I need a working, proof-of-concept framework that ingests live and historic network traffic logs, learns from them in near-real time, and flags malicious patterns before they escalate. The core must combine traditional threat-intel techniques with machine-learning pipelines so the system continuously adapts as new data arrives. Here’s what success looks like to me: • A modular data-collection layer that can stream pcap, NetFlow, or similar log formats into a preprocessing engine. • Feature-engineering and model-training code written in Python (feel free to leverage Pandas, scikit-learn, TensorFlow, PyTorch—whatever best suits the task). • A detection component that scores incoming traffic and raises alerts via a simple REST API or CLI output. • Clear documentation covering setup, retraining, and how new data sources—such as endpoint events or social-media threat chatter—could be plugged in later. Because this is time-sensitive, I’d like a first demonstrable build ASAP, followed by rapid iterations until it reliably identifies common attack patterns (e.g., port scans, C2 traffic, data exfiltration anomalies). I’m open to your architectural ideas provided they keep performance high and false positives low. If you have previous experience turning raw packet data into actionable threat intelligence, let’s move quickly: please outline your approach, expected milestones, and how soon you can deliver the initial prototype.