REAL-TIME TRAFFIC ACQUISITION AND FLOW-LEVEL FEATURE EXTRACTION USING A REALTIME-NET FLOW EXTRACTOR (RTNFE)

Abstract

As cyber threats become more advanced, constantly monitoring network traffic is important for detecting intrusions and stopping them. A new RealTime-NetFlowExtractor (RTNFE) framework was created using Python and combines Scapy, Kafka, and Wireshark through PyShark to read packets in real-time and organize them by flow levels. Because RTNFE has a live-streaming feature and instant buffering, it offers real-time analytics of packets. The features like timestamp, IP addresses of each end, ports, protocol, and counts of bytes and packets, along with flow duration, are all extracted using a parallel, sized sliding window. To simulate real attacks, CICIDS 2018 packets are played back using tcpreplay, which contains both normal and malicious retrieved traffic that is further classified using mathematically modified deep learning technique. Throughput measures the number of packets per second, time to analyze each feature indicates latency, and data concerning packet-to-flow completeness is used for evaluation. According to the outcome, such a system is a good way to perform real-time analytics and can be used in downstream functions such as finding unusual patterns in networks or stopping new attacks.