To simulate intrusion attacks in OMNeT++ has needs to generate a network environment in which a malicious node tries to compromise or disturb the security of the system over numerous attacks like unauthorized access, data theft, or Denial of Service (DoS). Replicating these attacks helps in evaluating Intrusion Detection Systems (IDS), understanding the vulnerabilities of networks, and testing mitigation strategies.
Key Components for Intrusion Attack Simulation:
- Legitimate Nodes: Regular network devices, like clients, servers, routers, or sensors.
- Intruder (Malicious Node): The attacker that act as unauthorized actions or disturbs the normal operation of the network.
- Attack Types: Various kinds of attacks, like DoS, port scanning, brute force attacks, data exfiltration, or packet injection.
- Intrusion Detection System (IDS): A defence mechanism that tracks the network to identify malicious activities and generate alerts.
Common Intrusion Attacks to Simulate:
- DoS/DDoS Attacks: The attacker floods the network with extreme traffic, overloading the target.
- Port Scanning: The attacker probes the network for open ports to find the vulnerabilities.
- Brute Force Attacks: The attacker tries to gain unauthorized access by repeatedly trying different login credentials.
- Packet Injection: The attacker injects malicious or spoofed packets into the network.
- Man-in-the-Middle (MITM): The attacker interrupts and manipulates interaction among legitimate nodes.
Step-by-Step Guide to Simulate Intrusion Attacks Using OMNeT++:
- Install OMNeT++ and INET Framework
- Download and install OMNeT++.
- Download and install the INET framework from INET GitHub repository. INET deliver networking components such as TCP/IP, UDP, routing protocols, and wireless communication, all of which can be utilized in intrusion attack simulations.
- Understand Intrusion Attack Types
Each type of intrusion attack has its own features and methods:
- DoS Attack: Overloads the target by distribution of an excessive number of requests or data packets.
- Port Scanning: Probes the network to identify open ports or services susceptible to attacks.
- Brute Force: Tries to guess login credentials by attempt different combinations.
- Packet Injection: Injects unauthorized or forged packets into the network to disturb communication or gain control.
- MITM Attack: Intercepts interaction among two nodes to steal or manipulate data.
- Set up Network Topology in NED
Describe a network in which legitimate nodes interact, and an intruder tries to compromise or disturb the network.
Example NED File for Intrusion Attack Simulation:
network IntrusionAttackNetwork {
submodules:
client: StandardHost {
@display(“p=100,200”);
}
server: StandardHost {
@display(“p=300,200”);
}
router: Router {
@display(“p=200,150”);
}
intruder: StandardHost {
@display(“p=200,300”);
}
connections allowunconnected:
client.ethg++ <–> Eth100M <–> router.ethg++;
server.ethg++ <–> Eth100M <–> router.ethg++;
intruder.ethg++ <–> Eth100M <–> router.ethg++;
}
Explanation:
- Client: The legitimate node that interacts with the server.
- Server: The target that the intruder attempts to compromise or disrupt.
- Router: An intermediate node responsible for forwarding legitimate traffic.
- Intruder: The attacker node that act as in numerous attacks on the network.
- Configure Legitimate Traffic
Configure normal communication among the client and server to replicate legitimate traffic flow. For instance, using TCP or UDP to transmit and receive data.
Example omnetpp.ini Configuration for Legitimate Traffic:
network = IntrusionAttackNetwork
sim-time-limit = 100s
# Server configuration
**.server.numApps = 1
**.server.app[0].typename = “TcpServerApp”
**.server.app[0].localPort = 80 # Listening on port 80 (HTTP)
# Client configuration (sending data to server)
**.client.numApps = 1
**.client.app[0].typename = “TcpApp”
**.client.app[0].connectAddress = “server”
**.client.app[0].connectPort = 80 # Connect to server on port 80
**.client.app[0].sendBytes = 1000B
**.client.app[0].tOpen = 0s # Start sending immediately
This configuration sets up a client-server communication using TCP in which the client transmits data to the server over port 80.
- Implement Intrusion Attacks
- DoS Attack (Flooding)
A DoS attack can be replicated by having the intruder transmit excessive traffic to overwhelm the server or network.
Example C++ Code for DoSAttackApp (DoS Attack Application):
#include “inet/applications/base/ApplicationBase.h”
#include “inet/common/packet/Packet.h”
#include “inet/networklayer/common/L3AddressResolver.h”
class DoSAttackApp : public inet::ApplicationBase {
protected:
virtual void initialize(int stage) override;
virtual void handleMessage(cMessage *msg) override;
virtual void sendFloodPackets();
public:
DoSAttackApp() {}
virtual ~DoSAttackApp() {}
};
Define_Module(DoSAttackApp);
void DoSAttackApp::initialize(int stage) {
if (stage == inet::INITSTAGE_APPLICATION_LAYER) {
// Start sending flood packets after 1 second
scheduleAt(simTime() + 1.0, new cMessage(“startFlood”));
}
}
void DoSAttackApp::handleMessage(cMessage *msg) {
if (strcmp(msg->getName(), “startFlood”) == 0) {
sendFloodPackets();
}
delete msg;
}
void DoSAttackApp::sendFloodPackets() {
for (int i = 0; i < 1000; i++) { // Send 1000 packets to flood the target
inet::Packet *packet = new inet::Packet(“FloodPacket”);
// Set the destination as the server
auto controlInfo = new inet::Ipv4ControlInfo();
controlInfo->setDestAddr(inet::L3AddressResolver().resolve(“server”));
packet->setControlInfo(controlInfo);
send(packet, “out”);
}
}
In this code:
- DoSAttackApp transmit 1000 flood packets to the server over a short period to replicate a DoS attack.
