} {

global ns tracefile namfile

$ns flush-trace

close $tracefile

close $namfile

exec nam out.nam &

exit 0

}

# Create nodes

set n0 [$ns node] ;# Source

set n1 [$ns node] ;# Router

set n2 [$ns node] ;# Destination

set attacker1 [$ns node]

set attacker2 [$ns node]

set attacker3 [$ns node]

# Define duplex links

$ns duplex-link $n0 $n1 10Mb 10ms DropTail

$ns duplex-link $n1 $n2 10Mb 10ms DropTail

$ns duplex-link $attacker1 $n1 10Mb 10ms DropTail

$ns duplex-link $attacker2 $n1 10Mb 10ms DropTail

$ns duplex-link $attacker3 $n1 10Mb 10ms DropTail

# Legitimate Traffic (FTP)

set tcp [new Agent/TCP]

$ns attach-agent $n0 $tcp

set sink [new Agent/TCPSink]

$ns attach-agent $n2 $sink

$ns connect $tcp $sink

set ftp [new Application/FTP]

$ftp attach-agent $tcp

$ftp start

# Attack Traffic (DDoS)

foreach attacker [list $attacker1 $attacker2 $attacker3] {

set udp [new Agent/UDP]

$ns attach-agent $attacker $udp

set null [new Agent/Null]

$ns attach-agent $n1 $null

$ns connect $udp $null

set cbr [new Application/Traffic/CBR]

$cbr attach-agent $udp

$cbr set packetSize_ 500

$cbr set rate_ 10Mb

$cbr start 1.0

$cbr stop 4.0

}

# Simulation end

$ns at 5.0 “finish”

# Run the simulation

$ns run

Explanation:

  • Multiple Attackers: Three attacker nodes (attacker1, attacker2, attacker3) send UDP traffic to the router n1, each generating high traffic rates to mimic a DDoS attack.
  • Impact on Legitimate Traffic: The high rate of UDP traffic leads congestion at the router, causing to packet drops and maximizing delay for legitimate FTP traffic.

Running the Extended Script

  1. Save the Script: Save as ddos_attack.tcl.
  2. Execute:

ns ddos_attack.tcl

  1. Visualize:

nam out.nam

  1. Analyze Trace File: Use AWK scripts or custom scripts to estimate throughput, packet loss, and latency for the FTP traffic during normal operation and in attack.
  1. Implementing Security Protocols

To evaluate security protocols in NS2, that need to execute or incorporate existing secure protocol modules. Here’s how we can approach it:

8.1 Implementing Secure AODV (e.g., Secure AODV)

Secure AODV adds authentication and encryption to the standard AODV routing protocol to avoid numerous routing attacks.

Steps:

  1. Obtain Secure AODV Code:
    • Search for existing execution or research papers that delivers Secure AODV extensions for NS2.
    • For Instance, some research projects have allotted their Secure AODV code on repositories such as GitHub or institutional websites.
  2. Integrate with NS2:
    • Download the Secure AODV C++ source files.
    • Place them in the NS2 routing directory like ~/ns-allinone-2.xx/ns-2.xx/routing.
  3. Modify NS2’s Makefile:
    • Update the Makefile in the routing directory to contain the Secure AODV source files.
    • For instance, add secure_aodv.cc to the list of source files.
  4. Recompile NS2:

cd ~/ns-allinone-2.xx/ns-2.xx/

make clean

make

  1. Use Secure AODV in TCL Script:
    • Insist on the routing protocol as Secure AODV in TCL script.

# Set routing protocol to Secure AODV

set val(rp) SecureAODV

# Configure nodes to use Secure AODV

$ns node-config -adhocRouting $val(rp) \

-llType LL \

-macType Mac/802_11 \

-ifqType Queue/DropTail/PriQueue \

-ifqLen 50 \

-antType Antenna/OmniAntenna \

-propType Propagation/TwoRayGround \

-phyType Phy/WirelessPhy \

-channelType Channel/WirelessChannel

  1. Run Simulations: Execute scenarios to assess the performance and security advantage of Secure AODV compared to standard AODV.

8.2 Implementing Encryption

To mimic an encrypted traffic, we can establish latency or packet processing overheads in the application layer.

Example: Adding Encryption Delay

# Define a custom application that simulates encryption

class Application/EncryptedFTP {

# Define encryption parameters

}

# Alternatively, modify existing application agents to include encryption steps

However, executing elaborated encryption mechanisms that need modifying NS2’s C++ code that is advanced and beyond a simple TCL scripting.

  1. Implementing Intrusion Detection Systems (IDS)

Executing IDS in NS2 has contained monitoring network traffic to classify malevolent or attacks. This typically requires:

9.1 Define an IDS Agent

Generate a custom IDS agent that examines packets for suspicious behaviour.

Steps:

  1. Create IDS Agent in C++:
    • Describe a new agent class like Agent/IDS, inheriting from the base Agent class.
    • Execute packet inspection logic like checking packet rates, source addresses.
  2. Integrate with NS2:
    • Add the IDS agent source files to the suitable NS2 directories.
    • Update Makefiles and recompile NS2.
  3. Use IDS in TCL Script:
    • Add the IDS agent to desired nodes.
    • Setup the IDS agent to monitor particular traffic flows.

