Port Scanning and Traffic Analysis System Using Artificial Intelligence
DOI:
https://doi.org/10.64059/eiu.v4i4.61Keywords:
Port scanning, network traffic analysis, intrusion detection, Machine Learning, Random Forest, CICIDS2017, Network SecurityAbstract
This paper presents an integrated system for port scanning and network traffic analysis that leverages machine learning to detect malicious activity in real time. The proposed platform combines three core components—an active port scanner, a passive packet sniffer, and an AI-based classifier—within a unified graphical user interface. The system is implemented in Python using the socket library for TCP SYN and UDP scans, Scapy for packet capture and flow-based feature extraction, and a Random Forest model built with scikit-learn. Both synthetic traffic, generated using Scapy, and real traffic from the CICIDS2017 dataset are used to train and evaluate the model on 15 temporal, statistical and behavioral features. Experiments conducted on a lab network with 50 devices show that the port-scanning module detects 98% of open ports with a scanning speed of 120 ports per second and a false-positive rate of 2%. On the traffic classification task, the AI engine achieves 95% accuracy, 93% precision, 96% recall and a 94.5% F1-score while processing up to 1,200 packets per second with less than 50 ms detection latency. Compared with Snort and Wireshark, the proposed system improves detection accuracy and reduces false positives, while obtaining a usability rating of 4.7/5 from test users. These results indicate that integrating port scanning, traffic analysis and AI in a single tool can significantly enhance practical network monitoring and intrusion detection.
References
Abu Bakar, R., & Kijsirikul, B. (2023). Enhancing Network Visibility and Security with Advanced Port Scanning Techniques. Sensors, 23(17), 7541. https://doi.org/10.3390/s23177541
Bhardwaj, A., Mangat, V., Vig, R., Halder, S., & Conti, M. (2021). Distributed denial of service attacks in cloud: State-of-the-art of scientific and commercial solutions. Computer Science Review, 39, 100332. https://doi.org/10.1016/j.cosrev.2020.100332
Djenna, A., Harous, S., & Saidouni, D. E. (2021). Internet of Things Meet Internet of Threats: New Concern Cyber Security Issues of Critical Cyber Infrastructure. Applied Sciences, 11(10), 4580. https://doi.org/10.3390/app11104580
Jakkani, A. K. (2024). Real-Time Network Traffic Analysis and Anomaly Detection to Enhance Network Security and Performance: Machine Learning Approaches. Journal of Electronics, Computer Networking and Applied Mathematics , 4(4), 32–44. https://doi.org/10.55529/jecnam.44.32.44
Liu, Q., Hagenmeyer, V., & Keller, H. B. (2021). A Review of Rule Learning-Based Intrusion Detection Systems and Their Prospects in Smart Grids. IEEE Access, 9, 57542–57564. https://doi.org/10.1109/access.2021.3071263
Markowsky, L., & Markowsky, G. (2015). Scanning for vulnerable devices in the Internet of Things. Proceedings of the 2015 IEEE 8th International Conference on Intelligent Data Acquisition and Advanced Computing Systems: Technology and Applications, IDAACS 2015, 1, 463–467. https://doi.org/10.1109/IDAACS.2015.7340779
Mashaleh, A. S., Almseidin, M., Alhamadeen, H., Aljarrah, S. J., Alauthman, M., Gawanmeh, A., & Qiqieh, I. (2025). A Hybrid Approach for Anomaly Detection with PCA-Driven CNNs. 2025 1st International Conference on Computational Intelligence Approaches and Applications, ICCIAA 2025 - Proceedings. https://doi.org/10.1109/ICCIAA65327.2025.11013445
Mirza, A. (2023). Port Scanning: Techniques, Tools and Detection. https://doi.org/10.31224/3053
Ozkan-Okay, M., Akin, E., Aslan, Ö., Kosunalp, S., Iliev, T., Stoyanov, I., & Beloev, I. (2024). A Comprehensive Survey: Evaluating the Efficiency of Artificial Intelligence and Machine Learning Techniques on Cyber Security Solutions. IEEE Access, 12, 12229–12256. https://doi.org/10.1109/access.2024.3355547
thesis, T. V.-M., TKK, H. U. of T., & 2004, undefined. (2004). Traffic analysis and modeling of IP core networks. Netlab.Tkk.FiT ViipuriMaster’s Thesis, Helsinki University of Technology TKK, 2004•netlab.Tkk.Fi. http://www.netlab.tkk.fi/julkaisut/tyot/diplomityot/1039/diplomityo.pdf
Timo Viipuri. (2004). Traffic analysis and modeling of IP core networks. Master’s thesis, Helsinki University of Technology TKK.
Downloads
Published
Issue
Section
Categories
License
Copyright (c) 2025 the Author(s).
This work is licensed under a Creative Commons Attribution 4.0 International License.
