Abstract: In the world of network security today, the amount of data moving across systems has become so massive that people simply cannot keep up with it manually. Most security tools just watch and record attacks, but they do not actually stop them while they are happening. This paper explores a different way to handle this by building a "self-healing" system that defends itself in real-time. Instead of using old, pre-made datasets, I built this framework to capture live traffic directly from the network using Wireshark. I designed the pipeline so that this captured stream flows directly into a Random Forest machine learning model. This model is specifically tuned to tell the difference between standard network behavior and someone trying to break in. I wanted to move beyond just alerts or simple notifications, so I built the framework to actually intervene and resolve the issue. It essentially force-triggers a backend Python script that communicates with the system's local firewall. This allows the system to instantly update its own access rules, effectively dropping every single incoming packet that comes from the suspicious IP. This allows the system to rewrite its own filtering rules in real-time to drop every single packet that originates from the attacker's IP. When I ran simulations in a live testbed, the reaction time was incredible—the system effectively "healed" the network gap in just a few milliseconds. This really shows that we can move past the old way of waiting for a person to fix things and instead let the network defend itself automatically before the damage even starts.

Keywords: Cybersecurity, Live Traffic Analysis, Wireshark, Random Forest, Self-Healing Networks, Automated Defense, Network Security, Python Automation.

Downloads: | DOI: 10.17148/IJIREEICE.2026.14456