# Data Preprocessing
This notebook is centered around conducting preprocessing for the data. While the code is implemented in the `utils.data_preprocessing` module, it is laid out here with clear documentation and steps for ease of use.

In [2]:
# Data management
import pandas as pd

print('Imports complete.')

Imports complete.


We need to bring in the data so we can analyze it. There are two levels in the dataset, labelled as `l1` and `l2`. We will start with `l1`:

In [5]:
# Import the data
path = '/media/notclaytonjohnson/Seagate Portable Drive/Data/doh_dataset/Total-CSVs/'
filename = 'l1-doh.csv'
df0 = pd.read_csv(path + filename)

print('Data read:')
df0.head()

Data read:


Unnamed: 0,SourceIP,DestinationIP,SourcePort,DestinationPort,TimeStamp,Duration,FlowBytesSent,FlowSentRate,FlowBytesReceived,FlowReceivedRate,...,PacketTimeCoefficientofVariation,ResponseTimeTimeVariance,ResponseTimeTimeStandardDeviation,ResponseTimeTimeMean,ResponseTimeTimeMedian,ResponseTimeTimeMode,ResponseTimeTimeSkewFromMedian,ResponseTimeTimeSkewFromMode,ResponseTimeTimeCoefficientofVariation,Label
0,192.168.20.191,176.103.130.131,50749,443,2020-01-14 15:49:11,95.08155,62311,655.342703,65358,687.388878,...,0.574626,0.001053,0.032457,0.027624,0.026854,0.026822,0.071187,0.024715,1.174948,DoH
1,192.168.20.191,176.103.130.131,50749,443,2020-01-14 15:50:52,122.309318,93828,767.136973,101232,827.672018,...,0.509047,0.00117,0.0342,0.024387,0.021043,0.026981,0.293297,-0.075845,1.402382,DoH
2,192.168.20.191,176.103.130.131,50749,443,2020-01-14 15:52:55,120.958413,38784,320.639127,38236,316.108645,...,0.732636,0.000785,0.028021,0.029238,0.026921,0.026855,0.248064,0.085061,0.958348,DoH
3,192.168.20.191,176.103.130.131,50749,443,2020-01-14 15:54:56,110.50108,61993,561.017141,69757,631.278898,...,0.646859,0.000411,0.020274,0.019925,0.019268,0.026918,0.097199,-0.344926,1.017535,DoH
4,176.103.130.131,192.168.20.191,443,50749,2020-01-14 15:56:46,54.229891,83641,1542.341289,76804,1416.266907,...,0.507334,0.079079,0.281209,0.02593,4.7e-05,2.1e-05,0.276133,0.092135,10.844829,DoH


This dataset only contains the samples with the DoH classification. Let's verify that fact. 

In [7]:
dep_var = 'Label'
df0[dep_var].value_counts()

DoH    269643
Name: Label, dtype: int64

Yep! No other classifications are present here! Let's bring in the non-doh samples and see if we can merge these two dataframes.

In [8]:
# Import the data
path = '/media/notclaytonjohnson/Seagate Portable Drive/Data/doh_dataset/Total-CSVs/'
filename = 'l1-nondoh.csv'
df1 = pd.read_csv(path + filename)

print('Data read:')
df1.head()

Data read:


Unnamed: 0,SourceIP,DestinationIP,SourcePort,DestinationPort,TimeStamp,Duration,FlowBytesSent,FlowSentRate,FlowBytesReceived,FlowReceivedRate,...,PacketTimeCoefficientofVariation,ResponseTimeTimeVariance,ResponseTimeTimeStandardDeviation,ResponseTimeTimeMean,ResponseTimeTimeMedian,ResponseTimeTimeMode,ResponseTimeTimeSkewFromMedian,ResponseTimeTimeSkewFromMode,ResponseTimeTimeCoefficientofVariation,Label
0,72.21.91.42,192.168.20.191,443,51041,2020-01-14 15:49:01,4.54404,11256331,2477164.0,159324,35062.191354,...,0.580949,1.107852e-07,0.000333,2.7e-05,1.6e-05,1.4e-05,0.096659,0.038228,12.454823,NonDoH
1,192.168.20.191,195.201.169.48,51043,443,2020-01-14 15:49:03,8.171041,930,113.8166,11936,1460.768585,...,1.745138,3.224052,1.795565,0.886579,0.103698,0.0009,1.308024,0.493259,2.025273,NonDoH
2,192.168.20.191,96.17.115.57,51021,443,2020-01-14 15:49:03,0.033776,162,4796.305,138,4085.741355,...,0.500002,0.0,0.0,0.033683,0.033683,0.033683,-10.0,-10.0,0.0,NonDoH
3,192.168.20.191,96.114.14.140,50308,443,2020-01-14 15:49:03,0.060723,108,1778.568,120,1976.186947,...,0.57735,0.0,0.0,0.060687,0.060687,0.060687,-10.0,-10.0,0.0,NonDoH
4,192.168.20.191,23.78.199.198,50983,443,2020-01-14 15:49:03,0.019545,55,2814.019,66,3376.822717,...,1.0,0.0,0.0,0.019545,0.019545,0.019545,-10.0,-10.0,0.0,NonDoH


