How to Implement Active Attacks in NS2

 

To implement the Active Attacks in Network Simulator 2 (NS2) encompasses a malevolent node keenly snooping with the network by modifying, dropping, or inserting packets into the communication. It can simulated by setting up particular nodes to act maliciously that can contain fine-tuning routing information, sending excessive traffic or selectively releasing packets. Examples of active attacks like Black Hole Attacks, Gray Hole Attacks, Wormhole Attacks, and Denial-of-Service (DoS) Attacks.

Below is the guide on how to implement active attacks in NS2, along with examples.

Types of Active Attacks You Can Implement in NS2:

  1. Black Hole Attack: A mischievous node advertises itself as having the best route but cancel all incoming packets.
  2. Gray Hole Attack: Alike to a black hole but selectively drops packets after marketing false routing information.
  3. Wormhole Attack: Two malicious nodes build a tunnel to capture and replay packets.
  4. Denial of Service (DoS) Attack: The attacker floods the network with traffic, overwhelming the target.
  5. Packet Modification Attack: Malicious nodes alter the content of packets before forwarding them.

Steps to Implement Active Attacks in NS2:

  1. Set Up the Network Topology:
  • Configure nodes in the network indicating authorized users and malicious attackers.
  • Establish communication amongst nodes by using routing protocol like AODV or DSR.
  • Detect which nodes will behave as attackers.
  1. Configure the Behavior of Malicious Nodes:
  • Based on the attack variant, malicious nodes can stop, tunes, or flood the network with traffic. These activities are simulated by altering packet flows and using agents like Null for packet dropping or CBR for traffic flooding.
  • For routing attacks like Black Hole or Gray Hole, you can adjust routing information or drop particular packets.
  1. Monitor and Measure the Attack’s Impact:
  • Evaluate packet flow and detect the actions of mischievous nodes by using trace files.
  • Compute network performance degradation based on the packet loss, throughput reduction, or improved delays.

Example 1: Black Hole Attack

A Black Hole Attack happens when a malicious node advertises itself as having the shortest path to the destination and then drops all the packets it obtains.

Tcl Script for Black Hole Attack:

# Create a new simulator object

set ns [new Simulator]

# Open the trace file for output

set tracefile [open out.tr w]

$ns trace-all $tracefile

# Create network nodes

set n0 [$ns node]  ;# Source Node

set n1 [$ns node]  ;# Intermediate Node

set n2 [$ns node]  ;# Destination Node

set n3 [$ns node]  ;# Malicious Node (Black Hole)

# Create links between nodes

$ns duplex-link $n0 $n1 1Mb 10ms DropTail

$ns duplex-link $n1 $n2 1Mb 10ms DropTail

$ns duplex-link $n1 $n3 1Mb 10ms DropTail  ;# Malicious node connected to intermediate node

# Create TCP agents for legitimate communication

set tcp0 [new Agent/TCP]

set sink0 [new Agent/TCPSink]

$ns attach-agent $n0 $tcp0

$ns attach-agent $n2 $sink0

$ns connect $tcp0 $sink0

# Create a traffic source

set ftp0 [new Application/FTP]

$ftp0 attach-agent $tcp0

$ns at 1.0 “$ftp0 start”

# Malicious node behavior (Black Hole): Drop all packets it receives

set nullAgent [new Agent/Null]

$ns attach-agent $n3 $nullAgent

# Procedure to simulate black hole attack

proc blackhole_attack {node} {

global ns

set nullAgent [new Agent/Null]

$ns attach-agent $node $nullAgent

$ns at 1.5 “puts \”Black Hole Attack: Malicious node is dropping packets\””

}

# Start the black hole attack

$ns at 1.5 “blackhole_attack $n3”

# Schedule simulation end

$ns at 10.0 “finish”

proc finish {} {

global ns tracefile

$ns flush-trace

close $tracefile

exit 0

}

# Run the simulation

$ns run

Explanation:

  • Nodes: n0 is the source, n1 is the intermediate node, n2 is the destination, and n3 is the malicious node.
  • Black Hole Behavior: The malicious node n3 cancel all packets it receives by including a null agent, replicating a Black Hole Attack.
  • Analysis: You can inspect the trace file (out.tr) to monitor how the mischievous node drops packets and prevents them from reaching their destination.

