Twitter.com/tetcos linkedin.com/tetcos youtube.com/tetcos

NetSim v9Network Simulation/Emulation Platform

TM

Webinar: Network Attacks and Detection

29th April 2016

NetSimTM

Webinar Contents1. Why use a Network Simulator

2. Introduction to NetSim

3. Introduction to Sinkhole Attack : Attack scenario in MANET using NetSim

4. Intrusion Detection System: Detection mechanism in MANET using NetSim

5. Analyzing Metrics

6. Areas of R & D in MANET

7. Q & A

NetSimTM

Why use a Network Simulator

for research ?

NetSimTM

Communication Networks have become

too complex for traditional analytical

methods or “rules of thumb” to provide an

accurate understanding of system behavior

and possible problems and solutions

NetSimTM

I. Networking traffic will quadruple by 2017 driven by wireless & mobile communication

II. 2+ billion videos watched online every day

III. Mobiles, tablets & sensors to join with existing internet cloud to form “network of things”

I. Mobile Ad-hoc Networks

II. Wireless Sensor Networks

III. Cognitive Radio

IV. LTE / LTE-A

V. Internet of Things (IOT)

50 % of all research papers in IEEE & ACM refer a Network Simulator

Observations in computer networking domain

Key areas of research & development

NetSimTM

Introduction to NetSim

NetSimTM

NetSim is a popular tool for Network Design, Network R & D and defense

applications. It allows users to create network scenarios, model traffic and

study network performance metrics

Wide range of technologies across LAN, WAN, BGP, WLAN, MANET, Wi-MAX,

Cellular(GSM and CDMA), Cognitive Radio, Sensor Networks, IOT and LTE as per

international Standards

Open architecture with protocol C source code for users to write, link and de-

bug.

NetSimTM

NetSim - Customer Segments• Enterprise

• Network design• Network validation

• Defence• Network Centric Warfare

• R&D Labs• Protocol Development• New Technology testing

• Academic• Network Labs (B.Tech/BS), • Advanced Network Labs(M.Tech/MS) – ECE,CSE,IT• Phd thesis/M.Tech Projects

NetSimTM

Technology LibrariesComponent

NoNetworks / Protocols

Component 1

(Base. Required for all components)

Internetworks: Ethernet - Fast & Gigabit, Address Resolution Protocol, WLAN - 802.11 a, b, g , n, ac and e, Propagation

- Free space, Log-normal Shadowing, Rayleigh Fading, IPv4 with VPN, Firewalls, Routing - RIP, OSPF, Queuing - Round

Robin, FIFO, Priority, TCP, UDP.

Common Modules Applications: Traffic Generator: Voice, Video, FTP, Database, HTTP, Email, Peer-to-peer and

Custom. Virtual Network Stack, Simulation Kernel Command Line Interface, Metrics Engine with packet and event trace,

Packet Animator

Component 2 Legacy Networks: Aloha - Pure & Slotted, CSMA/CD, Token Ring, Token Bus, ATM, X.25, Frame Relay,

Multi-Protocol Label Switching (MPLS)

Component 3 BGP Networks: Border Gateway Protocol (BGP)

Component 4 Advanced Wireless Networks: MANET - DSR, AODV, OLSR, ZRP, Wi-Max

Component 5 Cellular Networks - GSM, CDMA

Component 6

(Component 4 required)

Wireless Sensor Networks, IOT & Personal Area Networks: WSN with agent model & battery models ZigBee

Component 7 Cognitive Radio Networks

WRAN

Component 8 Long Term Evolution

LTE

Component 9

(Component 4 required)

Military Radio

TDMA Link 16

NetSimTM

1. New Technologies

• Internet of things

• 802.11 ac (Gigabit Wi-Fi)

• Rate adaptation algorithm for WLAN

• Military Radios: HF, UHF and VHF Bands

2. Network Emulator Add-on Module

• Connect NetSim to Real Devices running Live Application

3. Interfacing with softwares

• MATLAB interface

• Wireshark Interface

4. Accelerated and multithreaded kernel

• Approx. 40x times faster than v8.3 for large simulations

5. Simulation Scale up

• Pro version tested up to 100,000 devices

What’s new in v9

NetSimTM

Introduction to Sinkhole Attack

NetSimTM

Sinkhole Attack in MANET

• Sinkhole attack is one of the severe attacks in wireless Ad hoc network.

• In sinkhole Attack, a compromised node or malicious node advertises wrong routing

information to produce itself as a specific node and receives whole network traffic.

• After receiving whole network traffic it can either modify the packet information or drop

them to make the network complicated.

