How to Implement Intrusion Attacks in NS2

To implement and simulate the intrusion attacks within NS2 (Network Simulator 2), we can model several kinds of attacks in which malicious nodes or entities try to disturb normal network operations. This attacks can change in nature with the traffic interception such as man-in-the-middle attacks, denial-of-service (DoS), packet dropping, or routing attacks like black hole, wormhole, or gray hole attacks. The following is a common procedure on how to execute the intrusion attacks within NS2 with an instance of general attacks:

Common Types of Intrusion Attacks You Can Simulate in NS2:

  1. Black Hole Attack: A malicious node that incorrectly promotes a route including the shortest path and drops all packets it obtains.
  2. Gray Hole Attack: Same to black hole however selectively drops packets rather than all.
  3. Wormhole Attack: Two malicious nodes ascertain a tunnel among them and take packets, then replay them elsewhere in the network.
  4. DoS Attack: Overflowing a target with traffic to overcome its resources.
  5. Man-in-the-Middle (MITM): A malicious node is interrupts and changes the communication among two legitimate nodes.

Steps to Implement Intrusion Attacks in NS2:

  1. Set Up the Network Topology:
  • Describe the nodes in the network. A few nodes will perform typically, while others will perform as attackers.
  • We can use the protocols such as AODV or DSR to permit the communication among the nodes. Intrusion attacks frequently target routing protocols or traffic flows.
  1. Configure the Behaviour of Malicious Nodes:
  • Malicious nodes are set up to emulate particular attack behaviours, like packet dropping (black hole), altering routes, or flooding traffic.
  • We can use the NS2’s built-in agents such as UDP, TCP, or routing agents like AODV also operate their performance.
  1. Monitor and Measure the Attack’s Impact:
  • Estimate how the intrusion impacts the network performance such as packet loss, delay, and throughput.
  • We can use the NS2’s trace files to monitor packet flows and find the performance of the malicious nodes.

Example 1: Black Hole Attack in NS2

A Black Hole Attack in which a malicious node promotes a false route to the end and drops all the packets. It disturbs the network as packets never attain their intended destination.

Tcl Script for Black Hole Attack:

# Create a new simulator object

set ns [new Simulator]

# Open trace file for output

set tracefile [open out.tr w]

$ns trace-all $tracefile

# Create the network topology

set n0 [$ns node]  ;# Source Node

set n1 [$ns node]  ;# Intermediate Node

set n2 [$ns node]  ;# Destination Node

set n3 [$ns node]  ;# Malicious Node (Black Hole)

# Create links between nodes

$ns duplex-link $n0 $n1 1Mb 10ms DropTail

$ns duplex-link $n1 $n2 1Mb 10ms DropTail

$ns duplex-link $n1 $n3 1Mb 10ms DropTail  ;# Malicious node connected to intermediate node

# Create TCP agents for legitimate communication

set tcp0 [new Agent/TCP]

set sink0 [new Agent/TCPSink]

$ns attach-agent $n0 $tcp0

$ns attach-agent $n2 $sink0

$ns connect $tcp0 $sink0

# Create a traffic source

set ftp0 [new Application/FTP]

$ftp0 attach-agent $tcp0

$ns at 1.0 “$ftp0 start”

# Malicious node behavior (black hole): Drop all packets it receives

set nullAgent [new Agent/Null]

$ns attach-agent $n3 $nullAgent

# Procedure to simulate black hole attack

proc blackhole_attack {node} {

global ns

set nullAgent [new Agent/Null]

$ns attach-agent $node $nullAgent

$ns at 1.5 “puts \”Black Hole Attack: Malicious node is dropping packets\””

}

# Start the black hole attack

$ns at 1.5 “blackhole_attack $n3”

# Schedule simulation end

$ns at 10.0 “finish”

proc finish {} {

global ns tracefile

$ns flush-trace

close $tracefile

exit 0

}

# Run the simulation

$ns run

Explanation:

  • Nodes: The source node n0, intermediate node n1, destination n2, malicious node n3 acting as the black hole.
  • Legitimate Traffic: A TCP connection is ascertained among the nodes n0 (source) and n2 (destination) including FTP generating traffic.
  • Black Hole Attack Behaviour: The malicious node n3 uses a null agent that drops all packets it receives, mimicking a black hole attack.
  • Analysis: We can evaluate the trace file (out.tr) to observe that the packets never reach n2 (the destination) because of the black hole node dropping them.

Example 2: Wormhole Attack

A Wormhole Attack in which two malicious nodes are make a tunnel to capture and replay packets over the network triggering routing disruptions.