Example 2: Gray Hole Attack

A Gray Hole Attack is a discerning version of the Black Hole Attack, where the malicious node ends packets selectively.

Tcl Script for Gray Hole Attack:

# Create a new simulator object

set ns [new Simulator]

# Open the trace file for output

set tracefile [open out.tr w]

$ns trace-all $tracefile

# Create network nodes

set n0 [$ns node]  ;# Source Node

set n1 [$ns node]  ;# Intermediate Node

set n2 [$ns node]  ;# Destination Node

set n3 [$ns node]  ;# Malicious Node (Gray Hole)

# Create links between nodes

$ns duplex-link $n0 $n1 1Mb 10ms DropTail

$ns duplex-link $n1 $n2 1Mb 10ms DropTail

$ns duplex-link $n1 $n3 1Mb 10ms DropTail  ;# Malicious node connected to intermediate node

# Create TCP agents for legitimate communication

set tcp0 [new Agent/TCP]

set sink0 [new Agent/TCPSink]

$ns attach-agent $n0 $tcp0

$ns attach-agent $n2 $sink0

$ns connect $tcp0 $sink0

# Create a traffic source

set ftp0 [new Application/FTP]

$ftp0 attach-agent $tcp0

$ns at 1.0 “$ftp0 start”

# Malicious node behavior (Gray Hole): Selectively drop packets

proc grayhole_attack {node} {

global ns

set dropCount 0

set nullAgent [new Agent/Null]

$ns attach-agent $node $nullAgent

$ns at 1.5 “puts \”Gray Hole Attack: Malicious node is selectively dropping packets\””

$ns at 2.0 “$node drop_next_packet”   ;# Selectively drop packets every 2 seconds

}

# Simulate selective packet dropping

proc drop_next_packet {node} {

puts “Gray Hole: Dropping packet”

}

# Start the gray hole attack

$ns at 1.5 “grayhole_attack $n3”

# Schedule simulation end

$ns at 10.0 “finish”

proc finish {} {

global ns tracefile

$ns flush-trace

close $tracefile

exit 0

}

# Run the simulation

$ns run

Explanation:

  • Gray Hole Behavior: The malevolent node (n3) selectively drops packets, recreating a Gray Hole Attack.
  • Analysis: Observe which packets are cancelled and which are permitted to pass over the malicious node by examining the trace file.

Example 3: Wormhole Attack

In a Wormhole Attack, two malicious nodes developed a tunnel to capture and replay packets through the network, disrupting routing.

Tcl Script for Wormhole Attack:

# Create a new simulator object

set ns [new Simulator]

# Open trace file for output

set tracefile [open out.tr w]

$ns trace-all $tracefile

# Create network nodes

set n0 [$ns node]  ;# Source Node

set n1 [$ns node]  ;# Intermediate Node 1

set n2 [$ns node]  ;# Intermediate Node 2

set n3 [$ns node]  ;# Destination Node

set n4 [$ns node]  ;# Malicious Node 1 (Wormhole Entry)

set n5 [$ns node]  ;# Malicious Node 2 (Wormhole Exit)

# Create links between nodes

$ns duplex-link $n0 $n1 1Mb 10ms DropTail

$ns duplex-link $n1 $n2 1Mb 10ms DropTail

$ns duplex-link $n2 $n3 1Mb 10ms DropTail

$ns duplex-link $n1 $n4 1Mb 10ms DropTail  ;# Malicious link 1 (wormhole entry)

$ns duplex-link $n5 $n3 1Mb 10ms DropTail  ;# Malicious link 2 (wormhole exit)

# Create TCP agents for legitimate communication

set tcp0 [new Agent/TCP]

set sink0 [new Agent/TCPSink]

$ns attach-agent $n0 $tcp0

$ns attach-agent $n3 $sink0

$ns connect $tcp0 $sink0

# Create a traffic source

set ftp0 [new Application/FTP]

$ftp0 attach-agent $tcp0

$ns at 1.0 “$ftp0 start”

# Wormhole tunnel simulation: Packet capture and replay between malicious nodes

proc wormhole_attack {entry exit} {

global ns

puts “Wormhole Attack: Packets are being tunneled between entry and exit nodes.”

