Simulating typical DDoS attack in NS3 network simulator
What is this?
This article is about coding a Distributed Denial of Service Attack simulation in NS-3 discrete event network simulator.
Why do we need it?
Because visual representation of basic concepts which you can play around with is better right?
Where can you get the code?
As part of a community project I am collecting / building multiple cybersecurity simulations and scenarios in NS3 and logging them in GitHub
Saket-Upadhyay/ns3-cybersecurity-simulations
Now this is what this article is all about. Let’s jump into it.
The base model for this attack is relatively simple : We have 3 main nodes Alice [n0] (Legitimate Client), Bob [ n2] (Server Application) and a connecting node in between let’s say Dave [n1].
Legitimate Connection Model
Now we will add as many bots we want to attack the network and let’s call them Mallory [bi | i∈ (N)].
Example Network Setup with 10 Bots
The bots will flood Dave in order to produce network congestion from n1 to n2. This will result in extended communication delay between Alice and Bob and eventually deny the resource for Alice.
Let’s first include all the required headers.
#include <ns3/csma-helper.h>
#include "ns3/mobility-module.h"
#include "ns3/nstime.h"
#include "ns3/core-module.h"
#include "ns3/network-module.h"
#include "ns3/internet-module.h"
#include "ns3/point-to-point-module.h"
#include "ns3/applications-module.h"
#include "ns3/ipv4-global-routing-helper.h"
#include "ns3/netanim-module.h"
Now we define some global configurations so that we can play around with them later.
#define TCP_SINK_PORT 9000
#define UDP_SINK_PORT 9001
//experimental parameters
#define MAX_BULK_BYTES 100000
#define DDOS_RATE "20480kb/s"
#define MAX_SIMULATION_TIME 10.0
//Number of Bots for DDoS
#define NUMBER_OF_BOTS 10
NS_LOG_COMPONENT_DEFINE("DDoSAttack");
using namespace ns3;
Now inside typical main() function we will start creating our Base Model designed above.
#ddos #simulation #cybersecurity #cpp #cplusplus #programming-c