How to Begin Implement Network Detection accuracy in ns3

To begin and examine the Network Detection Accuracy in ns-3, follow these steps. Detection accuracy typically calculates the effectiveness of detection devices in classifying the detailed network actions, like as anomalies, intrusions, or faulty nodes. It is frequently expressed as a percentage of correct findings.

Steps to Begin Implement Network Detection accuracy in ns3

  1. Understand Network Detection Accuracy

Detection accuracy is designed as:

Accuracy=True Positives+True NegativesTotal Observations×100\text{Accuracy} = \frac{\text{True Positives} + \text{True Negatives}}{\text{Total Observations}} \times 100Accuracy=Total ObservationsTrue Positives+True Negatives​×100

Where:

  • True Positives (TP): Correctly recognised the actions for instance intrusions.
  • True Negatives (TN): Correctly recognised the normal behavior.
  • False Positives (FP): Incorrectly known the normal behavior for action.
  • False Negatives (FN): Missed events.

Metrics:

  • Precision: TP/(TP+FP)\text{TP} / (\text{TP} + \text{FP})TP/(TP+FP)
  • Recall: TP/(TP+FN)\text{TP} / (\text{TP} + \text{FN})TP/(TP+FN)
  1. Set up Your Environment

Assure the ns3 is installed. Build a network in which action for instance packet anomalies, intrusions, or failures can be created and detected.

  1. Create the Network Topology

Example: Star Topology

NodeContainer nodes;

nodes.Create(5); // One central node and four peripheral nodes

PointToPointHelper pointToPoint;

pointToPoint.SetDeviceAttribute(“DataRate”, StringValue(“10Mbps”));

pointToPoint.SetChannelAttribute(“Delay”, StringValue(“2ms”));

// Connect peripheral nodes to the central node

NetDeviceContainer devices;

for (uint32_t i = 1; i < nodes.GetN(); ++i) {

devices.Add(pointToPoint.Install(nodes.Get(0), nodes.Get(i)));

}

  1. Install the Internet Stack

Install the Internet stack for ensure the communication among nodes:

InternetStackHelper stack;

stack.Install(nodes);

Ipv4AddressHelper address;

address.SetBase(“10.1.1.0”, “255.255.255.0”);

Ipv4InterfaceContainer interfaces = address.Assign(devices);

  1. Simulate Events for Detection

Example: Normal and Anomalous Traffic

Install applications for build a normal and anomalous congestion.

Normal Traffic

UdpEchoServerHelper echoServer(9);

ApplicationContainer serverApps = echoServer.Install(nodes.Get(0)); // Central node as server

serverApps.Start(Seconds(1.0));

serverApps.Stop(Seconds(10.0));

UdpEchoClientHelper echoClient(interfaces.GetAddress(0), 9);

echoClient.SetAttribute(“MaxPackets”, UintegerValue(500));

echoClient.SetAttribute(“Interval”, TimeValue(Seconds(0.02))); // 50 packets/sec

echoClient.SetAttribute(“PacketSize”, UintegerValue(1024));

ApplicationContainer clientApps = echoClient.Install(nodes.Get(1)); // Peripheral node as client

clientApps.Start(Seconds(2.0));

clientApps.Stop(Seconds(10.0));

Anomalous Traffic

Launch the high congestion for replicate the anomaly:

UdpEchoClientHelper anomalousClient(interfaces.GetAddress(0), 9);

anomalousClient.SetAttribute(“MaxPackets”, UintegerValue(1000));

anomalousClient.SetAttribute(“Interval”, TimeValue(Seconds(0.005))); // 200 packets/sec

anomalousClient.SetAttribute(“PacketSize”, UintegerValue(2048));

ApplicationContainer anomalousApps = anomalousClient.Install(nodes.Get(2)); // Another peripheral node

anomalousApps.Start(Seconds(4.0));

anomalousApps.Stop(Seconds(6.0));

  1. Implement Detection Mechanism

Generate a custom application or use existing tools in ns3 for finding the anomalies.

Example: Detect Anomalies Based on Traffic Rate

uint32_t packetsReceived = 0;

uint32_t threshold = 150; // Packets per second threshold for anomaly

void PacketReceivedCallback(Ptr<const Packet> packet) {

packetsReceived++;

if (packetsReceived > threshold) {

std::cout << “Anomaly Detected at time ” << Simulator::Now().GetSeconds() << “s\n”;

}

}

// Connect the callback to the receiver

Ptr<Socket> recvSocket = Socket::CreateSocket(nodes.Get(0), UdpSocketFactory::GetTypeId());

recvSocket->SetRecvCallback(MakeCallback(&PacketReceivedCallback));

  1. Measure Detection Accuracy

Monitor the true positives, false positives, true negatives, and false negatives:

uint32_t truePositives = 0;

uint32_t trueNegatives = 0;

uint32_t falsePositives = 0;

uint32_t falseNegatives = 0;

void EvaluateDetection(uint32_t actualAnomalies, uint32_t detectedAnomalies) {

truePositives += std::min(actualAnomalies, detectedAnomalies);

falsePositives += std::max(detectedAnomalies – actualAnomalies, 0u);

falseNegatives += std::max(actualAnomalies – detectedAnomalies, 0u);

trueNegatives += /* Total Observations – (TP + FP + FN) */;

}

  1. Calculate Metrics

Finally replicate the, calculate for metrices such as accuracy, precision, and recall:

double accuracy = static_cast<double>(truePositives + trueNegatives) /

(truePositives + trueNegatives + falsePositives + falseNegatives) * 100.0;

double precision = static_cast<double>(truePositives) /

(truePositives + falsePositives);

double recall = static_cast<double>(truePositives) /

(truePositives + falseNegatives);

std::cout << “Accuracy: ” << accuracy << “%\n”;

std::cout << “Precision: ” << precision << “\n”;

std::cout << “Recall: ” << recall << “\n”;

  1. Enable Tracing

ASCII and PCAP Tracing

Log action for analysis:

AsciiTraceHelper ascii;

pointToPoint.EnableAsciiAll(ascii.CreateFileStream(“detection_accuracy.tr”));

pointToPoint.EnablePcapAll(“detection_accuracy”);

XML Animation

Envision the congestion and finding in NetAnim:

AnimationInterface anim(“detection_accuracy.xml”);

  1. Experiment with Parameters
  • Thresholds: Validate the various finding thresholds for estimate the performance.
  • Traffic Load: Replicate the changing levels for normal and anomalous congestion.
  • Detection Algorithms: Execute the advanced methods such as machine learning or statistical systems.
  1. Run the Simulation

Process for the replication of outcomes and analyze:

Simulator::Run();

Simulator::Destroy();

To calculate and evaluate the network intrusion detection system mechanism by using these metrics like True Positives, False Positives, True Negatives, False Negatives and then we can see the accuracy for detection in ns3 simulator.