Sharkticon is an intrusion detection system.

Its specificity is that it uses an anomaly detection system and machine learning, notably the transformers architecture.

Indeed, currently the most known IDS (intrusion detection system) use database of attack signatures to detect attacks.

Obviously a problem arises, if these systems face new attacks. This is not the case with our IDS, which is able to detect attacks that it has never seen thanks to anomaly detection.

See below a schema of the current architecture

Our software consists of two parts.
A first configuration window that will ask you the number of packets you want to see on the graph
then in the future the protocol or protocols on which you want to focus the analysis

Then a loading time will take place while the model is being trained on your network,
then a real time graph will be displayed where you can see the stability of your network.
If an anomaly is detected it will be displayed and saved in the log files.

Here is the list of supported protocols :

 git clone https://github.com/PoCInnovation/Sharkticon.git
 cd Sharkticon
 pip3 install -r requirements.txt

python3 Sharkticon

If you use the CLI, you will have less information
but the essentials like alerts will be available.

Sharkticon uses Wireshark to retrieve the network stream. is then processed by a python script to render it in the format of our model.

For our model we use the transformers architecture, being the state of the art in NLP, we have adapted it and used it in our project. That's why we have focused on the HTTP protocol which is more verbose and therefore where the transformers exploits its qualities at best.

Our model makes a prediction of the next packet from the previous ones, we then use our anomaly detection algorithm to detect if the packet is malicious, if X packets are malicious in a Y time frame then we raise an alert.

Our software is divided into two main parts, training and analysis. Here is the list of features

• Mikaël Vallenet
• Evan Sabre