Distributed network traffic feature extraction for a real-time IDS

Internet traffic as well as network attacks have been growing rapidly that necessitates efficient network traffic monitoring. Many efforts have been put to address this issue; however, rapid monitoring applications are needed. We propose a distributed architecture based intrusion detection system (IDS) that is capable of detecting the anomalies in the network in real-time. To achieve this, we exploit the Apache Spark framework and Netmap- a line-rate packet capturing tool. In this work, we implement one of the challenging modules of an IDS, i.e., feature extraction, and present the computational results of the same for TCP-based traffic. Related results are presented along with the insight gained for future work.