Patent-pending technology for real-time network threat detection using computer vision on edge hardware.
Traditional network intrusion detection systems (IDS) rely on signature matching — comparing packets against known attack patterns. This approach fails against novel attacks, zero-day exploits, and AI-generated attack chains. As autonomous AI systems like Anthropic's Claude Mythos Preview demonstrate the ability to discover and exploit vulnerabilities across every major operating system, signature-based detection becomes fundamentally insufficient.
NetworkVision converts raw network traffic into 2D images called Network Activity Images (NAIs), then applies YOLO-style object detection to identify and localize threats in real-time.
Each NAI is a multi-channel image where:
| Channel | Data | Purpose |
|---|---|---|
| 0 | Packet Size | Payload volume per flow |
| 1 | Packet Count | Activity density |
| 2 | Protocol | TCP/UDP/ICMP distribution |
| 3 | TCP Flags | Connection state patterns |
| 4 | Direction | Inbound vs outbound |
| 5 | Inter-Arrival Time | Timing patterns |
| 6 | Byte Ratio | Asymmetric transfer detection |
| 7 | Unique Dest Ports | Scan behavior |
| 8 | SYN/ACK Ratio | Connection anomalies |
| 9 | Connection Duration | Persistent vs ephemeral flows |
Rows represent flows (mapped via consistent hashing), columns represent time bins within a 30-second window. The result is a spatial representation where attack patterns form visually distinct signatures.
Stage 1 — Binary Classifier: Fast triage model determines if a NAI contains any threat. 83KB, 0.28ms inference on Coral Edge TPU.
Stage 2 — YOLO Localizer: If a threat is detected, the localizer identifies threat type and location within the NAI using bounding-box regression. 376KB, 0.21ms on Coral Edge TPU.
Combined inference: 0.49ms — enabling real-time detection at line rate on a $70 edge device.
| Class | NAI Pattern | Description |
|---|---|---|
| Port Scan | Horizontal spread across many destination ports | Reconnaissance activity probing for open services |
| DoS/DDoS | Dense vertical bands from many sources | Volumetric or application-layer denial of service |
| Exploit | Concentrated bursts with unusual flag patterns | Active exploitation attempts |
| Web Attack | HTTP-port focused with asymmetric byte ratios | SQL injection, XSS, path traversal |
| Botnet/C2 | Periodic beacon patterns to external IPs | Command and control communication |
| Brute Force | Repeated connections to auth ports | Credential stuffing and password attacks |
| Benign | Normal traffic distribution | Legitimate network activity |
Training data is generated automatically using a Suricata Oracle pipeline:
1. Raw packets are captured via raw sockets and converted to NAIs every 30 seconds.
2. Suricata IDS runs in parallel, generating signature-based alerts.
3. Alerts are matched to specific flows within each NAI window.
4. NAIs are labeled with the corresponding threat class.
5. The model is periodically retrained on new labeled data.
This creates a self-improving detection loop where the signature-based IDS teaches the behavioral model, which then generalizes to detect novel attacks the IDS would miss.
| Platform | Binary Classifier | YOLO Localizer | Combined | Power |
|---|---|---|---|---|
| Pi 5 CPU | 0.32ms | 0.70ms | 1.02ms | ~5W |
| Coral Edge TPU | 0.28ms | 0.21ms | 0.49ms | ~0.5W |
| Hailo-10H | 20 TOPS INT8 — multi-model capable | ~2.5W | ||
AI systems can now autonomously discover and exploit zero-day vulnerabilities. Every novel exploit generates unique byte-level signatures that evade traditional IDS. But the network behavior remains detectable:
• Reconnaissance still produces scan patterns
• Exploitation still requires packet delivery
• Lateral movement creates new internal flows
• C2 channels produce periodic beacons
• Exfiltration creates asymmetric byte ratios
NetworkVision detects these behavioral patterns regardless of the specific exploit, making it resilient to novel and AI-generated attacks.
Patent Pending Provisional Filed April 2026 14 Claims Micro Entity
For partnership inquiries: Partners@NetworkVision.org