How to Implement Internet Attacks in NS2
To implement the internet attacks within NS2 (Network Simulator 2) that we requireto simulate general kinds of internet-based attacks like Distributed Denial of Service (DDoS), Man-in-the-Middle (MITM), and routing-based attacks. Manipulating the nodes and protocols in NS2, each of these can be modelled. The simulation tool NS2 doesn’t deliver direct functions for executing particular internet attacks. However, we can change the performance of the nodes and setup the malicious activities like packet dropping, traffic flooding, or intercepting communication. Here, we given step-by-step implementation process for the internet attacks in the NS2:
Types of Internet Attacks You Can Simulate in NS2:
- Distributed Denial of Service (DDoS) Attack: A huge number of compromised nodes (bots) transfer the traffic to a target node to overcome its resources.
- Man-in-the-Middle (MITM) Attack: A malicious node intercepts and maybe changes the communication among two legitimate nodes.
- Routing Attacks (e.g., Black Hole, Wormhole): A malicious node disturbs the routing protocols by incorrectly advertising routes.
- Traffic Flooding Attack: A malicious node floods the target with extreme traffic to reduce these performance.
Steps to Implement Internet Attacks in NS2
- Set Up Network Topology:
- Initially, we can require to make a network topology of nodes signifying clients, routers, and servers using wired connections. The NS2 internet simulations normally use the TCP/IP for communications.
- Launch one or more malicious nodes which will do the attack.
- Configure Malicious Node Behaviour:
- Relying on the kind of attack, setup the malicious node to either send a large volume of packets, drop packets, or intercept and changing the packet data.
- For sample, in a DDoS attack, we can setup several nodes to forward constant traffic to the victim.
- Create the Communication Flows:
- Configure the TCP or UDP flows among usual nodes and servers to mimic legitimate traffic.
- Execute the traffic generation like using FTP or CBR and schedule start and stop times for communications.
- Simulate the Attack:
- Append the malicious node’s performance into the script such as by using a null agent for packet interception or setup the nodes to flood the network with traffic.
- For DDoS, set up the several compromised nodes (bots) to forward traffic concurrently to overcome the target.
Example: DDoS Attack in NS2
Tcl Script for DDoS Attack Simulation:
# Create a new simulator
set ns [new Simulator]
# Open the output trace file
set tracefile [open out.tr w]
$ns trace-all $tracefile
# Create network topology (with target and attacker nodes)
set n0 [$ns node] ;# Target node (victim)
set n1 [$ns node] ;# Attacker node 1
set n2 [$ns node] ;# Attacker node 2
set n3 [$ns node] ;# Attacker node 3
set n4 [$ns node] ;# Router node
# Create duplex links
$ns duplex-link $n1 $n4 1Mb 10ms DropTail
$ns duplex-link $n2 $n4 1Mb 10ms DropTail
$ns duplex-link $n3 $n4 1Mb 10ms DropTail
$ns duplex-link $n4 $n0 1Mb 10ms DropTail
# Create TCP traffic between attackers and the victim
set tcp1 [new Agent/TCP]
set sink [new Agent/TCPSink]
$ns attach-agent $n1 $tcp1
$ns attach-agent $n0 $sink
$ns connect $tcp1 $sink
set tcp2 [new Agent/TCP]
$ns attach-agent $n2 $tcp2
$ns connect $tcp2 $sink
set tcp3 [new Agent/TCP]
$ns attach-agent $n3 $tcp3
$ns connect $tcp3 $sink
# Create FTP applications to generate traffic from attackers
set ftp1 [new Application/FTP]
$ftp1 attach-agent $tcp1
set ftp2 [new Application/FTP]
$ftp2 attach-agent $tcp2
set ftp3 [new Application/FTP]
$ftp3 attach-agent $tcp3
# Start malicious traffic from attacker nodes
$ns at 1.0 “$ftp1 start”
$ns at 1.1 “$ftp2 start”
$ns at 1.2 “$ftp3 start”
# Stop the traffic after some time
$ns at 5.0 “$ftp1 stop”
$ns at 5.0 “$ftp2 stop”
$ns at 5.0 “$ftp3 stop”
# Define the finish procedure
proc finish {} {
global ns tracefile
$ns flush-trace
close $tracefile
exit 0
}
# Schedule the end of simulation
$ns at 6.0 “finish”
# Run the simulation
$ns run
Explanation:
- Network Topology:
- Nodes n1, n2, and n3 are attacker nodes (compromised bots) sending traffic to the victim node n0.