• Sinkhole attacks affects the performance of Ad hoc networks protocols such as DSR protocol.

NetSimTM

Sinkhole in DSR in NetSim

• In DSR the source broadcasts RREQ packet during Route Discovery.

• The destination on receiving the RREQ packet replies with a RREP packet containing the route to

reach the destination.

• But Intermediate nodes can also send RREP packet to the source if they have a route to the

destination in their route cache.

• Using this loophole the malicious node adds a fake route entry into its route cache with the

destination node as its next hop.

NetSimTM

Sinkhole in DSR in NetSim

• On receiving the RREQ packet from the source the malicious node sends a fake RREP packet with

the fake route.

• The source node on receiving this packet observes this as a better route to the destination.

• All the Network Traffic is attracted towards the Sinkhole (Malicious Node) and it can either modify

the packet information or simply drop the packet (NetSim implementation)

NetSimTM

Malicious.c• A file Malicious.c is added to the DSR project which contains the following functions:

• fn_NetSim_DSR_MaliciousNode( ) - This function is used to identify whether a current device is malicious or not in-order to establish malicious behavior

• fn_NetSim_DSR_MaliciousRouteAddToCache() - This function is used to add a fake route entry into the route cache of the malicious device with its next hop as the destination

• fn_NetSim_DSR_MaliciousProcessSourceRouteOption() - This function is used to drop the received packets if the device is malicious, instead of forwarding the packet to the next hop

NetSimTM

Simulation of sinkhole attack in NetSim

Source – Device id 1

Destination – Device id 6

Sinkhole (malicious node) – Device id 2

NetSimTM

Intrusion Detection System

NetSimTM

Introduction• An intrusion detection system (IDS) monitors network for malicious activities

• Once an attack is identified, or abnormal behaviour is sensed, measures are taken to recover from the attack.

• The system also keeps track of the intruders so as to avoid further attacks in future.

NetSimTM

IDS in NetSimIn NetSim Intrusion Detection System has two major functionalities

1.Watchdog• A watchdog timer is added to each Node in the Network.

• The timer starts the moment a packet is sent.

• Once the packet is forwarded to the next hop within the Watchdog time duration.

• If the next hop is malicious then it need not forward the packet (as per the sinkhole attack implemented)

• A counter is used to keep track of number of time watchdog timer expires.

• Once the counter reaches the failure threshold the current node marks its next hop as malicious and sends it for blacklisting.

2.Pathrater• Adds malicious nodes to blacklist.

• Validates routes by verifying route reply.

• Discards route reply if blacklisted nodes are present in it.

NetSimTM

Watchdog.c

Some of the important functions are:

• add_watchdog_timer() - Adds a watchdog timer to each Node in the Network.

• watchdog_timer_execute() - Checks if the packet is sent before timer expiry & checks if failure threshold is reached.

Pathrater.c

Some of the important functions are:

• add_to_blacklist() - Adds malicious nodes to blacklist of the current device

• verify_route_reply() - Checks if the IP addresses in the route reply contains the IP of any blacklisted node.

IDS in NetSim

NetSimTM

Simulation of IDS in NetSim

Source – Device id 1

Destination – Device id 6

Intruder (malicious node) – Device id 3 , Device id 4

IDS running in all the nodes

Analyzing Metrics:

Comparison of Network performance

NetSimTM

Comparison of Throughput• Normal working

• After attack

• With IDS

0

0.02

0.04

0.06

0.08

0.1

0.12

Throughput

Normal

Attack

IDS

NetSimTM

Comparison of Application Delay

0

5000000

10000000

15000000

20000000

25000000

30000000

35000000

40000000

Delay

Application Delay

Normal

Attack

IDS

NetSimTM

Youtube Channel

http://www.youtube.com/tetcos

NetSimTM

Over 300+ Customers across 15 countries

Education - International

Defence / Space / Industry

Education - India

NetSimTM

Research Areas in MANET

• Routing protocols – Location based, Power aware etc.

• QoS in adhoc networks

• Intrusion detection

• Performance Analysis

• Vehicular adhoc networks etc.,

The Project Codes of Sinkhole Attack, IDS and other projects in different Networks can be accessed using the link:

http://www.tetcos.com/File_Exchange/

NetSimTM

Q & A Session

Note: Depending on the available time, we will try to cover all your questions. In case your query is not answered, we assure you to answer your question via email.

NetSimTM

For technical information contact

Visit: www.tetcos.com

E-mail: sales@tetcos.com

Tele-fax: +91 80 2663 062411

For Commercial information:please contact our local channel partner available at http://tetcos.com/listcp.html