How to Begin Implement Network Detection accuracy in ns3
To begin and examine the Network Detection Accuracy in ns-3, follow these steps. Detection accuracy typically calculates the effectiveness of detection devices in classifying the detailed network actions, like as anomalies, intrusions, or faulty nodes. It is frequently expressed as a percentage of correct findings.
Steps to Begin Implement Network Detection accuracy in ns3
- Understand Network Detection Accuracy
Detection accuracy is designed as:
Accuracy=True Positives+True NegativesTotal Observations×100\text{Accuracy} = \frac{\text{True Positives} + \text{True Negatives}}{\text{Total Observations}} \times 100Accuracy=Total ObservationsTrue Positives+True Negatives×100
Where:
- True Positives (TP): Correctly recognised the actions for instance intrusions.
- True Negatives (TN): Correctly recognised the normal behavior.
- False Positives (FP): Incorrectly known the normal behavior for action.
- False Negatives (FN): Missed events.
Metrics:
- Precision: TP/(TP+FP)\text{TP} / (\text{TP} + \text{FP})TP/(TP+FP)
- Recall: TP/(TP+FN)\text{TP} / (\text{TP} + \text{FN})TP/(TP+FN)
- Set up Your Environment
Assure the ns3 is installed. Build a network in which action for instance packet anomalies, intrusions, or failures can be created and detected.
- Create the Network Topology
Example: Star Topology
NodeContainer nodes;
nodes.Create(5); // One central node and four peripheral nodes
PointToPointHelper pointToPoint;
pointToPoint.SetDeviceAttribute(“DataRate”, StringValue(“10Mbps”));
pointToPoint.SetChannelAttribute(“Delay”, StringValue(“2ms”));
// Connect peripheral nodes to the central node
NetDeviceContainer devices;
for (uint32_t i = 1; i < nodes.GetN(); ++i) {
devices.Add(pointToPoint.Install(nodes.Get(0), nodes.Get(i)));
}
- Install the Internet Stack
Install the Internet stack for ensure the communication among nodes:
InternetStackHelper stack;
stack.Install(nodes);
Ipv4AddressHelper address;
address.SetBase(“10.1.1.0”, “255.255.255.0”);
Ipv4InterfaceContainer interfaces = address.Assign(devices);
- Simulate Events for Detection
Example: Normal and Anomalous Traffic
Install applications for build a normal and anomalous congestion.
Normal Traffic
UdpEchoServerHelper echoServer(9);
ApplicationContainer serverApps = echoServer.Install(nodes.Get(0)); // Central node as server
serverApps.Start(Seconds(1.0));
serverApps.Stop(Seconds(10.0));
UdpEchoClientHelper echoClient(interfaces.GetAddress(0), 9);
echoClient.SetAttribute(“MaxPackets”, UintegerValue(500));
echoClient.SetAttribute(“Interval”, TimeValue(Seconds(0.02))); // 50 packets/sec
echoClient.SetAttribute(“PacketSize”, UintegerValue(1024));
ApplicationContainer clientApps = echoClient.Install(nodes.Get(1)); // Peripheral node as client
clientApps.Start(Seconds(2.0));
clientApps.Stop(Seconds(10.0));
Anomalous Traffic
Launch the high congestion for replicate the anomaly:
UdpEchoClientHelper anomalousClient(interfaces.GetAddress(0), 9);
anomalousClient.SetAttribute(“MaxPackets”, UintegerValue(1000));
anomalousClient.SetAttribute(“Interval”, TimeValue(Seconds(0.005))); // 200 packets/sec
anomalousClient.SetAttribute(“PacketSize”, UintegerValue(2048));
ApplicationContainer anomalousApps = anomalousClient.Install(nodes.Get(2)); // Another peripheral node
anomalousApps.Start(Seconds(4.0));
anomalousApps.Stop(Seconds(6.0));
- Implement Detection Mechanism
Generate a custom application or use existing tools in ns3 for finding the anomalies.
Example: Detect Anomalies Based on Traffic Rate
uint32_t packetsReceived = 0;
uint32_t threshold = 150; // Packets per second threshold for anomaly
void PacketReceivedCallback(Ptr<const Packet> packet) {
packetsReceived++;
if (packetsReceived > threshold) {
std::cout << “Anomaly Detected at time ” << Simulator::Now().GetSeconds() << “s\n”;
}
}
// Connect the callback to the receiver
Ptr<Socket> recvSocket = Socket::CreateSocket(nodes.Get(0), UdpSocketFactory::GetTypeId());
recvSocket->SetRecvCallback(MakeCallback(&PacketReceivedCallback));
- Measure Detection Accuracy
Monitor the true positives, false positives, true negatives, and false negatives:
uint32_t truePositives = 0;
uint32_t trueNegatives = 0;
uint32_t falsePositives = 0;
uint32_t falseNegatives = 0;
void EvaluateDetection(uint32_t actualAnomalies, uint32_t detectedAnomalies) {
truePositives += std::min(actualAnomalies, detectedAnomalies);
falsePositives += std::max(detectedAnomalies – actualAnomalies, 0u);
falseNegatives += std::max(actualAnomalies – detectedAnomalies, 0u);
trueNegatives += /* Total Observations – (TP + FP + FN) */;
}
- Calculate Metrics
Finally replicate the, calculate for metrices such as accuracy, precision, and recall:
double accuracy = static_cast<double>(truePositives + trueNegatives) /
(truePositives + trueNegatives + falsePositives + falseNegatives) * 100.0;
double precision = static_cast<double>(truePositives) /
(truePositives + falsePositives);
double recall = static_cast<double>(truePositives) /
(truePositives + falseNegatives);
std::cout << “Accuracy: ” << accuracy << “%\n”;
std::cout << “Precision: ” << precision << “\n”;
std::cout << “Recall: ” << recall << “\n”;
- Enable Tracing
ASCII and PCAP Tracing
Log action for analysis:
AsciiTraceHelper ascii;
pointToPoint.EnableAsciiAll(ascii.CreateFileStream(“detection_accuracy.tr”));
pointToPoint.EnablePcapAll(“detection_accuracy”);
XML Animation
Envision the congestion and finding in NetAnim:
AnimationInterface anim(“detection_accuracy.xml”);
- Experiment with Parameters
- Thresholds: Validate the various finding thresholds for estimate the performance.
- Traffic Load: Replicate the changing levels for normal and anomalous congestion.
- Detection Algorithms: Execute the advanced methods such as machine learning or statistical systems.
- Run the Simulation
Process for the replication of outcomes and analyze:
Simulator::Run();
Simulator::Destroy();
To calculate and evaluate the network intrusion detection system mechanism by using these metrics like True Positives, False Positives, True Negatives, False Negatives and then we can see the accuracy for detection in ns3 simulator.