To simulate an Intrusion Prevention Systems (IPS) using MATLAB, we need to design and identify the malicious network activity that reacting within real-time by blocking or changing the detected threats, and estimating the system’s performance. Intrusion Prevention Systems not only identify the anomalies such as Intrusion Detection Systems (IDS) however also instantly take steps to avoid potential attacks, like dropping malicious packets or reconfiguring the network.
We follow the brief approach to simulating Intrusion Prevention System (IPS) projects in MATLAB:
Steps to Simulate Intrusion Prevention Systems Using MATLAB
- Simulate Network Traffic Data
We require replicating or importing network traffic data, which contains both normal and malicious activities. MATLAB environment can be utilized to make a synthetic traffic or load real-world datasets, like KDD Cup 99, NSL-KDD, or UNSW-NB15 that are broadly utlized for intrusion detection or prevention research.
Example: Simulating normal and malicious traffic
% Simulate normal network traffic (packets per second)
normal_traffic = poissrnd(100, 1, 100); % 100 seconds of normal traffic
% Simulate an anomaly (e.g., a DoS attack) by increasing traffic significantly
attack_start = 50; % Time when the attack starts
attack_duration = 10; % Attack lasts 10 seconds
normal_traffic(attack_start:(attack_start + attack_duration – 1)) = 1000; % High traffic during attack
% Plot the traffic
figure, plot(normal_traffic);
title(‘Network Traffic with DoS Attack’);
xlabel(‘Time (seconds)’);
ylabel(‘Packets per second’);
- Feature Extraction
For exact detection, from the network traffic we should extract aspects. General aspects involve:
- Packet count per second
- Packet size distribution
- Source/Destination IP addresses
- Protocol type (TCP, UDP)
- Connection duration
Example: Basic feature extraction
% Calculate packet rate (packets per second)
packet_rate = normal_traffic; % Use the simulated packet rate as a feature
% Calculate basic statistical features
avg_packet_rate = mean(packet_rate);
max_packet_rate = max(packet_rate);
std_packet_rate = std(packet_rate);
fprintf(‘Average Packet Rate: %.2f\n’, avg_packet_rate);
fprintf(‘Max Packet Rate: %.2f\n’, max_packet_rate);
fprintf(‘Standard Deviation of Packet Rate: %.2f\n’, std_packet_rate);
- Implement Anomaly Detection
In real-time, an Intrusion Prevention System (IPS) utilizes detection algorithms to spot malicious activities. Machine learning algorithms such as decision trees, which support vector machines (SVMs), or neural networks can be prepared to identify the anomalies in network traffic.
Example: Detecting anomalies using a threshold-based method
% Define a threshold to detect anomalies (e.g., high packet rates)
threshold = 500; % If packet rate exceeds this threshold, it’s flagged as an attack
% Detect anomalies by checking if the packet rate exceeds the threshold
anomaly_indices = find(packet_rate > threshold);
% Plot the normal and anomalous traffic
figure, plot(packet_rate);
hold on;
plot(anomaly_indices, packet_rate(anomaly_indices), ‘ro’); % Mark anomalies with red circles
title(‘Intrusion Prevention System (IPS): Anomaly Detection’);
xlabel(‘Time (seconds)’);
ylabel(‘Packets per second’);
legend(‘Normal Traffic’, ‘Anomalies Detected’);
- Intrusion Prevention (Blocking or Mitigation)
When malicious activity is identified then the IPS requires instantly taking steps to avoid it. It can contain dropping packets, reconfiguring firewall rules or blocking the source IP. We can replicate it by changing the network traffic or dropping packets at particular times.
Example: Dropping malicious packets (preventing DoS attack)
% Simulate packet dropping by setting traffic to zero during the attack period
packet_rate(anomaly_indices) = 0; % Drop packets during the detected attack
% Plot the traffic after prevention (packet dropping)
figure, plot(packet_rate);
title(‘Intrusion Prevention System (IPS): Traffic After Prevention (Packet Dropping)’);
xlabel(‘Time (seconds)’);
ylabel(‘Packets per second’);
legend(‘Traffic After Attack Prevention’);
- Machine Learning-Based IPS
We can execute a more sophisticated detection system by preparing a machine learning model to categorize network traffic as normal or malicious. Models such as k-Nearest Neighbors (k-NN), Decision Trees, or Neural Networks can be trained on the labeled datasets.
Example: Training a basic k-NN classifier for IPS
% Generate synthetic data (100 normal, 100 malicious instances)
normal_data = randn(100, 2); % Normal traffic (e.g., [packet rate, packet size])
malicious_data = randn(100, 2) + 3; % Malicious traffic shifted in mean
% Combine data and labels (0 = normal, 1 = malicious)
data = [normal_data; malicious_data];
labels = [zeros(100, 1); ones(100, 1)];
% Train a k-NN classifier
knn_model = fitcknn(data, labels, ‘NumNeighbors’, 5);
% Simulate new traffic and classify it
new_traffic = randn(10, 2); % New traffic samples
predicted_labels = predict(knn_model, new_traffic);
% Display predicted results (0 = normal, 1 = malicious)
disp(‘Predicted labels for new traffic:’);
disp(predicted_labels);
IPS can categorize real-time traffic and take correct steps like blocking IPs or dropping packets according to the model’s predictions, after training.
