🐉 PacketHunter

High-Performance DDoS Detection Engine

A cybersecurity tool inspired by Dragon Ball's "Fusion" technique — combining the power of multiprocessing to detect DDoS attacks in massive network logs at lightning speed.

---

Screenshots

Dashboard Overview The main Scouter Dashboard interface showing real-time CPU monitoring, attack statistics, and the live traffic log panel.	Fusion Mode Active The Fusion Engine engaged — multiprocessing in action, scanning network packets across all CPU cores simultaneously.
DDoS Detection Real-time threat detection identifying malicious DDoS packets, with attack counters and top targeted ports analysis.	Settings Configuration Configure detection thresholds, processing modes, and customize your PacketHunter scanning parameters.
Restart & Reset Reset the scanner state and restart analysis — clear previous results and begin a fresh scan cycle.

---

The Core Philosophy

This project follows the Dragon Ball methodology for high-performance computing:

Mode	Description	Performance
Base Form	Single-core Pandas processing. Reliable, but slow.	1x
Fusion Technique	Multiprocessing Pool splitting logs into chunks for simultaneous scanning.	Up to 4x+
The Scouter	A Textual-based TUI dashboard providing real-time threat intelligence.	—

---

Tech Stack

Category	Technologies
Language	Python 3.9+
Data Processing	Pandas, NumPy
Terminal UI	Textual, Rich
Performance	Python Multiprocessing (Pool)
Monitoring	psutil (CPU/Memory)

---

Installation

# Clone the repository
git clone https://github.com/achrafS133/PacketHunter.git
cd PacketHunter

# Create virtual environment
python -m venv .venv

# Activate virtual environment
# Windows:
.\.venv\Scripts\activate
# Linux/Mac:
source .venv/bin/activate

# Install dependencies
pip install -r requirements.txt

---

Usage

Launch the Scouter Dashboard (Terminal)

python main.py

Launch in Web Browser

python serve_web.py

Then open: http://127.0.0.1:8000

Keyboard Controls

Key	Action
S	Single Fusion — Analyze default dataset
F	Full Planet Scan — Analyze all CSVs in DATASET folder
Q	Exit the application

---

Benchmarks

Run the performance showdown to compare sequential vs parallel processing:

# Sequential baseline
python benchmarks/01_sequential_baseline.py

# Parallel fusion mode
python benchmarks/02_parallel_fusion.py

# Full comparison
python benchmarks/performance_showdown.py

---

📂 Project Structure

PacketHunter/
├── 📁 packethunter/          # Core detection & multiprocessing logic
│   ├── config.py             # Configuration constants
│   ├── detector.py           # DDoS pattern analysis
│   └── fusion.py             # Multiprocessing engine
├── 📁 scouter/               # TUI Application components
│   ├── app.py                # Main Textual app
│   └── widgets/              # UI components (CPU, counters, etc.)
├── 📁 benchmarks/            # Performance testing scripts
├── 📁 DATASET/               # CIC-IDS2017 network logs
├── 📁 assets/                # Screenshots & images
├── main.py                   # Entry point
├── serve_web.py              # Web server for browser access
└── requirements.txt          # Dependencies

---

Dataset

This project uses the CIC-IDS2017 dataset, a comprehensive intrusion detection dataset containing:

• Benign traffic — Normal network activity
• DDoS attacks — Distributed Denial of Service
• DoS variants — Slowloris, Hulk, GoldenEye, Slowhttptest

---

Contributing

Contributions are welcome! Feel free to:

1. Fork the repository
2. Create a feature branch (git checkout -b feature/amazing-feature)
3. Commit your changes (git commit -m 'Add amazing feature')
4. Push to the branch (git push origin feature/amazing-feature)
5. Open a Pull Request

---

License

This project is licensed under the MIT License - see the LICENSE file for details.

---

Made with 🐉 by Achraf

"The power of Fusion... ACTIVATED!"