How to Implement Network Attacks Mitigation in ns2

To implement the Network Attacks Mitigation within NS2, which encompasses replicating numerous kinds of network attacks like DDoS, packet injection, or traffic flooding and applying methods to identify, avoid, or mitigate these attacks. The virtual environment NS2 distributes a simulation environment to model network situations, execute the attacks, and improve mitigation approaches to monitor their impacts on the network. Given below is a stepwise method to implement network attack mitigation strategies in NS2:

Step-by-Step Implementation:

  1. Set Up NS2

Make sure NS2 is installed on the system. If not, install it using the below command:

sudo apt-get install ns2

  1. Define the Network Topology

Initially, describing a basic network topology. We will launch the network attacks (such as DDoS or packet injection) in this network and execute the mitigation techniques.

Example:

set ns [new Simulator]

set tracefile [open attack_mitigation.tr w]

$ns trace-all $tracefile

# Create nodes

set n1 [$ns node]    ;# Normal node (Sender)

set n2 [$ns node]    ;# Intermediate node (Router)

set n3 [$ns node]    ;# Normal node (Receiver)

set nMalicious [$ns node]  ;# Malicious node (Attacker)

set nMitigation [$ns node] ;# Mitigation system (Firewall or IDS)

# Create links between the nodes

$ns duplex-link $n1 $n2 1Mb 10ms DropTail

$ns duplex-link $n2 $n3 1Mb 10ms DropTail

$ns duplex-link $nMalicious $n2 1Mb 10ms DropTail

$ns duplex-link $nMitigation $n2 1Mb 10ms DropTail

  1. Simulate Normal Traffic

Configure normal traffic among the nodes. It will observe by the mitigation system for anomalies or attacks.

# Set up normal UDP traffic between n1 and n3

set udp1 [new Agent/UDP]

set null1 [new Agent/Null]

$ns attach-agent $n1 $udp1

$ns attach-agent $n3 $null1

$ns connect $udp1 $null1

# Create a CBR (Constant Bit Rate) traffic generator attached to UDP

set cbr1 [new Application/Traffic/CBR]

$cbr1 set packetSize_ 512

$cbr1 set rate_ 1Mb

$cbr1 attach-agent $udp1

# Start normal traffic

$ns at 1.0 “$cbr1 start”

  1. Simulate Network Attacks

Introduce a network attack like traffic flooding from a malicious node (nMalicious). It will replicate abnormal traffic aimed at disrupting the network.

(A) Simulate Traffic Flooding (DDoS Attack):

We can mimic a DDoS attack by creating the malicious node transfer a large amount of traffic at a high rate, overwhelming the network.

# Set up UDP traffic for the malicious node (simulating a DDoS attack)

set udpMalicious [new Agent/UDP]

set cbrMalicious [new Application/Traffic/CBR]

$cbrMalicious set packetSize_ 512

$cbrMalicious set rate_ 5Mb ;# Higher rate to simulate flooding

$cbrMalicious attach-agent $udpMalicious

# Connect malicious node to n2 (intermediate node)

$ns attach-agent $nMalicious $udpMalicious

$ns connect $udpMalicious $null1

# Start the DDoS attack at 2.0 seconds

$ns at 2.0 “$cbrMalicious start”

(B) Simulate Packet Injection Attack:

In this situation, the malicious node inserts packets into the network that could be false data or unauthorized traffic.

# Function to simulate packet injection

proc inject_packet {source dest} {

puts “Malicious node injecting packet from $source to $dest”

}

# Simulate packet injection at 2.5 seconds

$ns at 2.5 “inject_packet nMalicious n3”

  1. Implement Network Attack Mitigation

There are various kinds of network attack mitigation methods, like:

  • Blocking malicious traffic at a firewall.
  • Rate-limiting traffic from suspicious nodes.
  • Disconnecting malicious nodes.
  • Monitoring traffic patterns using IDS (Intrusion Detection Systems).

(A) Mitigation: Blocking Malicious Traffic:

One simple mitigation strategy is to block the malicious node or strain its traffic at a firewall.

# Function to block traffic from malicious node

proc block_node {node} {

puts “Blocking traffic from $node”

$ns detach-agent $node ;# Detach the malicious node from the network

}

# Set up the mitigation system (firewall) to block the malicious node

$ns at 3.0 “block_node nMalicious”

(B) Mitigation: Rate-Limiting (Traffic Throttling):

We can limit the rate at which a node can be forwarded traffic if it’s identified as suspicious or performing an attack.

# Function to throttle traffic from malicious node

proc throttle_traffic {node new_rate} {

puts “Throttling traffic from $node to $new_rate”

$node set rate_ $new_rate ;# Reduce traffic rate

}

# Throttle malicious traffic at 3.5 seconds

$ns at 3.5 “throttle_traffic $cbrMalicious 512kb”

(C) Mitigation: Disconnecting Malicious Nodes:

We can replicate comprehensively disconnecting the malicious node from the network after identifying an attack.

# Function to disconnect the malicious node

proc disconnect_node {node} {

puts “Disconnecting node $node from the network”

$ns detach-agent $node

}

# Disconnect malicious node at 3.0 seconds

$ns at 3.0 “disconnect_node nMalicious”

(D) Mitigation: IDS-Based Detection and Response:

If we have an Intrusion Detection System (IDS) in the network (nMitigation), this can observe traffic and activate mitigation measures such as blocking or throttling rely on certain thresholds.

# Function to simulate IDS traffic monitoring

proc monitor_traffic {pkt_count threshold} {

if { $pkt_count > $threshold } {

puts “Intrusion detected: Traffic flooding”

return 1 ;# Detected intrusion

} else {

return 0 ;# No intrusion detected

}

}

# Simulate IDS monitoring traffic at nMitigation

set pkt_count 0

set threshold 1000 ;# Set a threshold for packet count

# Function to simulate packet capture at IDS node

proc capture_packet {source dest size} {

global pkt_count

incr pkt_count

puts “Packet captured by IDS: Source=$source Dest=$dest Size=$size”

}

# Attach IDS agent at nMitigation

set udpIDS [new Agent/UDP]

$ns attach-agent $nMitigation $udpIDS

# Simulate packet capture at IDS and mitigation action

$ns at 1.5 “capture_packet n1 n3 512”

$ns at 2.5 “if {[monitor_traffic $pkt_count $threshold]} {block_node nMalicious}”

  1. Run the Simulation

When we have written the Tcl script including attack and mitigation mechanisms then run the simulation using:

ns your_script.tcl

  1. Analyze Results

Examine the outcomes in the trace file (attack_mitigation.tr) to see:

  • How the network performed under attack.
  • When and how the attacks were identified.
  • The efficiency of the mitigation techniques (blocking, rate-limiting, or disconnecting).

We can envision the network events using NAM (Network Animator) to better know how attacks and mitigation measures effected the network.

  1. Extend the Simulation

We can further expand this simulation by:

  • Mimicking various kinds of attacks (e.g., spoofing, man-in-the-middle, or malware injection).
  • Executing advanced mitigation techniques, like machine learning-based detection algorithms.
  • Replicating collaborative detection over numerous IDS systems in the network.
  • Executing security policies, which actively modify according to the type and severity of the detected attack.

In this manual, we shown the sequential techniques to execute and simulate the Network Attacks Mitigation using the NS2 tool. Moreover, we will present more insights on this topic if required.

We present innovative project ideas and topics focused on mitigating network attacks. Our experts are actively engaged in tackling various types of network threats, including DDoS attacks, packet injection, and traffic flooding.