To simulate Network Attacks in NS2 has needs to generate an environment in which the malicious nodes try to interrupt, degrade or compromise the network. This can involves the threats like Denial of Service (DoS), Distributed Denial of Service (DDoS), Man-in-the-Middle (MITM), Packet Sniffing, or Spoofing. We can also replicate defensive mechanisms to prevent or mitigate these attacks.
Here’s a guide to simulating different types of network attacks using NS2:
Steps to Simulate Network Attacks Projects in NS2
- Install NS2
Ensure that NS2 is installed on the system. If it’s not installed, use:
sudo apt-get install ns2
- Key Components in Network Attack Simulation
- Attacker Nodes: Nodes that create malicious traffic, like flooding the network with packets or endeavouring to intercept data.
- Victim Nodes: Nodes that are targeted by the attacks.
- Normal Traffic: Implement legitimate network communication for comparison against malicious traffic.
- Defense Mechanisms: we can implement IDS (Intrusion Detection Systems), firewalls, or packet filtering mechanisms to prevent attacks.
- Common Network Attacks
- Denial of Service (DoS): The attacker devastates the victim with traffic that triggers service disruption.
- Distributed Denial of Service (DDoS): Multiple attackers transfer large volumes of traffic to interrupt services.
- Man-in-the-Middle (MITM): The attacker intercepts and potentially changes communication among two nodes.
- Packet Sniffing: The attacker observes network traffic to capture sensitive data.
- IP Spoofing: The attacker transmits packets with a forged source address.
- TCL Script for Network Attack Simulation
Example 1: Denial of Service (DoS) Attack Simulation
In this sample, a DoS attack is replicated in which an attacker transmit a large volume of packets to a victim, overwhelming the network.
# Create a simulator object
set ns [new Simulator]
# Open trace and NAM files
set tracefile [open “network_attack.tr” w]
$ns trace-all $tracefile
set namfile [open “network_attack.nam” w]
$ns namtrace-all $namfile
# Define nodes: Client, Attacker, and Server
set client [$ns node]
set attacker [$ns node]
set server [$ns node]
# Set positions for visualization (optional)
$client set X_ 100
$client set Y_ 100
$attacker set X_ 200
$attacker set Y_ 100
$server set X_ 300
$server set Y_ 100
# Define wired links between nodes
$ns duplex-link $client $server 100Mb 10ms DropTail
$ns duplex-link $attacker $server 100Mb 10ms DropTail
# Normal traffic from client to server (TCP)
set tcp_client [new Agent/TCP]
$ns attach-agent $client $tcp_client
set tcp_sink_server [new Agent/TCPSink]
$ns attach-agent $server $tcp_sink_server
$ns connect $tcp_client $tcp_sink_server
set app_client [new Application/Traffic/FTP]
$app_client attach-agent $tcp_client
$ns at 1.0 “$app_client start”
# Malicious traffic from attacker to server (UDP flood)
set udp_attacker [new Agent/UDP]
$ns attach-agent $attacker $udp_attacker
set udp_sink_server [new Agent/Null]
$ns attach-agent $server $udp_sink_server
$ns connect $udp_attacker $udp_sink_server
# Simulate high-rate packet flooding from attacker
set app_attacker [new Application/Traffic/CBR]
$app_attacker attach-agent $udp_attacker
$app_attacker set packetSize_ 1024
$app_attacker set interval_ 0.01 ;# Very high rate for DoS
$ns at 2.0 “$app_attacker start”
# End the simulation after 10 seconds
$ns at 10.0 “finish”
$ns run
Example 2: Distributed Denial of Service (DDoS) Attack
This prolongs the DoS attack with multiple attacker nodes flooding the server simultaneously.
