Treffer: REAL-TIME TRAFFIC ACQUISITION AND FLOW-LEVEL FEATURE EXTRACTION USING A REALTIME-NET FLOW EXTRACTOR (RTNFE).

As cyber threats become more advanced, constantly monitoring network traffic is important for detecting intrusions and stopping them. A new RealTime-NetFlowExtractor (RTNFE) framework was created using Python and combines Scapy, Kafka, and Wireshark through PyShark to read packets in real-time and organize them by flow levels. Because RTNFE has a live-streaming feature and instant buffering, it offers realtime analytics of packets. The features like timestamp, IP addresses of each end, ports, protocol, and counts of bytes and packets, along with flow duration, are all extracted using a parallel, sized sliding window. To simulate real attacks, CICIDS 2018 packets are played back using tcpreplay, which contains both normal and malicious retrieved traffic that is further classified using mathematically modified deep learning technique. Throughput measures the number of packets per second, time to analyze each feature indicates latency, and data concerning packet-to-flow completeness is used for evaluation. According to the outcome, such a system is a good way to perform real-time analytics and can be used in downstream functions such as finding unusual patterns in networks or stopping new attacks. [ABSTRACT FROM AUTHOR]

Copyright of Lex Localis: Journal of Local Self-Government is the property of Institute for Local Self-Government & Public Procurement Maribor and its content may not be copied or emailed to multiple sites without the copyright holder's express written permission. Additionally, content may not be used with any artificial intelligence tools or machine learning technologies. However, users may print, download, or email articles for individual use. This abstract may be abridged. No warranty is given about the accuracy of the copy. Users should refer to the original published version of the material for the full abstract. (Copyright applies to all Abstracts.)