Wiki

The router logs all traffic passing through it, and sends this data to the logger.
The logging machine processes all this data, reading it into a database
The analyzer software reads these packets and stores attack data in a database.
1. The Controller class reads the packets from the database in chunks, and saves them to its buffer.
2. The Controller class reads packets from its buffer, determining which connection they go to and then telling that connection to buffer them.
3. The Connection class then passes the packets to each of the attack analyzers.
  1. The analyzers check each packet against the automata, and returns True if they identify an attack.
4. If the analyzers ever identify an attack, they return True. The Controller then logs information about this attack and stores it in the database.
The GUI (backend + frontend) reads and analyzes the attack data from the attack database and displays it to the user.