Twitter.com/tetcos linkedin.com/tetcos youtube.com/tetcos
NetSim v9Network Simulation/Emulation Platform
TM
Webinar: Network Attacks and Detection
29th April 2016
NetSimTM
Webinar Contents1. Why use a Network Simulator
2. Introduction to NetSim
3. Introduction to Sinkhole Attack : Attack scenario in MANET using NetSim
4. Intrusion Detection System: Detection mechanism in MANET using NetSim
5. Analyzing Metrics
6. Areas of R & D in MANET
7. Q & A
NetSimTM
Why use a Network Simulator
for research ?
NetSimTM
Communication Networks have become
too complex for traditional analytical
methods or “rules of thumb” to provide an
accurate understanding of system behavior
and possible problems and solutions
NetSimTM
I. Networking traffic will quadruple by 2017 driven by wireless & mobile communication
II. 2+ billion videos watched online every day
III. Mobiles, tablets & sensors to join with existing internet cloud to form “network of things”
I. Mobile Ad-hoc Networks
II. Wireless Sensor Networks
III. Cognitive Radio
IV. LTE / LTE-A
V. Internet of Things (IOT)
50 % of all research papers in IEEE & ACM refer a Network Simulator
Observations in computer networking domain
Key areas of research & development
NetSimTM
Introduction to NetSim
NetSimTM
NetSim is a popular tool for Network Design, Network R & D and defense
applications. It allows users to create network scenarios, model traffic and
study network performance metrics
Wide range of technologies across LAN, WAN, BGP, WLAN, MANET, Wi-MAX,
Cellular(GSM and CDMA), Cognitive Radio, Sensor Networks, IOT and LTE as per
international Standards
Open architecture with protocol C source code for users to write, link and de-
bug.
NetSimTM
NetSim - Customer Segments• Enterprise
• Network design• Network validation
• Defence• Network Centric Warfare
• R&D Labs• Protocol Development• New Technology testing
• Academic• Network Labs (B.Tech/BS), • Advanced Network Labs(M.Tech/MS) – ECE,CSE,IT• Phd thesis/M.Tech Projects
NetSimTM
Technology LibrariesComponent
NoNetworks / Protocols
Component 1
(Base. Required for all components)
Internetworks: Ethernet - Fast & Gigabit, Address Resolution Protocol, WLAN - 802.11 a, b, g , n, ac and e, Propagation
- Free space, Log-normal Shadowing, Rayleigh Fading, IPv4 with VPN, Firewalls, Routing - RIP, OSPF, Queuing - Round
Robin, FIFO, Priority, TCP, UDP.
Common Modules Applications: Traffic Generator: Voice, Video, FTP, Database, HTTP, Email, Peer-to-peer and
Custom. Virtual Network Stack, Simulation Kernel Command Line Interface, Metrics Engine with packet and event trace,
Packet Animator
Component 2 Legacy Networks: Aloha - Pure & Slotted, CSMA/CD, Token Ring, Token Bus, ATM, X.25, Frame Relay,
Multi-Protocol Label Switching (MPLS)
Component 3 BGP Networks: Border Gateway Protocol (BGP)
Component 4 Advanced Wireless Networks: MANET - DSR, AODV, OLSR, ZRP, Wi-Max
Component 5 Cellular Networks - GSM, CDMA
Component 6
(Component 4 required)
Wireless Sensor Networks, IOT & Personal Area Networks: WSN with agent model & battery models ZigBee
Component 7 Cognitive Radio Networks
WRAN
Component 8 Long Term Evolution
LTE
Component 9
(Component 4 required)
Military Radio
TDMA Link 16
NetSimTM
1. New Technologies
• Internet of things
• 802.11 ac (Gigabit Wi-Fi)
• Rate adaptation algorithm for WLAN
• Military Radios: HF, UHF and VHF Bands
2. Network Emulator Add-on Module
• Connect NetSim to Real Devices running Live Application
3. Interfacing with softwares
• MATLAB interface
• Wireshark Interface
4. Accelerated and multithreaded kernel
• Approx. 40x times faster than v8.3 for large simulations
5. Simulation Scale up
• Pro version tested up to 100,000 devices
What’s new in v9
NetSimTM
Introduction to Sinkhole Attack
NetSimTM
Sinkhole Attack in MANET
• Sinkhole attack is one of the severe attacks in wireless Ad hoc network.
• In sinkhole Attack, a compromised node or malicious node advertises wrong routing
information to produce itself as a specific node and receives whole network traffic.
• After receiving whole network traffic it can either modify the packet information or drop
them to make the network complicated.
