How to Begin Implement an Intrusion Prevention Systems in NS3

To implement an Intrusion Prevention System (IPS) using NS3 contains to replicate a network environment in which an IPS monitors and dynamically avoids the malicious or suspicious activities. It can be contained rate-limiting malicious traffic, blacklisting IP addresses, or losing suspicious packets.

Here is an approach on how to get started:

Steps to Begin a IPS in NS3

  1. Understand Intrusion Prevention Systems
  • Key Concepts:
    • An IPS is dynamic system, which observes the network traffic, detects threats, and moves towards moderating them like blocking traffic.
    • These actions may have packet filtering, rate limiting, or blacklisting.
  • Common Use Cases:
    • Avoid DoS/DDoS attacks.
    • Obstruct unauthorized access or spoofed packets.
    • Break off malicious payloads.
  1. Set Up ns3 Environment
  1. Install ns3:

git clone https://gitlab.com/nsnam/ns-3-dev.git

cd ns-3-dev

./build.py

  1. Confirm the installation:

./ns3 run hello-simulator

  1. Plan the IPS Simulation
  • Components:
    • Normal nodes: It supports to make legitimate traffic.
    • Malicious nodes: Mimic attack traffic.
    • Server: Aim of typical and malicious traffic.
    • IPS Node: Observes and filters traffic.
  • Actions by IPS:
    • According to the thresholds such as rate, packet size to identify the anomalies.
    • Stop or control the malicious traffic.
    • It offers blacklist suspicious IPs addresses.
  1. Write the Simulation Script
  2. Include Necessary Headers

#include “ns3/core-module.h”

#include “ns3/network-module.h”

#include “ns3/internet-module.h”

#include “ns3/point-to-point-module.h”

#include “ns3/applications-module.h”

  1. Define Nodes

ns3::NodeContainer normalNodes, attackerNodes, serverNode, ipsNode;

normalNodes.Create(5);  // Normal clients

attackerNodes.Create(2); // Attackers

serverNode.Create(1);    // Target server

ipsNode.Create(1);       // IPS

  1. Set Up Point-to-Point Links

ns3::PointToPointHelper p2p;

p2p.SetDeviceAttribute(“DataRate”, ns3::StringValue(“1Gbps”));

p2p.SetChannelAttribute(“Delay”, ns3::StringValue(“2ms”));

// Connect normal nodes, attackers, and IPS to the server

ns3::NetDeviceContainer devices;

for (uint32_t i = 0; i < normalNodes.GetN(); ++i) {

devices.Add(p2p.Install(normalNodes.Get(i), ipsNode.Get(0)));

}

for (uint32_t i = 0; i < attackerNodes.GetN(); ++i) {

devices.Add(p2p.Install(attackerNodes.Get(i), ipsNode.Get(0)));

}

devices.Add(p2p.Install(ipsNode.Get(0), serverNode.Get(0)));

  1. Install Internet Stack

ns3::InternetStackHelper internet;

internet.Install(normalNodes);

internet.Install(attackerNodes);

internet.Install(serverNode);

internet.Install(ipsNode);

ns3::Ipv4AddressHelper address;

address.SetBase(“10.1.1.0”, “255.255.255.0”);

address.Assign(devices);

  1. Add Traffic Generation
  2. Normal Traffic

// UDP Echo server on the server node

ns3::UdpEchoServerHelper echoServer(9);

ns3::ApplicationContainer serverApp = echoServer.Install(serverNode.Get(0));

serverApp.Start(ns3::Seconds(1.0));

serverApp.Stop(ns3::Seconds(20.0));

// UDP Echo clients on normal nodes

for (uint32_t i = 0; i < normalNodes.GetN(); ++i) {

ns3::UdpEchoClientHelper echoClient(serverNode.Get(0)->GetObject<ns3::Ipv4>()->GetAddress(1, 0), 9);

echoClient.SetAttribute(“MaxPackets”, ns3::UintegerValue(10));

echoClient.SetAttribute(“Interval”, ns3::TimeValue(ns3::Seconds(1.0)));

echoClient.SetAttribute(“PacketSize”, ns3::UintegerValue(512));

ns3::ApplicationContainer clientApp = echoClient.Install(normalNodes.Get(i));

clientApp.Start(ns3::Seconds(2.0));

clientApp.Stop(ns3::Seconds(20.0));

}

  1. Malicious Traffic

// OnOff application to simulate attack traffic

ns3::OnOffHelper onOffHelper(“ns3::UdpSocketFactory”,

ns3::InetSocketAddress(serverNode.Get(0)->GetObject<ns3::Ipv4>()->GetAddress(1, 0), 9));

onOffHelper.SetAttribute(“DataRate”, ns3::StringValue(“100Mbps”));

onOffHelper.SetAttribute(“PacketSize”, ns3::UintegerValue(1024));

onOffHelper.SetAttribute(“OnTime”, ns3::StringValue(“ns3::ConstantRandomVariable[Constant=1]”));

onOffHelper.SetAttribute(“OffTime”, ns3::StringValue(“ns3::ConstantRandomVariable[Constant=0]”));

for (uint32_t i = 0; i < attackerNodes.GetN(); ++i) {

ns3::ApplicationContainer attackApp = onOffHelper.Install(attackerNodes.Get(i));

attackApp.Start(ns3::Seconds(3.0));

attackApp.Stop(ns3::Seconds(20.0));

}

  1. Implement IPS Logic
  2. Custom IPS Class
  1. Define the IPS Class:

class IPS {

public:

void MonitorTraffic(Ptr<const ns3::Packet> packet, Ptr<Ipv4> ipv4, uint32_t interface) {

static std::map<Ipv4Address, uint32_t> trafficCounters;

Ipv4Header ipv4Header;

packet->PeekHeader(ipv4Header);

Ipv4Address srcAddress = ipv4Header.GetSource();

// Count packets from each source

trafficCounters[srcAddress]++;

if (trafficCounters[srcAddress] > 100) {

std::cout << “Potential attack detected from: ” << srcAddress << std::endl;

// Drop packets or blacklist the source

}

}

};

  1. Attach IPS to the Monitoring Node:

Ptr<IPS> ips = CreateObject<IPS>();

ipsNode.Get(0)->GetObject<ns3::Ipv4>()->TraceConnectWithoutContext(“Rx”, MakeCallback(&IPS::MonitorTraffic, ips));

  1. Run the Simulation

ns3::Simulator::Run();

ns3::Simulator::Destroy();

  1. Analyze Results

Metrics:

  • Effectiveness:
    • Assess the IPS’s capability for obstructing the malicious traffic.
  • Impact:
    • Examine the performance parameters of network like throughput, latency.

Tracing and Visualization:

  • Allow .pcap tracing files for packet analysis with IPS:

ns3::AsciiTraceHelper ascii;

p2p.EnableAsciiAll(ascii.CreateFileStream(“ips.tr”));

p2p.EnablePcapAll(“ips”);

  • Examine the obstructed and enabled traffic leveraging Wireshark.
  1. Iterate and Enhance
  • Advanced Logic:
    • Execute the rate-limiting or dynamic blacklisting.
    • Integrate support to identify the packet anomalies like header spoofing.
  • Scalability:
    • Mimic larger networks including additional various traffic models.
  • Integration:
    • Add machine learning models to identify the irregularity.

By following these procedures, we can implement the Intrusion Prevention System in NS2 simulation tool and analyze and visualize the outcomes. Let me know if you need further clarification or assistance!