In [9]:
df1[dep_var].value_counts()

NonDoH    897493
Name: Label, dtype: int64

Great! Let's verify that the columns are the same in each dataframe.

In [15]:
cols0 = df0.columns
cols1 = df1.columns
mismatch = False

for col in cols0:
    if col not in cols1:
        print('column missing from l1-nondoh: {}')
        mismatch = True
        
for col in cols1:
    if col not in cols0:
        print('column missing from l1-doh: {}')
        mismatch = True
        
if not mismatch:
    print('All columns match up!')

All columns match up!


Now, let's bring these separate dataframes into the same dataframe.

In [23]:
df = pd.concat([df0, df1])
df[dep_var].value_counts()

NonDoH    897493
DoH       269643
Name: Label, dtype: int64

In [24]:
df.head()

Unnamed: 0,SourceIP,DestinationIP,SourcePort,DestinationPort,TimeStamp,Duration,FlowBytesSent,FlowSentRate,FlowBytesReceived,FlowReceivedRate,...,PacketTimeCoefficientofVariation,ResponseTimeTimeVariance,ResponseTimeTimeStandardDeviation,ResponseTimeTimeMean,ResponseTimeTimeMedian,ResponseTimeTimeMode,ResponseTimeTimeSkewFromMedian,ResponseTimeTimeSkewFromMode,ResponseTimeTimeCoefficientofVariation,Label
0,192.168.20.191,176.103.130.131,50749,443,2020-01-14 15:49:11,95.08155,62311,655.342703,65358,687.388878,...,0.574626,0.001053,0.032457,0.027624,0.026854,0.026822,0.071187,0.024715,1.174948,DoH
1,192.168.20.191,176.103.130.131,50749,443,2020-01-14 15:50:52,122.309318,93828,767.136973,101232,827.672018,...,0.509047,0.00117,0.0342,0.024387,0.021043,0.026981,0.293297,-0.075845,1.402382,DoH
2,192.168.20.191,176.103.130.131,50749,443,2020-01-14 15:52:55,120.958413,38784,320.639127,38236,316.108645,...,0.732636,0.000785,0.028021,0.029238,0.026921,0.026855,0.248064,0.085061,0.958348,DoH
3,192.168.20.191,176.103.130.131,50749,443,2020-01-14 15:54:56,110.50108,61993,561.017141,69757,631.278898,...,0.646859,0.000411,0.020274,0.019925,0.019268,0.026918,0.097199,-0.344926,1.017535,DoH
4,176.103.130.131,192.168.20.191,443,50749,2020-01-14 15:56:46,54.229891,83641,1542.341289,76804,1416.266907,...,0.507334,0.079079,0.281209,0.02593,4.7e-05,2.1e-05,0.276133,0.092135,10.844829,DoH


Now, we need to sort out all of the nan values from the dataset.

In [25]:
print('There are {} columns and {} rows in the provided data.'.format(len(df.columns), len(df)))

There are 35 columns and 1167136 rows in the provided data.


In [26]:
df.dropna(axis='index', inplace=True)

In [27]:
print('There are {} columns and {} rows in the provided data.'.format(len(df.columns), len(df)))

There are 35 columns and 1159108 rows in the provided data.


Now, we can return the dataframe object. If the user wants `l2`, we simply change our data processing to manage `l2` files.