- Responding to Network Attacks
After identifying the malicious traffic, an IPS need pre-defined response mechanisms, like:
- Blocking IP Addresses: Dropping traffic from specific IPs.
- Rate Limiting: Throttling traffic to minimize the DoS impact.
- Firewall Reconfiguration: Actively updating firewall rules.
Example: Simulating blocking of malicious IPs
% Simulate a list of IP addresses (normal and malicious)
ip_addresses = [“192.168.1.1”, “192.168.1.2”, “192.168.1.3”, “192.168.1.4”];
malicious_ip = “192.168.1.3”; % Define a malicious IP
% IPS response: block the malicious IP by filtering it out
filtered_ips = ip_addresses(ip_addresses ~= malicious_ip);
% Display the remaining allowed IPs after filtering
disp(‘Allowed IPs after IPS response:’);
disp(filtered_ips);
- Performance Evaluation
When IPS is executed then assess its effectiveness utilizing parameters such as:
- True Positive Rate (TPR): Appropriately detected attacks.
- False Positive Rate (FPR): Typical traffic mistakenly flagged as malicious.
- Precision, Recall, Accuracy, and F1-Score.
Example: Compute accuracy, precision, recall, and F1-score
% Simulate true labels and predicted labels for evaluation
true_labels = [zeros(50, 1); ones(50, 1)]; % 50 normal, 50 malicious
predicted_labels = [zeros(45, 1); ones(5, 1); zeros(5, 1); ones(45, 1)]; % Prediction example
% Confusion matrix
confusion_mat = confusionmat(true_labels, predicted_labels);
TP = confusion_mat(2, 2); % True positives
FP = confusion_mat(1, 2); % False positives
FN = confusion_mat(2, 1); % False negatives
TN = confusion_mat(1, 1); % True negatives
% Compute precision, recall, accuracy, F1-score
accuracy = (TP + TN) / sum(confusion_mat(:));
precision = TP / (TP + FP);
recall = TP / (TP + FN);
f1_score = 2 * (precision * recall) / (precision + recall);
% Display results
fprintf(‘Accuracy: %.2f\n’, accuracy);
fprintf(‘Precision: %.2f\n’, precision);
fprintf(‘Recall: %.2f\n’, recall);
fprintf(‘F1-Score: %.2f\n’, f1_score);
Example Project Ideas for IPS Simulation Using MATLAB
- Machine Learning-Based Intrusion Prevention System: Execute a machine learning-based IPS utilizing methods such as k-NN, decision trees, or neural networks. In this we can train the model on a labeled dataset and replicate the real-time intrusion prevention.
- Signature-Based IPS for Known Attacks: Improve an IPS, which identifies and blocks network attacks rely on predefined attack signatures like DDoS patterns, port scans and executes the preventive measures.
- Real-Time IPS for DoS/DDoS Attack Prevention: Mimic a DoS/DDoS attack and execute a real-time IPS, which identifies abnormal traffic spikes and mitigates the attack by packet dropping or rate limiting.
- Behavioral IPS with Anomaly Detection: Execute an IPS which utilizes the statistical or anomaly detection methods identifying the deviations from normal network behavior and avoid potential threats.
- Intrusion Prevention in IoT Networks: Replicate an IoT network as well as improve an IPS which observes the network traffic and avoids attacks that aiming IoT devices, like botnets or malware.
- Deep Learning-Based IPS: Execute an IPS capable of identifying and avoiding the complex, evolving threats by using deep learning methods like autoencoders or LSTM networks.
Datasets for Intrusion Prevention Projects:
- KDD Cup 99: General for intrusion detection and prevention research.
- NSL-KDD: Enhanced version of the KDD dataset that frequently utilized for machine learning-based IDS or IPS systems.
- UNSW-NB15: A more modern dataset with real-world attack situations.
Tools and Libraries:
- MATLAB Statistics and Machine Learning Toolbox: Helpful for executing and preparing machine learning models for intrusion detection and prevention.
- Deep Learning Toolbox: For executing advanced deep learning-based IPS solutions.
- Signal Processing Toolbox: It can be utilized to examine and process the network traffic data.
We thoroughly simulated the Intrusion Prevention Systems projects that contain machine learning algorithms, statistical methods, deep learning techniques using MATLAB tool in this manual. These projects mainly concentrate on identify the anomalies and detect attacks. We can able to provide further insights if requested.
To simulate an Intrusion Prevention Systems (IPS) using MATLAB we at phdprime.com will give you best results.Drop us a mail to give you tailored services.