9.2 Example: Basic IDS Detection of High Packet Rate

Here’s a conceptual example (simplified):

IDS Agent C++ Implementation (Conceptual)

// File: ids.cc

#include “agent.h”

#include “packet.h”

#include “scheduler.h”

#include <iostream>

class AgentIDS : public Agent {

public:

AgentIDS() : Agent(PT_IDS), packet_count(0) {}

void recv(Packet* p, Handler* h);

void check_packet_rate();

private:

int packet_count;

};

static class AgentIDSClass : public TclClass {

public:

AgentIDSClass() : TclClass(“Agent/IDS”) {}

TclObject* create(int, const char*const*) {

return (new AgentIDS());

}

} class_agent_ids;

void AgentIDS::recv(Packet* p, Handler* h) {

packet_count++;

// Simple detection: if packet rate exceeds threshold, trigger alert

if (packet_count > 100) {  // Threshold example

std::cout << “IDS Alert: High packet rate detected!” << std::endl;

packet_count = 0; // Reset counter or take other actions

}

// Free the packet

Packet::free(p);

}

Using IDS Agent in TCL Script

# Attach IDS to the router node n1

set ids [new Agent/IDS]

$ns attach-agent $n1 $ids

# Link IDS to a sink or monitoring process if needed

# This sample simply prints alerts to the console

Note: The above C++ example is highly simplified. Functional IDS would need more sophisticated packet analysis, state management, and possible interaction with other components.

  1. Implementing Eavesdropping and Secure Communication

To evaluate the eavesdropping, we need to design a malicious node that interrupts or captures packets.

10.1 Simulating Eavesdropping

  1. Add an Eavesdropper Node:
    • Place an eavesdropper node within the network topology that can eavesdrop to wireless communications or interrupt wired traffic.
  2. Capture Packets:
    • Execute or use an existing agent that captures packets moving via particular links.

10.2 Example: Eavesdropper in a Wireless Network

# File: eavesdropper.tcl

# Initialize simulator

set ns [new Simulator]

# Open trace and NAM files

set tracefile [open out.tr w]

set namfile [open out.nam w]

$ns trace-all $tracefile

$ns namtrace-all $namfile

# Define finish procedure

proc finish {} {

global ns tracefile namfile

$ns flush-trace

close $tracefile

close $namfile

exec nam out.nam &

exit 0

}

# Create nodes

set src [$ns node]

set router [$ns node]

set dst [$ns node]

set eavesdropper [$ns node]

# Define wireless channel parameters

$ns duplex-link $src $router 10Mb 10ms DropTail

$ns duplex-link $router $dst 10Mb 10ms DropTail

$ns duplex-link $eavesdropper $router 10Mb 10ms DropTail

# Define legitimate traffic

set tcp [new Agent/TCP]

$ns attach-agent $src $tcp

set sink [new Agent/TCPSink]

$ns attach-agent $dst $sink

$ns connect $tcp $sink

set ftp [new Application/FTP]

$ftp attach-agent $tcp

$ftp start

# Define eavesdropper agent

set spy [new Agent/Eavesdropper]

$ns attach-agent $eavesdropper $spy

# Connect spy to monitor link

$ns connect $spy $router

# Simulation end

$ns at 5.0 “finish”

# Run the simulation

$ns run

Explanation:

  • Eavesdropper Node: eavesdropper node is associated to the router and uses a custom Agent/Eavesdropper to capture packets.
  • Custom Eavesdropper Agent: We need to deploy Agent/Eavesdropper in C++ to disturb and log packets passing via the router.

Eavesdropper Agent C++ Implementation (Conceptual)

// File: eavesdropper.cc

#include “agent.h”

#include “packet.h”

#include “trace.h”

#include <iostream>

class AgentEavesdropper : public Agent {

public:

AgentEavesdropper() : Agent(PT_Eavesdropper) {}

void recv(Packet* p, Handler* h);

};

static class AgentEavesdropperClass : public TclClass {

public:

AgentEavesdropperClass() : TclClass(“Agent/Eavesdropper”) {}

TclObject* create(int, const char*const*) {

return (new AgentEavesdropper());

}

} class_agent_eavesdropper;

void AgentEavesdropper::recv(Packet* p, Handler* h) {

// Log packet details

hdr_ip* ip = hdr_ip::access(p);

if (ip != NULL) {

std::cout << “Eavesdropper captured packet: ”

<< “Src: ” << ip->saddr()

<< ” Dst: ” << ip->daddr()

<< ” Len: ” << ip->size() << ” bytes” << std::endl;

}

// Forward packet if necessary or drop

// For simulation, we can drop to not interfere

Packet::free(p);

}

Using the Eavesdropper

  • Attach the Eavesdropper to the network and let it track the traffic.
  • Run the Simulation and track the observers output in the console or log files.

We had successfully implemented the network security analysis in the ns2 tool that were execute with the help of step-by-step implementation, example snippets, explanation for the script and also deliver the future extend script. If you have any query regarding this simulation we will help to clarify it. We’re here to help you with Network Security Analysis using the NS2 tool, along with network comparison analysis results you can count on us to be your reliable partner.