Existing flow-based intrusion detection methods rely heavily on manual feature engineering and flow-level statistics, resulting in high latency, poor real-time performance, and limited efficacy against zero-day and encrypted attacks. To address these limitations, this paper proposes an end-to-end, packet-level real-time detection framework: raw byte sequences from consecutive packets are losslessly mapped onto two-dimensional image windows and directly fed into a lightweight CNN for sliding-window inference—bypassing feature extraction and flow reconstruction entirely. We introduce the first “packet-to-image” lossless mapping paradigm, eliminating dependencies on intermediate software modules and assumptions underlying flow statistics. Evaluated on the CIC-IDS2017 dataset, our approach achieves millisecond-scale latency, high classification accuracy, and strong generalization to previously unseen attacks. This work establishes a novel paradigm for real-time network threat sensing.

Most of the intrusion detection methods in computer networks are based on traffic flow characteristics. However, this approach may not fully exploit the potential of deep learning algorithms to directly extract features and patterns from raw packets. Moreover, it impedes real-time monitoring due to the necessity of waiting for the processing pipeline to complete and introduces dependencies on additional software components. In this paper, we investigate deep learning methodologies capable of detecting attacks in real-time directly from raw packet data within network traffic. We propose a novel approach where packets are stacked into windows and separately recognised, with a 2D image representation suitable for processing with computer vision models. Our investigation utilizes the CIC IDS-2017 dataset, which includes both benign traffic and prevalent real-world attacks, providing a comprehensive foundation for our research.