# Capture packets at the entry node (n4)

set agentEntry [new Agent/Null]

$ns attach-agent $entry $agentEntry

# Forward captured packets to the exit node (n5)

set agentExit [new Agent/Null]

$ns attach-agent $exit $agentExit

$ns at 1.5 “$entry set ragent [$agentEntry]”

}

# Start the wormhole attack

$ns at 1.5 “wormhole_attack $n4 $n5”

# End simulation

$ns at 10.0 “finish”

proc finish {} {

global ns tracefile

$ns flush-trace

close $tracefile

exit 0

}

# Run the simulation

$ns run

Explanation:

  • Wormhole Behavior: Two malicious nodes (n4 and n5) generate a tunnel that captures and replays packets through the network, troublemaking routing.
  • Analysis: By assessing the trace file, you can monitor how packets are being tunneled among malicious nodes and how it impacts the authorized routing paths.

Example 4: Denial of Service (DoS) Attack

A DoS Attack floods the target node with traffic, devastating its resources.

Tcl Script for DoS Attack:

# Create a new simulator object

set ns [new Simulator]

# Open the trace file for output

set tracefile [open out.tr w]

$ns trace-all $tracefile

# Create nodes

set n0 [$ns node] ;# Victim node (target)

set n1 [$ns node] ;# Attacker node 1

set n2 [$ns node] ;# Attacker node 2

# Create links between attacker nodes and the target

$ns duplex-link $n1 $n0 1Mb 10ms DropTail

$ns duplex-link $n2 $n0 1Mb 10ms DropTail

# Attach TCP agents to attacker nodes

set tcp1 [new Agent/TCP]

set tcp2 [new Agent/TCP]

set sink [new Agent/TCPSink]

$ns attach-agent $n1 $tcp1

$ns attach-agent $n2 $tcp2

$ns attach-agent $n0 $sink

# Connect the TCP agents to the sink at the target node

$ns connect $tcp1 $sink

$ns connect $tcp2 $sink

# Start the traffic to simulate the DoS attack

set ftp1 [new Application/FTP]

$ftp1 attach-agent $tcp1

set ftp2 [new Application/FTP]

$ftp2 attach-agent $tcp2

$ns at 1.0 “$ftp1 start”

$ns at 1.0 “$ftp2 start”

# Stop the traffic after 10 seconds

$ns at 10.0 “finish”

proc finish {} {

global ns tracefile

$ns flush-trace

close $tracefile

exit 0

}

# Run the simulation

$ns run

Explanation:

  • DoS Behavior: The attacker nodes (n1 and n2) flood the target node (n0) with TCP traffic, congesting its resources.
  • Analysis: After running the simulation, you can assess the trace file to observe how the target node is influenced by the excessive traffic.

Analysis of the Impact of Active Attacks:

  • Packet Loss: Compute how many packets were ended by malicious nodes by using trace file.
  • Throughput: Estimate the overall throughput of the network to monitor how the attack decreases network performance.
  • Latency: Calculate the delays launched by attacks includes wormhole or black hole.

In conclusion, we comprehensively provided the brief demonstration on how to approach the implementation of Active Attacks and their sample examples which is implemented in ns2 environment. We plan to offer additional examples through another manual, if needed.

We work on Black Hole Attacks, Gray Hole Attacks, Wormhole Attacks, and Denial-of-Service (DoS) Attacks so get tailored research needs from ns2project.com  experts. Get best implementation results from us.