# Define more attacker nodes for DDoS
set attacker2 [$ns node]
set attacker3 [$ns node]
# Set up links for the additional attackers
$ns duplex-link $attacker2 $server 100Mb 10ms DropTail
$ns duplex-link $attacker3 $server 100Mb 10ms DropTail
# Configure UDP flood from the additional attackers
set udp_attacker2 [new Agent/UDP]
$ns attach-agent $attacker2 $udp_attacker2
$ns connect $udp_attacker2 $udp_sink_server
set app_attacker2 [new Application/Traffic/CBR]
$app_attacker2 attach-agent $udp_attacker2
$app_attacker2 set packetSize_ 1024
$app_attacker2 set interval_ 0.01
$ns at 2.0 “$app_attacker2 start”
set udp_attacker3 [new Agent/UDP]
$ns attach-agent $attacker3 $udp_attacker3
$ns connect $udp_attacker3 $udp_sink_server
set app_attacker3 [new Application/Traffic/CBR]
$app_attacker3 attach-agent $udp_attacker3
$app_attacker3 set packetSize_ 1024
$app_attacker3 set interval_ 0.01
$ns at 2.0 “$app_attacker3 start”
$ns at 10.0 “finish”
$ns run
Example 3: Man-in-the-Middle (MITM) Attack
In this simulation, the attacker interrupts traffic among two nodes (client and server) and change or log the traffic.
# Man-in-the-Middle (MITM) setup
set mitm [$ns node]
# Links between client, MITM, and server
$ns duplex-link $client $mitm 100Mb 10ms DropTail
$ns duplex-link $mitm $server 100Mb 10ms DropTail
# Normal TCP traffic between client and server
set tcp_client [new Agent/TCP]
$ns attach-agent $client $tcp_client
set tcp_sink_server [new Agent/TCPSink]
$ns attach-agent $server $tcp_sink_server
$ns connect $tcp_client $tcp_sink_server
# MITM intercepting traffic
proc mitm_intercept {src dst packet} {
# Log or modify the packet (e.g., for an MITM attack)
puts “Intercepted packet from $src to $dst: $packet”
return $packet
}
# Simulate client sending traffic, and MITM intercepting it
set app_client [new Application/Traffic/FTP]
$app_client attach-agent $tcp_client
$ns at 1.0 “$app_client start”
# Schedule the MITM to intercept packets
$ns at 1.5 “mitm_intercept $client $server”
- Run the Simulation
After describing the attack and network environment, we can execute the simulation with the following command:
ns network_attack.tcl
- Visualize the Simulation
Utilize NAM (Network Animator) to envision the network attack and its impacts:
nam network_attack.nam
- Analyse the Trace File
After the simulation, evaluate the trace file (network_attack.tr) to assess the impacts of the attack:
- Throughput: Evaluate on how much data was successfully transmitted although the attack.
- Packet Loss: validate on how many packets were dropped because of the attack.
- Latency: Evaluate the latency caused by the attack.
- Attack Impact: measure on how efficiently the attack disturbed normal traffic.
We can extract these parameters by using AWK, Perl, or Python scripts.
- Advanced Network Attack Simulations
8.1 IP Spoofing
We can replicate IP Spoofing by adapting the source IP address of the packets transmits by the attacker.
8.2 Packet Sniffing
Mimic a packet-sniffing attack in which an attacker node passively observes and logs traffic among other nodes.
8.3 Replay Attack
Mimic a Replay Attack in which the attacker captures legitimate traffic and retransmits it later to disturb communication.
8.4 Countermeasures
Replicate countermeasures such as firewalls, IDS/IPS (Intrusion Detection/Prevention Systems), and encryption to prevent or mitigate threats.
Here, we clearly explain the step-by-step procedures to simulate the network attack in ns2 tool and also we provide the sample snippets for various attacks, advanced concepts regarding the numerous attack types with explanation to extend the simulation process. If you want to know more then we will offered it.
Experts in simulation at phdprime.com will offer you top-notch topics for Network Attacks Projects, ensuring that you complete your work with our team’s assistance and achieve outstanding results.
