How to Implement intrusion attacks in OMNeT++
To implement intrusion attacks in OMNeT++, we have to simulate different kinds of network intrusion that has an attacker tries to gets the illegal access to network resources or interrupts normal network operations. This attack can starts from simple brute-force attempts to complicated methods like man-in-the-middle (MitM) attacks or advanced persistent threats (APTs). Below is a step-by-step execution of intrusion attacks in OMNeT++:
Step-by-Step Implementation:
- Set Up OMNeT++ and INET Framework
- Make sure to install the OMNeT++ and INET framework and configured properly. The INET framework offers essential modules for simulating network protocols and actions, which you can expand to model different intrusion attacks.
- Define the Network Topology
- State a network topology in a .ned file that has legitimate network nodes (example: clients, servers, routers) and an attacker node that will perform the intrusion.
Example:
network IntrusionAttackNetwork
{
submodules:
client: StandardHost;
server: StandardHost;
router: Router;
attacker: StandardHost;
connections:
client.ethg++ <–> Eth10G <–> router.ethg++;
attacker.ethg++ <–> Eth10G <–> router.ethg++;
router.ethg++ <–> Eth10G <–> server.ethg++;
}
- The attacker node is connected to the network and while the client and server starts to communicate, it will try to intrude or disrupt the communication.
- Implement Different Types of Intrusion Attacks
- Brute-Force Attack
- Objective: Gain unapproved entrée to a network service by trying various username/password combinations until the correct one is found.
- Implementation: Configure the attacker node to frequently attempt to log in to the server using various credentials.
Example configuration:
*.attacker.numApps = 1
*.attacker.app[0].typename = “TcpBasicClientApp”
*.attacker.app[0].connectAddress = “server”
*.attacker.app[0].connectPort = 22 // Assuming SSH service
*.attacker.app[0].requestData = “LOGIN username password\r\n”
*.attacker.app[0].sendInterval = 0.5s
- The attacker sends login requests to the server, trying many combinations in rapid succession.
- Man-in-the-Middle (MitM) Attack
- Objective: Intercept and possibly alter the communication amongst two parties without their knowledge.
- Implementation: Generate an attacker node that intercepts packets amongst the client and server, possibly changing or logging them.
Sample implementation:
class MitMAttack : public cSimpleModule
{
protected:
virtual void initialize() override;
virtual void handleMessage(cMessage *msg) override;
};
void MitMAttack::initialize()
{
// No initialization needed
}
void MitMAttack::handleMessage(cMessage *msg)
{
cPacket *pkt = check_and_cast<cPacket *>(msg);
EV << “Intercepted packet: ” << pkt->getFullName() << ” of size ” << pkt->getByteLength() << ” bytes.\n”;
// Optionally modify the packet
// send(pkt, “out”); // Forward the packet after logging or modification
}
Define_Module(MitMAttack);
- The MitMAttack module seize packets passing over the attacker and logs or alter them before forwarding.
- SQL Injection Attack
- Objective: To insert malicious SQL queries, we have to exploit vulnerabilities in a web application.
- Implementation: Simulate an attacker sending crafted requests to a web server, which contains malicious SQL code.
Example configuration:
*.attacker.numApps = 1
*.attacker.app[0].typename = “TcpBasicClientApp”
*.attacker.app[0].connectAddress = “server”
*.attacker.app[0].connectPort = 80
*.attacker.app[0].requestData = “GET /search?query=’ OR ‘1’=’1′ — HTTP/1.1\r\nHost: server\r\n\r\n”
*.attacker.app[0].sendInterval = 1s
- The attacker sends HTTP requests as well as SQL injection payloads to the server.
- Denial of Service (DoS) Attack
- Objective: Devastate a server or network with a flood of requests, making it unavailable to legal users.
- Implementation: Configure the attacker node to send a huge amount of requests to the server in a short period.
Example configuration:
*.attacker.numApps = 1
*.attacker.app[0].typename = “UdpBasicApp”
*.attacker.app[0].destAddr = “server”
*.attacker.app[0].localPort = 5000
*.attacker.app[0].messageLength = 1024B
*.attacker.app[0].sendInterval = 0.01s # High frequency to simulate a flood
- The attacker sends a flood of UDP packets to the server, simulating a DoS attack.
- Run the Simulation
- Compile and run the OMNeT++ simulation. The attacker node will implement the configured intrusion attack on the network.
- Analyze the Results
- Monitor the impact of the intrusion attack using in-built tools of OMNeT++. Focus on metrics like network throughput, server response times, packet loss, communication delays, and the success or failure of the attack.
- Evaluate how the network and its nodes reacts to the intrusion attempts and whether they are successful or detected.
- Enhancements and Variations
- Combination of Attacks: Simulate multiple types of intrusion attacks concurrently to study their combined impact on the network.
- Defensive Mechanisms: Execute network defenses like firewalls, intrusion detection systems (IDS), rate limiting, or encryption, and monitor their efficiency against the attacks.
- Advanced Persistent Threat (APT): Simulate an advanced intrusion where the attacker remains undetected for a long time, aggregating sensitive information or slowly disrupting operations.
Example Files
You might create the following files as part of the simulation:
- IntrusionAttackNetwork.ned: State the network topology.
- omnetpp.ini: Has configuration settings for the intrusion attacks.
- MitMAttack.cc: For the Man-in-the-Middle attack, we have to custom the C++ code, if you choose to create one.
Finally, this guide is about implementing different types of intrusion attacks in OMNeT++ using the INET framework and displays the intrusion raises during the communication. If you need to know anything apart from this demonstration, we can guide you. We keep ourselves informed about the newest concepts related to intrusion attacks in the OMNeT++ tool, so you can get the best project topics from us.