- The node n4 is a router that connects all attackers to the victim.
- Traffic Generation:
- TCP traffic is produce by using the FTP applications that denote the malicious traffic forward by the attackers.
- DDoS Simulation:
- The attacker nodes such as n1, n2, and n3 send continuous traffic to the victim node (n0) initial at slightly various times.
- The attack continues for 4 seconds (from 1.0s to 5.0s) that mimicking a coordinated flood.
Example: Man-in-the-Middle (MITM) Attack
Tcl Script for MITM Attack Simulation:
# Create a new simulator
set ns [new Simulator]
# Open the trace file
set tracefile [open out.tr w]
$ns trace-all $tracefile
# Define nodes
set n0 [$ns node] ;# Source node
set n1 [$ns node] ;# Destination node
set n2 [$ns node] ;# Attacker node (MITM)
# Create links between nodes
$ns duplex-link $n0 $n2 1Mb 10ms DropTail
$ns duplex-link $n2 $n1 1Mb 10ms DropTail
# Attach TCP agents
set tcp0 [new Agent/TCP]
set sink0 [new Agent/TCPSink]
$ns attach-agent $n0 $tcp0
$ns attach-agent $n1 $sink0
$ns connect $tcp0 $sink0
# Traffic generation
set ftp0 [new Application/FTP]
$ftp0 attach-agent $tcp0
$ns at 0.1 “$ftp0 start”
# Modify MITM node to intercept traffic
set mitmAgent [new Agent/Null]
$ns attach-agent $n2 $mitmAgent
$ns at 0.2 “puts \”Attacker (MITM) is intercepting traffic between n0 and n1\””
# End simulation
$ns at 5.0 “finish”
proc finish {} {
global ns tracefile
$ns flush-trace
close $tracefile
exit 0
}
# Run the simulation
$ns run
Explanation:
- Nodes:
- The node n0 is the source, n1 is the destination node, and n2 is the MITM attacker node.
- Traffic Flow:
- Traffic flows among the nodes n0 and n1 using TCP.
- MITM Behaviour:
- The MITM node (n2) interrupts the traffic using a null agent that means it will log or operate traffic without forwarding or changing it.
Example: Routing-Based Attack (Black Hole)
Tcl Script for Black Hole Attack Simulation:
# Create a new simulator
set ns [new Simulator]
# Create output trace file
set tracefile [open out.tr w]
$ns trace-all $tracefile
# Define nodes
set n0 [$ns node] ;# Source
set n1 [$ns node] ;# Destination
set n2 [$ns node] ;# Malicious node (Black Hole)
# Create links
$ns duplex-link $n0 $n2 1Mb 10ms DropTail
$ns duplex-link $n2 $n1 1Mb 10ms DropTail
# Create TCP connections
set tcp0 [new Agent/TCP]
set sink0 [new Agent/TCPSink]
$ns attach-agent $n0 $tcp0
$ns attach-agent $n1 $sink0
$ns connect $tcp0 $sink0
# Malicious behavior: n2 advertises a false route and drops all packets
set nullAgent [new Agent/Null]
$ns attach-agent $n2 $nullAgent
$ns at 1.0 “puts \”Black Hole attack: n2 intercepts packets and drops them\””
# End the simulation
$ns at 5.0 “finish”
proc finish {} {
global ns tracefile
$ns flush-trace
close $tracefile
exit 0
}
# Run the simulation
$ns run
Explanation:
- Nodes:
- Node n0: Source, n1: Destination, and n2: Malicious black hole node.
- Black Hole Behaviour:
- The malicious node (n2) promotes itself as having the finest route however the drops all the packets.
Post-Simulation Analysis:
- Trace File Analysis: Examine the trace files to ascertain the performance of the attack, after running the simulation. For instance, in DDoS, verify for high packet loss or long delays at the victim node.
- Network Animator (NAM): We can use the NAM to envision the attack and observe how the malicious nodes impact the network.
The comprehensive technique for executing and enforcing the Internet Attacks in the simulation tool ns2 has been demonstrated. More essential informations will be provided depends on your requirements.
We can help you with Internet Attacks in NS2. ns2project.com are the leading experts for tailored solutions. Get top simulation support from us. We focus on the performance of the nodes based on our project information.