Tcl Script for Wormhole Attack:

# Create a new simulator object

set ns [new Simulator]

# Open trace file for output

set tracefile [open out.tr w]

$ns trace-all $tracefile

# Create network nodes

set n0 [$ns node]  ;# Source Node

set n1 [$ns node]  ;# Intermediate Node 1

set n2 [$ns node]  ;# Intermediate Node 2

set n3 [$ns node]  ;# Destination Node

set n4 [$ns node]  ;# Malicious Node 1 (Wormhole Entry)

set n5 [$ns node]  ;# Malicious Node 2 (Wormhole Exit)

# Create links between nodes

$ns duplex-link $n0 $n1 1Mb 10ms DropTail

$ns duplex-link $n1 $n2 1Mb 10ms DropTail

$ns duplex-link $n2 $n3 1Mb 10ms DropTail

$ns duplex-link $n1 $n4 1Mb 10ms DropTail  ;# Malicious link 1 (wormhole entry)

$ns duplex-link $n5 $n3 1Mb 10ms DropTail  ;# Malicious link 2 (wormhole exit)

# Create TCP agents for legitimate communication

set tcp0 [new Agent/TCP]

set sink0 [new Agent/TCPSink]

$ns attach-agent $n0 $tcp0

$ns attach-agent $n3 $sink0

$ns connect $tcp0 $sink0

# Create a traffic source

set ftp0 [new Application/FTP]

$ftp0 attach-agent $tcp0

$ns at 1.0 “$ftp0 start”

# Wormhole tunnel simulation: Packet capture and replay between malicious nodes

proc wormhole_attack {entry exit} {

global ns

puts “Wormhole Attack: Packets are being tunneled between entry and exit nodes.”

# Capture packets at the entry node (n4)

set agentEntry [new Agent/Null]

$ns attach-agent $entry $agentEntry

# Forward captured packets to the exit node (n5)

set agentExit [new Agent/Null]

$ns attach-agent $exit $agentExit

$ns at 1.5 “$entry set ragent [$agentEntry]”

}

# Start the wormhole attack

$ns at 1.5 “wormhole_attack $n4 $n5”

# End simulation

$ns at 10.0 “finish”

proc finish {} {

global ns tracefile

$ns flush-trace

close $tracefile

exit 0

}

# Run the simulation

$ns run

Explanation:

  • Nodes: n0 is the source, n1 and n2 are legitimate intermediate nodes, n3 is the destination, and n4 and n5 are malicious nodes making the wormhole tunnel.
  • Legitimate Traffic: TCP traffic is produced among the nodes n0 and n3 using FTP.
  • Wormhole Attack Behaviour: The wormhole attack is replicated by tunnelling packets among the malicious nodes n4 (wormhole entry) and n5 (wormhole exit), triggering routing disruptions.
  • Analysis: We can estimate the trace file to monitor how packets are captured by the node n4, replayed by n5 and interrupting the normal routing.

Example 3: Denial-of-Service (DoS) Attack

A Denial-of-service Attack overflows the target with traffic triggering the resource exhaustion. We can replicate this by setup several nodes to transmit a high volume of traffic to the target node.

Tcl Script for DoS Attack:

# Create a new simulator object

set ns [new Simulator]

# Open the trace file for output

set tracefile [open out.tr w]

$ns trace-all $tracefile

# Create nodes

set n0 [$ns node] ;# Victim node (target)

set n1 [$ns node] ;# Attacker node 1

set n2 [$ns node] ;# Attacker node 2

# Create links between attacker nodes and the target

$ns duplex-link $n1 $n0 1Mb 10ms DropTail

$ns duplex-link $n2 $n0 1Mb 10ms DropTail

# Attach TCP agents to attacker nodes

set tcp1 [new Agent/TCP]

set tcp2 [new Agent/TCP]

set sink [new Agent/TCPSink]

$ns attach-agent $n1 $tcp1

$ns attach-agent $n2 $tcp2

$ns attach-agent $n0 $sink

# Connect the TCP agents to the sink at the target node

$ns connect $tcp1 $sink

$ns connect $tcp2 $sink

# Start the traffic to simulate the DoS attack

set ftp1 [new Application/FTP]

$ftp1 attach-agent $tcp1

set ftp2 [new Application/FTP]

$ftp2 attach-agent $tcp2

$ns at 1.0 “$ftp1 start”

$ns at 1.0 “$ftp2 start”

# Stop the traffic after 10 seconds

$ns at 10.0 “finish”

proc finish {} {

global ns tracefile

$ns flush-trace

close $tracefile

exit 0

}

# Run the simulation

$ns run

Explanation:

  • Nodes: The attacker nodes n1 and n2, and the victim or target node n0.
  • DoS Behaviour: The attacker nodes n1and n2 send a high volume of TCP traffic to the target node that mimicking a DoS attack.
  • Analysis: We can estimate the trace file to monitor how the victim node turn ou to be overwhelmed because of the excessive traffic from the attackers, after running the simulation.

Analysing the Impact of Intrusion Attacks:

  • Packet Loss: Analyse the trace files to calculate the number of dropped packets because of the attack.
  • Throughput: Assess the throughput of legitimate traffic earlier and while the attack to monitor how network performance is affected.
  • Delay and Latency: Evaluate the delays introduced in the network because of the attacks such as wormholes or DoS.

In this module, we adhered to a systematic approach, applying and evaluating the Intrusion attacks using the simulation tool NS2. We will also provide extra specific information related on this topic according to your needs.

Obtain professional assistance for the execution of Intrusion Attacks utilizing the NS2 tool. Our experienced developers provide comprehensive support for the implementation of various attack types, including man-in-the-middle attacks, denial-of-service (DoS) attacks, packet dropping, and routing attacks such as black hole, wormhole, and gray hole attacks.