- Port Scanning
Port scanning includes the attacker transmit requests to numerous ports on the server to detect open ports.
Example C++ Code for PortScanApp (Port Scanning Application):
#include “inet/applications/base/ApplicationBase.h”
#include “inet/common/packet/Packet.h”
#include “inet/networklayer/common/L3AddressResolver.h”
class PortScanApp : public inet::ApplicationBase {
protected:
virtual void initialize(int stage) override;
virtual void handleMessage(cMessage *msg) override;
virtual void scanPorts();
public:
PortScanApp() {}
virtual ~PortScanApp() {}
};
Define_Module(PortScanApp);
void PortScanApp::initialize(int stage) {
if (stage == inet::INITSTAGE_APPLICATION_LAYER) {
// Start port scanning after 1 second
scheduleAt(simTime() + 1.0, new cMessage(“startScan”));
}
}
void PortScanApp::handleMessage(cMessage *msg) {
if (strcmp(msg->getName(), “startScan”) == 0) {
scanPorts();
}
delete msg;
}
void PortScanApp::scanPorts() {
for (int port = 20; port <= 100; port++) { // Scan ports 20 to 100
inet::Packet *packet = new inet::Packet(“ScanRequest”);
// Set the destination and target port
auto controlInfo = new inet::Ipv4ControlInfo();
controlInfo->setDestAddr(inet::L3AddressResolver().resolve(“server”));
controlInfo->setDestPort(port); // Try different ports
packet->setControlInfo(controlInfo);
send(packet, “out”);
}
}
- PortScanApp sends requests to multiple ports (20 to 100) on the server to replicate a port scan attack.
- Configure Intruder Node for DoS and Port Scanning Attacks
In omnetpp.ini file, setting up the intruder node to execute the respective attack applications.
# Intruder configuration for DoS attack
**.intruder.numApps = 1
**.intruder.app[0].typename = “DoSAttackApp” # Switch to PortScanApp for port scanning
- Monitor and Capture Traffic
Allow packet capture to monitor the attacks and observe their impacts on the network using Wireshark or OMNeT++’s built-in tools.
Enable Packet Capture in omnetpp.ini:
# Enable packet capture to analyze intrusion attacks
**.pcapRecorder.enable = true
**.pcapRecorder.packetFilter = “all”
**.pcapRecorder.file = “output/intrusion_attack.pcap”
This will create a .pcap file that needs to open in Wireshark to measure on how the network act as in attack.
- Run the Simulation
Run the simulation in OMNeT++ to monitor on how the intruder performs various threats (DoS, port scanning) and how it impacts the legitimate traffic among the client and server.
- Analyse Results
Measure the following parameters:
- Packet loss: How many legitimate packets are dropped because of the DoS attack?
- Server response: Whether the server crashes, becomes slow, or stops responding in the course of the DoS or port scanning attack.
- Traffic patterns: Test the traffic flow using Wireshark to see the pattern of attack traffic vs. legitimate traffic.
- Extend the Simulation
We can expand the simulation by adding more complex behaviours:
- Brute Force Attack: Execute a brute force attack in which the intruder attempts multiple login attempts on the server.
- Man-in-the-Middle (MITM) Attack: mimic an MITM attack in which the intruder intercepts and adapt communication among the client and the server.
- Intrusion Detection System (IDS): Apply IDS to identify and prevent these attacks, raising alerts when suspicious activity is identified.
Example Projects for Intrusion Attack Simulation:
- DoS Attack Simulation: mimic a Denial of Service attack in which the attacker floods the server with traffic, triggers service disruption.
- Port Scanning Attack Simulation: Implement a port scanning attack in which the intruder probes for open ports on the server to identify susceptibilities.
- Brute Force Login Attack: Emulate an attack in which the intruder tries to brute force login credentials to gain unauthorized access to the server.
- Man-in-the-Middle Attack Simulation: Replicate an attack in which the intruder interrupts and manipulates interaction among two legitimate nodes.
- Intrusion Detection System (IDS) Simulation: Execute and validate IDS to identify and prevent intrusion attacks such as DoS, port scanning, and brute force.
In the final, we had clearly offered the detailed description to simulate the intrusion attacks projects samples were given above that were simulated in OMNeT++ implementation framework. We also further provide the detailed information that related to intrusion attacks. Allow phdprime.com to manage your simulation , as we guarantee timely delivery with high end results.