How to Start Active Attacks Projects Using NS2

To start active attack projects using NS2 (Network Simulator 2) that needs to replicate scenarios in which attackers alter, insert, or interrupt the network traffic. Active attacks slightly vary from passive attacks by its disruptive nature, which frequently focusing on the integrity or availability of data.

Following is a stepwise approach to start and replicate the active attacks in NS2:

Steps to Start Active Attacks Projects in NS2

  1. Understand Active Attacks

Active attacks have:

  • Modification: To change the data packets within transit.
  • Injection: It forwarding fake packets for interrupting interaction.
  • Disruption: Overflowing the network to reduce the performance.

Samples of active attacks:

  • Denial of Service (DoS)
  • Replay Attacks
  • Man-in-the-Middle (MITM)
  • Routing Attacks (Blackhole/Wormhole)
  1. Set Up NS2
  • We can install NS2 and confirm by executing:

sudo apt-get install ns2

  • Verify the installation including an example script:

ns example.tcl

  1. Choose an Active Attack Type

Following is general active attacks for replicating:

  1. Packet Modification:
    • Replicate an attacker to modify the packet content.
  2. Packet Injection:
    • Launch fake packets for interrupting the interaction.
  3. Routing Attacks:
    • Blackhole attack: It helps to lose the packets.
    • Wormhole attack: Transmit traffic via malicious nodes.
  4. DoS/DDoS:
    • Overflow a target including excessive packets.
  1. Define Network Topology
  • We should make a network topology including legitimate nodes and attacker nodes.
  • For instances:
    • Source (n0): Transmits the data.
    • Destination (n1): It obtains information.
    • Attacker (n2): It supports to intercepts/modifies/disrupts the traffic.
  1. Implement Active Attacks
  2. Packet Modification Attack

Fine-tune NS2 agents’ behavior for modifying the packet data.

  • Example in C++ (udp.cc):

void AttackerNode::recv(Packet *p) {

hdr_ip* iph = hdr_ip::access(p);

if (iph->daddr() == victim_ip) {

modifyPacket(p); // Custom function to modify packet content

}

forwardPacket(p); // Forward packet after modification

}

  • In TCL:

set attacker [$ns node]

set victim [$ns node]

set sink [new Agent/Null]

$ns attach-agent $victim $sink

  1. Blackhole Attack
  1. We can set up the attacker node, losing packets.
  2. TCL Execution:

proc blackhole {node packet} {

# Drop all incoming packets

if {[$node id] == “attacker”} {

drop $packet

}

}

  1. Connect to attacker node:

$ns at 1.0 “$attacker drop all”

  1. Replay Attack

Rerun the intercepted packets attack for interrupting interaction.

  • TCL Implementation:

set replay [new Application/Traffic/CBR]

$replay set packetSize_ 512

$replay set interval_ 0.01

$replay attach-agent $attacker

$ns at 2.0 “$replay start”

  1. Wormhole Attack
  1. Configure a tunnel among two malicious nodes.
  2. Transmit packets via the tunnel using wormhole attacks:

proc wormhole {src dst packet} {

if {[$src id] == “wormhole1” && [$dst id] == “wormhole2”} {

forward $packet through $wormhole_link

}

}

  1. Analyze Results
  • For analysis, we can utilise the trace file that are created by NS2 environment:
    • Example for straining the packets lost:

awk ‘/drop/’ trace.tr > dropped_packets.log

  • We will need to envision the performance indicators such as:
    • Throughput, latency, and packet loss to leverage Gnuplot tool.
  1. Simulate Defense Mechanisms
  • Execute the countermeasures of defense strategies for identifying and moderating attacks.
  • Example defense: Intrusion Detection System (IDS).

set ids [new IDS]

$ids set threshold_ 100

$ids monitor $victim

Example TCL Script: Blackhole Attack

# Create a simple topology

set ns [new Simulator]

set tracefile [open blackhole.tr w]

$ns trace-all $tracefile

# Define nodes

set src [$ns node]

set dest [$ns node]

set attacker [$ns node]

# Create links

$ns duplex-link $src $dest 1Mb 10ms DropTail

$ns duplex-link $attacker $dest 1Mb 10ms DropTail

# Attach TCP agents

set tcp [new Agent/TCP]

$ns attach-agent $src $tcp

set sink [new Agent/TCPSink]

$ns attach-agent $dest $sink

$ns connect $tcp $sink

# Configure attacker to drop packets

proc blackhole {node packet} {

if {[$node id] == “attacker”} {

drop $packet

}

}

$ns at 1.0 “blackhole $attacker”

# Start simulation

$ns at 0.5 “$tcp start”

$ns at 5.0 “finish”

proc finish {} {

global ns tracefile

$ns flush-trace

close $tracefile

exit 0

}

$ns run

Tools and Resources

  • Wireshark: Examine the traffic for lost/modified packets utilising Wireshark tool.
  • Gnuplot: It is helps to envision the effect of attack on the network.
  • NS2 Documentation: For custom attack logic, we can know about the altering NS2 core.

Through this approach, we successfully covered concept on how to start and accomplish the Active Attacks Projects simulation by using NS2 simulation environment. You can customize according to the requirements. If you any doubts about this project, we will guide you through another simulation.