• Sinkhole attacks affects the performance of Ad hoc networks protocols such as DSR protocol.
NetSimTM
Sinkhole in DSR in NetSim
• In DSR the source broadcasts RREQ packet during Route Discovery.
• The destination on receiving the RREQ packet replies with a RREP packet containing the route to
reach the destination.
• But Intermediate nodes can also send RREP packet to the source if they have a route to the
destination in their route cache.
• Using this loophole the malicious node adds a fake route entry into its route cache with the
destination node as its next hop.
NetSimTM
Sinkhole in DSR in NetSim
• On receiving the RREQ packet from the source the malicious node sends a fake RREP packet with
the fake route.
• The source node on receiving this packet observes this as a better route to the destination.
• All the Network Traffic is attracted towards the Sinkhole (Malicious Node) and it can either modify
the packet information or simply drop the packet (NetSim implementation)
NetSimTM
Malicious.c• A file Malicious.c is added to the DSR project which contains the following functions:
• fn_NetSim_DSR_MaliciousNode( ) - This function is used to identify whether a current device is malicious or not in-order to establish malicious behavior
• fn_NetSim_DSR_MaliciousRouteAddToCache() - This function is used to add a fake route entry into the route cache of the malicious device with its next hop as the destination
• fn_NetSim_DSR_MaliciousProcessSourceRouteOption() - This function is used to drop the received packets if the device is malicious, instead of forwarding the packet to the next hop
NetSimTM
Simulation of sinkhole attack in NetSim
Source – Device id 1
Destination – Device id 6
Sinkhole (malicious node) – Device id 2
NetSimTM
Intrusion Detection System
NetSimTM
Introduction• An intrusion detection system (IDS) monitors network for malicious activities
• Once an attack is identified, or abnormal behaviour is sensed, measures are taken to recover from the attack.
• The system also keeps track of the intruders so as to avoid further attacks in future.
NetSimTM
IDS in NetSimIn NetSim Intrusion Detection System has two major functionalities
1.Watchdog• A watchdog timer is added to each Node in the Network.
• The timer starts the moment a packet is sent.
• Once the packet is forwarded to the next hop within the Watchdog time duration.
• If the next hop is malicious then it need not forward the packet (as per the sinkhole attack implemented)
• A counter is used to keep track of number of time watchdog timer expires.
• Once the counter reaches the failure threshold the current node marks its next hop as malicious and sends it for blacklisting.
2.Pathrater• Adds malicious nodes to blacklist.
• Validates routes by verifying route reply.
• Discards route reply if blacklisted nodes are present in it.
NetSimTM
Watchdog.c
Some of the important functions are:
• add_watchdog_timer() - Adds a watchdog timer to each Node in the Network.
• watchdog_timer_execute() - Checks if the packet is sent before timer expiry & checks if failure threshold is reached.
Pathrater.c
Some of the important functions are:
• add_to_blacklist() - Adds malicious nodes to blacklist of the current device
• verify_route_reply() - Checks if the IP addresses in the route reply contains the IP of any blacklisted node.
IDS in NetSim
NetSimTM
Simulation of IDS in NetSim
Source – Device id 1
Destination – Device id 6
Intruder (malicious node) – Device id 3 , Device id 4
IDS running in all the nodes
Analyzing Metrics:
Comparison of Network performance
NetSimTM
Comparison of Throughput• Normal working
• After attack
• With IDS
0
0.02
0.04
0.06
0.08
0.1
0.12
Throughput
Normal
Attack
IDS
NetSimTM
Comparison of Application Delay
0
5000000
10000000
15000000
20000000
25000000
30000000
35000000
40000000
Delay
Application Delay
Normal
Attack
IDS
NetSimTM
Over 300+ Customers across 15 countries
Education - International
Defence / Space / Industry
Education - India
NetSimTM
Research Areas in MANET
• Routing protocols – Location based, Power aware etc.
• QoS in adhoc networks
• Intrusion detection
• Performance Analysis
• Vehicular adhoc networks etc.,
The Project Codes of Sinkhole Attack, IDS and other projects in different Networks can be accessed using the link:
http://www.tetcos.com/File_Exchange/
NetSimTM
Q & A Session
Note: Depending on the available time, we will try to cover all your questions. In case your query is not answered, we assure you to answer your question via email.
NetSimTM
For technical information contact
Visit: www.tetcos.com
E-mail: [email protected]
Tele-fax: +91 80 2663 062411
For Commercial information:please contact our local channel partner available at http://tetcos.com/listcp.html